See https://github.com/nextcloud/server/blob/master/SECURITY.md
Security: nextcloud/security-advisories
Security
SECURITY.md
-
Can download "view-only" files with the Files ZIP appGHSA-vhj3-mch4-67fq published
Jan 18, 2024 by nickvergessenModerate -
OAuth2 authorization codes are valid indefinetlyGHSA-wppc-f5g8-vx36 published
Jan 18, 2024 by nickvergessenLow -
Improper handling of request URLs in Guests app allows guest users to bypass app allowlistGHSA-v3qw-7vgv-2fxj published
Jan 18, 2024 by nickvergessenModerate -
All users can reset the allowed apps list for Guest App usersGHSA-wr87-hx3w-29hh published
Jan 18, 2024 by nickvergessenModerate -
Open redirect in user_saml via RelayState parameterGHSA-622q-xhfr-xmv7 published
Jan 18, 2024 by nickvergessenLow -
Self XSS when sending HTML as a comment in the Deck appGHSA-mg7w-x9fm-9wwc published
Jan 18, 2024 by nickvergessenLow -
Bruteforce protection can be bypassed with misconfigured proxyGHSA-5j2p-q736-hw98 published
Dec 18, 2023 by nickvergessenModerate -
Workflows do not require password confirmation on API levelGHSA-3f8p-6qww-2prr published
Dec 18, 2023 by nickvergessenModerate -
App PIN code can be bypassed in Files iOSGHSA-j8g7-88vv-rggv published
Dec 18, 2023 by nickvergessenModerate -
Calendar app returns full stacktrace when an error happens while editing appointmentGHSA-fv3c-qvjr-5rv8 published
Dec 18, 2023 by nickvergessenLow
Learn more about advisories related to nextcloud/security-advisories in the GitHub Advisory Database