CVE-2025-20621 unknown —
—
1y ago
Mattermost webapp crash via a crafted post in github.com/mattermost/mattermost-server
golang
CVE-2025-20086 unknown —
—
1y ago
Mattermost fails to properly validate post props in github.com/mattermost/mattermost-server
golang
CVE-2025-20088 unknown —
—
1y ago
Mattermost fails to properly validate post props in github.com/mattermost/mattermost-server
golang
CVE-2025-21088 unknown —
—
1y ago
Mattermost Incorrect Type Conversion or Cast in github.com/mattermost/mattermost-server
golang
CVE-2025-22449 unknown —
—
1y ago
Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost-server
golang
CVE-2025-20033 unknown —
—
1y ago
Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
golang
CVE-2025-22445 unknown —
—
1y ago
Mattermost has Improper Check for Unusual or Exceptional Conditions in github.com/mattermost/mattermost-server
golang
CVE-2024-54083 unknown —
—
2y ago
Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
golang
CVE-2024-48872 unknown —
—
2y ago
Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
golang
CVE-2024-54682 unknown —
—
2y ago
Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
golang
CVE-2024-47401 unknown —
—
2y ago
Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
golang
CVE-2024-10241 unknown —
—
2y ago
Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
golang
CVE-2024-50052 unknown —
—
2y ago
Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
golang
CVE-2024-46872 unknown —
—
2y ago
Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
golang
CVE-2024-10214 unknown —
—
2y ago
Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
golang
CVE-2024-47003 unknown —
—
2y ago
Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
golang
CVE-2024-43780 unknown —
—
2y ago
Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
golang
CVE-2024-42497 unknown —
—
2y ago
Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
golang
CVE-2024-40884 unknown —
—
2y ago
Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
golang
CVE-2024-32939 unknown —
—
2y ago
Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
golang
CVE-2024-39836 unknown —
—
2y ago
Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
golang
CVE-2024-40886 unknown —
—
2y ago
Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
golang
CVE-2024-8071 unknown —
—
2y ago
Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
golang
CVE-2024-39839 unknown —
—
2y ago
Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
golang
CVE-2024-41926 unknown —
—
2y ago
Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
golang
CVE-2024-41162 unknown —
—
2y ago
Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
golang
CVE-2024-41144 unknown —
—
2y ago
Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
golang
CVE-2024-39837 unknown —
—
2y ago
Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
golang
CVE-2024-39832 unknown —
—
2y ago
Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
golang
CVE-2024-39777 unknown —
—
2y ago
Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
golang
CVE-2024-29977 unknown —
—
2y ago
Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
golang
CVE-2024-36492 unknown —
—
2y ago
Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
golang
CVE-2024-39274 unknown —
—
2y ago
Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
golang
CVE-2024-2447 unknown —
—
2y ago
Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
golang
CVE-2024-28949 unknown —
—
2y ago
Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
golang
CVE-2024-29221 unknown —
—
2y ago
Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
golang
CVE-2024-21848 unknown —
—
2y ago
Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
golang
CVE-2024-28053 unknown —
—
2y ago
Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
golang
CVE-2024-1953 unknown —
—
2y ago
Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
golang
CVE-2024-1949 unknown —
—
2y ago
Mattermost race condition in github.com/mattermost/mattermost-server
golang
CVE-2024-1942 unknown —
—
2y ago
Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
golang
CVE-2024-1952 unknown —
—
2y ago
Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
golang
CVE-2024-1887 unknown —
—
2y ago
Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
golang
CVE-2024-24988 unknown —
—
2y ago
Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
golang
CVE-2024-23493 unknown —
—
2y ago
Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
golang
CVE-2024-23488 unknown —
—
2y ago
Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
golang
CVE-2024-1888 unknown —
—
2y ago
Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
golang
CVE-2024-1402 unknown —
—
2y ago
Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
golang
CVE-2024-24776 unknown —
—
2y ago
Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
golang
CVE-2023-47858 unknown —
—
2y ago
Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
golang
CVE-2023-50333 unknown —
—
2y ago
Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
golang
CVE-2023-48732 unknown —
—
2y ago
Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
golang
CVE-2023-7113 unknown —
—
2y ago
Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
golang
CVE-2023-5968 unknown —
—
3y ago
Mattermost password hash disclosure vulnerability
golang
CVE-2023-1775 unknown —
—
3y ago
Mattermost vulnerable to information disclosure
golang
CVE-2023-1776 unknown —
—
3y ago
Mattermost vulnerable to cross-site scripting (XSS)
golang
CVE-2023-1774 unknown —
—
3y ago
Mattermost fails to properly authentication inviter's permissions to private channel
golang
CVE-2022-2401 unknown —
—
4y ago
Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
golang
CVE-2020-14457 unknown —
—
4y ago
Mattermost Server Sensitive Data Exposure in github.com/mattermost/mattermost
golang
CVE-2018-21258 unknown —
—
4y ago
Mattermost Server is vulnerable to a Denial of Service attack through `invite_people` command in github.com/mattermost/mattermost-server
golang
CVE-2022-1384 unknown —
—
4y ago
Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
golang
CVE-2022-1385 unknown —
—
4y ago
Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
golang
CVE-2022-1332 unknown —
—
4y ago
Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
golang
CVE-2022-1337 unknown —
—
4y ago
Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
golang