Security Advisories · nextcloud/security-advisories · GitHub

Security Advisories

View information about security vulnerabilities from this repository's maintainers.

Information disclosure via Desktop client when attempting to lock a file inside a end-to-end encrypted directory
GHSA-h9xj-qh76-q3hw published Dec 5, 2025 by nickvergessen

Low
Calendar attachments of local files are offered to downloaded
GHSA-f29c-ppmv-8mcv published Dec 5, 2025 by nickvergessen

Moderate
admin_audit does not log all actions on files in groupfolders
GHSA-ww9m-f8j4-jj9x published Dec 5, 2025 by nickvergessen

Moderate
Missing ownership check in Tables app allows moving columns into tables of other users
GHSA-w787-vwqp-8wr7 published Dec 5, 2025 by nickvergessen

Moderate
Tables app allowed users to view columns metadata information of any table
GHSA-p53h-6294-crjw published Dec 5, 2025 by nickvergessen

Moderate
Stored XSS in contacts app via organisation and title field
GHSA-9v78-cpfc-v6h2 published Dec 5, 2025 by nickvergessen

Low
Participants were able to blindly delete poll drafts of other users by ID
GHSA-pr9f-vqgg-m2jh published Dec 5, 2025 by nickvergessen

Low
Deck app allowed user with "Can share" permission to modify permissions of other non-owners
GHSA-wwr8-hx9g-rjvv published Dec 5, 2025 by nickvergessen

Moderate
WebAuthn app was updated based on public key
GHSA-fr8x-mvjg-wf9q published Dec 5, 2025 by nickvergessen

Low
Development files shipped in files_pdfviewer app
GHSA-24wp-p865-7j4r published Dec 5, 2025 by nickvergessen

Moderate