See https://github.com/nextcloud/server/blob/master/SECURITY.md
Security: nextcloud/security-advisories
Security
SECURITY.md
-
Mail app does not respect download permissions in sharesGHSA-pwpp-fvcr-w862 published
Nov 15, 2024 by nickvergessenLow -
Desktop client behaves incorrectly if the initial end-to-end-encryption signature is emptyGHSA-r4qc-m9mj-452v published
Nov 15, 2024 by nickvergessenModerate -
Desktop client created folders with world-readable and world-writable permissions on LinuxGHSA-hw3v-8vvq-5645 published
Nov 15, 2024 by nickvergessenModerate -
Code injection in Nextcloud Desktop Client for macOSGHSA-4mf7-v63m-99p7 published
Jun 14, 2024 by nickvergessenLow -
Users can delete old versions of read-only shared filesGHSA-xwgx-f37p-xh8c published
Jun 14, 2024 by nickvergessenLow -
Can access comments and attachments of deleted cardsGHSA-x45g-vx69-r9m8 published
Jun 14, 2024 by nickvergessenModerate -
Can reshare read&share only folder with more permissionsGHSA-jjm3-j9xh-5xmq published
Jun 14, 2024 by nickvergessenModerate -
Notes app can be tricked into using a received share created before the user logged inGHSA-wfqv-cx85-7rjx published
Jun 14, 2024 by nickvergessenModerate -
ID4me does not validate signature or expirationGHSA-vw5h-29xf-g55g published
Jun 14, 2024 by nickvergessenModerate -
Missing permission check when removing a photo from an albumGHSA-9chh-5prm-wp43 published
Jun 14, 2024 by nickvergessenLow
Learn more about advisories related to nextcloud/security-advisories in the GitHub Advisory Database