See https://github.com/nextcloud/server/blob/master/SECURITY.md
Security: nextcloud/security-advisories
Security
SECURITY.md
-
Bypass of image blocking in Nextcloud MailGHSA-6q9v-wm8r-rcv5 published
Oct 25, 2021 by LukasReschkeLow -
Secret Circle can be joined without approvalGHSA-56j9-3rj4-wvgm published
Sep 6, 2021 by LukasReschkeModerate -
Deck shared with a Circle can be accessed by non-Circle membersGHSA-4mxp-j277-82hr published
Sep 6, 2021 by LukasReschkeModerate -
Untrusted Search Path in Nextcloud Desktop ClientGHSA-6q2w-v879-q24v published
Aug 18, 2021 by LukasReschkeLow -
Preview generation used third-party library not suited for user-generated contentGHSA-m682-v4g9-wrq7 published
Sep 6, 2021 by LukasReschkeCritical -
Exceptions may have logged Encryption-at-Rest key contentGHSA-mcpf-v65v-359h published
Sep 6, 2021 by LukasReschkeLow -
Bypass of Two Factor AuthenticationGHSA-gv5w-8q25-785v published
Sep 6, 2021 by LukasReschkeHigh -
File Drop can be bypassed using Richdocuments appGHSA-pxhh-954f-8w7w published
Sep 6, 2021 by LukasReschkeHigh -
Lack of ratelimit on Richdocuments OCS endpointGHSA-gvvr-h36p-8mjx published
Sep 6, 2021 by LukasReschkeLow -
XSS in Nextcloud CirclesGHSA-hgpq-28gj-jrj9 published
Sep 6, 2021 by LukasReschkeLow
Learn more about advisories related to nextcloud/security-advisories in the GitHub Advisory Database