| CVE-2026-5467 |
medium |
6.1 |
6.1 |
|
|
|
2mo ago |
Casdoor vulnerable to Open Redirect |
| CVE-2026-5468 |
medium |
5.4 |
5.4 |
|
|
|
2mo ago |
Casdoor vulnerable to Stored XSS via Application formCss / formSideHtml |
| CVE-2023-34927 |
unknown |
— |
1.0 |
|
|
|
3y ago |
Casdoor Cross-Site Request Forgery vulnerability |
| CVE-2022-24124 |
unknown |
— |
1.0 |
|
|
|
4y ago |
SQL Injection in Casdoor in github.com/casdoor/casdoor |
| CVE-2026-5469 |
unknown |
— |
— |
|
|
|
2mo ago |
Casdoor vulnerable to SSRF via crafted Webhook URL |
| CVE-2025-61524 |
unknown |
— |
— |
|
|
|
8mo ago |
Casdoor is vulnerable to Improper Authorization in github.com/casdoor/casdoor |
| CVE-2025-4210 |
unknown |
— |
— |
|
|
|
1y ago |
Casdoor SCIM User Creation Endpoint scim.go HandleScim authorization in github.com/casdoor/casdoor |
| CVE-2024-41658 |
unknown |
— |
— |
|
|
|
2y ago |
Casdoor has reflected XSS in QrCodePage.js (GHSL-2024-036) in github.com/casdoor/casdoor |
| CVE-2024-41657 |
unknown |
— |
— |
|
|
|
2y ago |
Casdoor CORS misconfiguration (GHSL-2024-035) in github.com/casdoor/casdoor |
| CVE-2024-41264 |
unknown |
— |
— |
|
|
|
2y ago |
casdoor's use of`ssh.InsecureIgnoreHostKey()` disables host key verification in github.com/casdoor/casdoor |
| CVE-2022-44942 |
unknown |
— |
— |
|
|
|
4y ago |
Casdoor arbitrary file deletion vulnerability via uploadFile function in github.com/casdoor/casdoor |
| CVE-2022-38638 |
unknown |
— |
— |
|
|
|
4y ago |
Casdoor arbitrary file write vulnerability in github.com/casdoor/casdoor |