Security Advisories · nextcloud/security-advisories · GitHub

Security Advisories

View information about security vulnerabilities from this repository's maintainers.

Calendar app used predictable proposal participant tokens
GHSA-whm3-vv55-gf27 published Dec 5, 2025 by nickvergessen

Moderate
XSS in SVG images when opened outside of Nextcloud
GHSA-qcw2-p26m-9gc5 published Dec 5, 2025 by nickvergessen

Moderate
Mail stored HTML injection in subject text
GHSA-v394-8gpc-6fv5 published Dec 5, 2025 by nickvergessen

Low
Tables app share information not limited to relevant users
GHSA-2cwj-qp49-4xfw published Dec 5, 2025 by nickvergessen

Moderate
Contacts search allowed users to retrieve contact information of other users beyond their contact list
GHSA-495w-cqv6-wr59 published Dec 5, 2025 by nickvergessen

Moderate
Users with read-only permissions for team folder can restore deleted files from trash bin
GHSA-2vrq-fhmf-c49m published Dec 5, 2025 by nickvergessen

Low
Approval app allows users to request approval for other users file
GHSA-q26g-fmjq-x5g5 published Dec 5, 2025 by nickvergessen

Low
Calendar app allowed booking appointments without the generated token
GHSA-7x2j-2674-fj95 published Dec 5, 2025 by nickvergessen

Low
Users can modify tags on files that do not belong to them
GHSA-hq6c-r898-fgf2 published Dec 5, 2025 by nickvergessen

Moderate
Deck app allows to spoof file extensions by using RTLO characters
GHSA-xjvq-xvr7-xpg6 published Dec 5, 2025 by nickvergessen

Low