100 Total advisories
100 Vulnerabilities
0 Malware
Vulnerabilities
UNKNOWN
CVE-2026-26246
Mattermost fails to bound memory allocation when processing PSD image files in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2026-25783
Mattermost fails to properly validate User-Agent header tokens in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2026-2456
Mattermost fails to limit the size of responses from integration action endpoints in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2026-22545
Mattermost fails to validate user's authentication method when processing account auth type switch in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2026-21386
Mattermost fails to use consistent error responses when handling the /mute command in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2026-4265
Mattermost fails to validate team-specific upload_file permissions in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2026-2455
Mattermost fails to canonicalize IPv4-mapped IPv6 addresses before reserved IP validation in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2026-2578
Mattermost fails to preserve the redacted state of burn-on-read posts during deletion in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2026-24458
Mattermost fails to properly handle very long passwords in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2026-25780
Mattermost fails to bound memory allocation when processing DOC files in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2026-2457
Mattermost allows attackers to spoof permalink embeds in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2026-24692
Mattermost fails to properly enforce read permissions in search API endpoints in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2026-2463
Mattermost fails to filter invite IDs based on user permissions in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2026-2458
Mattermost allows a removed team member to enumerate all public channels within a private team in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-14273
Mattermost with Jira plugin enabled has Incorrect Implementation of Authentication Algorithm in github.com/mattermost/mattermost-plugin-jira
UNKNOWN
CVE-2025-13352
Mattermost GitHub Plugin Bot Identity Validation Bypass Allows Arbitrary GitHub Reaction Injection in github.com/mattermost/mattermost
UNKNOWN
CVE-2025-13324
Mattermost has an Invite Token Replay Vulnerability via Channel Membership Manipulation in github.com/mattermost/mattermost
UNKNOWN
CVE-2025-62690
Mattermost has missing redirect URL validation in github.com/mattermost/mattermost
UNKNOWN
CVE-2025-13870
Mattermost fails to validate user permissions in Boards in github.com/mattermost/mattermost
UNKNOWN
CVE-2025-12421
Mattermost fails to to verify the token used during code exchange in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-12756
Mattermost fails to validate user permissions when deleting comments in Boards in github.com/mattermost/mattermost
UNKNOWN
CVE-2025-12559
Mattermost fails to sanitize team email addresses in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-12419
Mattermost fails to properly validate OAuth state tokens during OpenID Connect authentication in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-41436
Mattermost allows regular users to access archived channel content and files in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2018-21258
Mattermost Server is vulnerable to a Denial of Service attack through `invite_people` command in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-55070
Mattermost does not enforce MFA on WebSocket connections in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-55073
Mattermost allows an attacker to edit arbitrary posts via a crafted MSTeams plugin OAuth redirect URL in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-55074
Mattermost allows other users to determine when users had read channels via channel member objects in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-11794
Mattermost allows system administrators to access password hashes and MFA secrets in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-11776
Mattermost fails to properly restrict access to archived channel search API in github.com/mattermost/mattermost
UNKNOWN
CVE-2025-11777
Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost
UNKNOWN
CVE-2025-9081
Mattermost boards plugin fails to restrict download access to files in github.com/mattermost/mattermost-plugin-boards
UNKNOWN
CVE-2025-9079
Mattermost Path Traversal vulnerability in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-6465
Mattermost Fails to Sanitize File Names in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-46702
Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-3228
Mattermost allows an unauthorized Guest user access to Playbook in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-47871
Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-4981
Mattermost allows authenticated users to write files to arbitrary locations in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-3230
Mattermost fails to properly invalidate personal access tokens upon user deactivation in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-3913
Mattermost improperly allows team administrators to modify team invites in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-2571
Mattermost fails to clear Google OAuth credentials in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-2527
Mattermost Fails to Verify User's Permissions When Accessing Groups in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-58075
Mattermost has a Missing Authorization vulnerability in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-54499
Mattermost has an Observable Timing Discrepancy vulnerability in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-10545
Mattermost has an Incorrect Authorization vulnerability in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-58073
Mattermost has a Missing Authorization vulnerability in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-41410
Mattermost has a Missing Authorization vulnerability in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-9076
Mattermost Missing Authorization vulnerability in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-9084
Mattermost Open Redirect vulnerability in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-9078
Mattermost makes Use of Weak Hash in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-9072
Mattermost Open Redirect vulnerability in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-8402
Mattermost has Potential Server Crash due to Unvalidated Import Data in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-47700
Mattermost Server SSRF Vulnerability via the Agents Plugin in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-8023
Mattermost Fails to Sanitize Path Traversal Sequences in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-47870
Mattermost Does Not Sanitize the Team Invite ID in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-49222
Mattermost Fails to Validate Remote Cluster Upload Sessions in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-49810
Mattermost Lack of Access Control Validation in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-53971
Mattermost Fails to Properly Validate Team Role Modification in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-36530
Mattermost Fails to Validate File Paths in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-6233
Mattermost Path Traversal vulnerability in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-6226
Mattermost Missing Authentication for Critical Function in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-6227
Mattermost has Insufficiently Protected Credentials in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-3227
Mattermost allows unauthorized channel member management through playbook runs in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-4128
Mattermost allows guest users to view information about public teams they are not members of in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-4573
Mattermost allows authenticated administrator to execute LDAP search filter injection in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-2570
Mattermost Fails to Check User Access to `ExperimentalSettings` in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-31947
Mattermost Fails to Lockout LDAP Users After Repeated Login Failures in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-3446
Mattermost Fails to Validate Team Invite Permissions in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-27715
Mattermost fail to prompt for explicit approval before adding a team admin to a private channel in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-24920
Mattermost Fails to Restrict Bookmark Creation and Updates in Archived Channels in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-25068
Mattermost Fails to Enforce MFA on Plugin Endpoints in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-30179
Mattermost Fails to Enforce Certain Search APIs in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-25274
Mattermost Fails to Restrict Command Execution in Archived Channels in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2025-1472
Mattermost Fails to Properly Perform Viewer Role Authorization in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2024-54682
Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2024-48872
Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2024-54083
Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2024-28053
Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2024-39836
Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2024-40886
Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2024-8071
Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2024-40884
Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2024-43780
Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2024-32939
Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2024-42497
Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2024-39777
Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2024-39837
Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2024-39274
Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2024-29977
Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2024-41162
Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2024-41144
Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2024-39839
Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2024-2447
Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2024-28949
Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2020-14457
Mattermost Server Sensitive Data Exposure in github.com/mattermost/mattermost
UNKNOWN
CVE-2024-36492
Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2024-41926
Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2024-39832
Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2024-29221
Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
UNKNOWN
CVE-2022-1332
Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Ready to move
Start Securing
Free, no credit card | First findings in minutes