Package impact
Go / github.com/mattermost/mattermost-plugin-calls
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-6347 | high | 7.6 | 7.6 | 17d ago | Mattermost doesn't sanitize sensitive configuration fields in the Mattermost Calls plugin | |||
| CVE-2025-12689 | unknown | — | — | 6mo ago | Mattermost fails to check Websocket request for proper UTF-8 format potentially crashing Calls plug-in in github.com/mattermost/mattermost-plugin-calls | |||
| CVE-2025-62190 | unknown | — | — | 6mo ago | Mattermost has CSRF vulnerability via Calls Widget page in github.com/mattermost/mattermost-plugin-calls |