See https://github.com/nextcloud/server/blob/master/SECURITY.md
Security: nextcloud/security-advisories
Security
SECURITY.md
-
User password is available in memory of the PHP processGHSA-w7v5-mgxm-v6gm published
Nov 15, 2024 by nickvergessenLow -
Custom defined credentials of external storages are sent back to the frontendGHSA-42w6-r45m-9w9j published
Nov 15, 2024 by nickvergessenModerate -
Potential hash collision for background jobs could skip queuing themGHSA-2q6f-gjgj-7hp4 published
Nov 15, 2024 by nickvergessenLow -
Link reference provider can be tricked into downloading bigger files than intendedGHSA-pxqf-cfxw-mqmj published
Nov 15, 2024 by nickvergessenModerate -
OAuth2 client secrets were stored in a recoverable wayGHSA-fvpc-8hq6-jgq2 published
Nov 15, 2024 by nickvergessenLow -
Missing password confirmation when changing external storage optionsGHSA-vrhf-532w-99rg published
Nov 15, 2024 by nickvergessenModerate -
Global credentials of external storages are sent back to the frontendGHSA-x9q3-c7f8-3rcg published
Nov 15, 2024 by nickvergessenModerate -
Shares are not removed when user is limited to share with in their groups and being removed from one of themGHSA-35gc-jc6x-29cm published
Nov 15, 2024 by nickvergessenLow -
Incomplete sanitization of SVG files allows to embed other images into previewsGHSA-5m5g-hw8c-2236 published
Nov 15, 2024 by nickvergessenModerate -
User can copy folder that contain files that are blocked by the files access controlGHSA-g8pr-g25r-58xj published
Nov 15, 2024 by nickvergessenModerate
Learn more about advisories related to nextcloud/security-advisories in the GitHub Advisory Database