| CVE-2025-2527 |
unknown |
— |
— |
|
|
|
1y ago |
Mattermost Fails to Verify User's Permissions When Accessing Groups in github.com/mattermost/mattermost-server |
| CVE-2025-3446 |
unknown |
— |
— |
|
|
|
1y ago |
Mattermost Fails to Validate Team Invite Permissions in github.com/mattermost/mattermost-server |
| CVE-2025-31947 |
unknown |
— |
— |
|
|
|
1y ago |
Mattermost Fails to Lockout LDAP Users After Repeated Login Failures in github.com/mattermost/mattermost-server |
| CVE-2025-35965 |
unknown |
— |
— |
|
|
|
1y ago |
Mattermost Playbooks fails to validate the uniqueness and quantity of task actions in github.com/mattermost/mattermost-plugin-playbooks |
| CVE-2025-41423 |
unknown |
— |
— |
|
|
|
1y ago |
Mattermost Playbooks fails to properly validate permissions in github.com/mattermost/mattermost-plugin-playbooks |
| CVE-2025-41395 |
unknown |
— |
— |
|
|
|
1y ago |
Mattermost Playbooks fails to properly validate the props used by the RetrospectivePost custom post type in github.com/mattermost/mattermost-plugin-playbooks |
| CVE-2025-2564 |
unknown |
— |
— |
|
|
|
1y ago |
Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost-server |
| CVE-2025-31363 |
unknown |
— |
— |
|
|
|
1y ago |
Mattermost doesn't restrict domains LLM can request to contact upstream in github.com/mattermost/mattermost-server |
| CVE-2025-27936 |
unknown |
— |
— |
|
|
|
1y ago |
Mattermost vulnerable to Observable Timing Discrepancy in github.com/mattermost/mattermost-plugin-msteams |
| CVE-2025-24839 |
unknown |
— |
— |
|
|
|
1y ago |
Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost-server |
| CVE-2025-27538 |
unknown |
— |
— |
|
|
|
1y ago |
Mattermost Missing Authentication for Critical Function in github.com/mattermost/mattermost-server |
| CVE-2025-27571 |
unknown |
— |
— |
|
|
|
1y ago |
Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost-server |
| CVE-2025-2424 |
unknown |
— |
— |
|
|
|
1y ago |
Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost-server |
| CVE-2025-2475 |
unknown |
— |
— |
|
|
|
1y ago |
Mattermost vulnerable to Incorrect Implementation of Authentication Algorithm in github.com/mattermost/mattermost-server |
| CVE-2025-32093 |
unknown |
— |
— |
|
|
|
1y ago |
Mattermost Fails to Restrict Certain Operations on System Admins in github.com/mattermost/mattermost-server |
| CVE-2025-24866 |
unknown |
— |
— |
|
|
|
1y ago |
Mattermost Fails to Enforce Proper Access Controls on `/api/v4/audits` Endpoint in github.com/mattermost/mattermost-server |
| CVE-2025-27715 |
unknown |
— |
— |
|
|
|
1y ago |
Mattermost fail to prompt for explicit approval before adding a team admin to a private channel in github.com/mattermost/mattermost-server |
| CVE-2025-27933 |
unknown |
— |
— |
|
|
|
1y ago |
Mattermost allows members with permission to convert public channels to private and convert private to public in github.com/mattermost/mattermost-server |
| CVE-2025-30179 |
unknown |
— |
— |
|
|
|
1y ago |
Mattermost Fails to Enforce Certain Search APIs in github.com/mattermost/mattermost-server |
| CVE-2025-25068 |
unknown |
— |
— |
|
|
|
1y ago |
Mattermost Fails to Enforce MFA on Plugin Endpoints in github.com/mattermost/mattermost-server |
| CVE-2025-24920 |
unknown |
— |
— |
|
|
|
1y ago |
Mattermost Fails to Restrict Bookmark Creation and Updates in Archived Channels in github.com/mattermost/mattermost-server |
| CVE-2025-25274 |
unknown |
— |
— |
|
|
|
1y ago |
Mattermost Fails to Restrict Command Execution in Archived Channels in github.com/mattermost/mattermost-server |
| CVE-2025-1472 |
unknown |
— |
— |
|
|
|
1y ago |
Mattermost Fails to Properly Perform Viewer Role Authorization in github.com/mattermost/mattermost-server |
| CVE-2025-25279 |
unknown |
— |
— |
|
|
|
1y ago |
Mattermost allows reading arbitrary files related to importing boards in github.com/mattermost/mattermost-server |
| CVE-2025-24526 |
unknown |
— |
— |
|
|
|
1y ago |
Mattermost fails to restrict channel export of archived channels in github.com/mattermost/mattermost-server |
| CVE-2025-20051 |
unknown |
— |
— |
|
|
|
1y ago |
Mattermost allows reading arbitrary files in github.com/mattermost/mattermost-server |
| CVE-2025-1412 |
unknown |
— |
— |
|
|
|
1y ago |
Mattermost fails to invalidate all active sessions when converting a user to a bot in github.com/mattermost/mattermost-server |
| CVE-2025-20621 |
unknown |
— |
— |
|
|
|
1y ago |
Mattermost webapp crash via a crafted post in github.com/mattermost/mattermost-server |
| CVE-2025-20086 |
unknown |
— |
— |
|
|
|
1y ago |
Mattermost fails to properly validate post props in github.com/mattermost/mattermost-server |
| CVE-2025-20088 |
unknown |
— |
— |
|
|
|
1y ago |
Mattermost fails to properly validate post props in github.com/mattermost/mattermost-server |
| CVE-2025-21088 |
unknown |
— |
— |
|
|
|
1y ago |
Mattermost Incorrect Type Conversion or Cast in github.com/mattermost/mattermost-server |
| CVE-2025-20033 |
unknown |
— |
— |
|
|
|
1y ago |
Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server |
| CVE-2025-22445 |
unknown |
— |
— |
|
|
|
1y ago |
Mattermost has Improper Check for Unusual or Exceptional Conditions in github.com/mattermost/mattermost-server |
| CVE-2025-22449 |
unknown |
— |
— |
|
|
|
1y ago |
Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost-server |
| CVE-2024-54083 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server |
| CVE-2024-48872 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server |
| CVE-2024-54682 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server |
| CVE-2024-50052 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server |
| CVE-2024-47401 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server |
| CVE-2024-46872 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server |
| CVE-2024-10241 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server |
| CVE-2024-10214 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server |
| CVE-2024-47003 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server |
| CVE-2024-42497 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server |
| CVE-2024-43780 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server |
| CVE-2024-40884 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server |
| CVE-2024-8071 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server |
| CVE-2024-39836 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server |
| CVE-2024-32939 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server |
| CVE-2024-40886 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server |
| CVE-2024-39839 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server |
| CVE-2024-41926 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server |
| CVE-2024-41144 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server |
| CVE-2024-39832 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server |
| CVE-2024-39837 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server |
| CVE-2024-41162 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server |
| CVE-2024-39777 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server |
| CVE-2024-29977 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server |
| CVE-2024-39274 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server |
| CVE-2024-36492 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server |
| CVE-2024-4195 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost allows team admins to promote guests to team admins in github.com/mattermost/mattermost-server |
| CVE-2024-32046 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost's detailed error messages reveal the full file path in github.com/mattermost/mattermost-server |
| CVE-2024-22091 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost fails to limit the size of a request path in github.com/mattermost/mattermost-server |
| CVE-2024-4198 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost fails to fully validate role changes in github.com/mattermost/mattermost-server |
| CVE-2024-4182 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost crashes web clients via a malformed custom status in github.com/mattermost/mattermost-server |
| CVE-2024-4183 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost fails to limit the number of active sessions in github.com/mattermost/mattermost-server |
| CVE-2024-28949 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server |
| CVE-2024-2447 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server |
| CVE-2024-29221 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server |
| CVE-2024-21848 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server |
| CVE-2024-28053 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server |
| CVE-2024-1952 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server |
| CVE-2024-1949 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost race condition in github.com/mattermost/mattermost-server |
| CVE-2024-1942 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server |
| CVE-2024-1953 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server |
| CVE-2024-23488 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server |
| CVE-2024-1887 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server |
| CVE-2024-1888 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server |
| CVE-2024-24988 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server |
| CVE-2024-23493 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server |
| CVE-2024-1402 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server |
| CVE-2024-24776 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server |
| CVE-2023-47858 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server |
| CVE-2023-48732 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server |
| CVE-2023-50333 |
unknown |
— |
— |
|
|
|
2y ago |
Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server |
| CVE-2023-7113 |
unknown |
— |
— |
|
|
|
3y ago |
Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server |
| CVE-2023-5968 |
unknown |
— |
— |
|
|
|
3y ago |
Mattermost password hash disclosure vulnerability |
| CVE-2023-1776 |
unknown |
— |
— |
|
|
|
3y ago |
Mattermost vulnerable to cross-site scripting (XSS) |
| CVE-2023-1774 |
unknown |
— |
— |
|
|
|
3y ago |
Mattermost fails to properly authentication inviter's permissions to private channel |
| CVE-2023-1775 |
unknown |
— |
— |
|
|
|
3y ago |
Mattermost vulnerable to information disclosure |
| CVE-2023-1777 |
unknown |
— |
— |
|
|
|
3y ago |
Mattermost vulnerable to information disclosure |
| CVE-2022-4045 |
unknown |
— |
— |
|
|
|
4y ago |
Denial of service in Mattermost |
| CVE-2022-4044 |
unknown |
— |
— |
|
|
|
4y ago |
Denial of service in Mattermost |
| CVE-2022-2401 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server |
| CVE-2022-1982 |
unknown |
— |
— |
|
|
|
4y ago |
Uncontrolled Resource Consumption in Mattermost server |
| CVE-2020-14457 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server Sensitive Data Exposure in github.com/mattermost/mattermost |
| CVE-2018-21258 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server is vulnerable to a Denial of Service attack through `invite_people` command in github.com/mattermost/mattermost-server |
| CVE-2017-18916 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server has Improper Authorization for Integration Requests in github.com/mattermost/mattermost-server |
| CVE-2017-18912 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server allows an attacker to specify a full pathname of a log file in github.com/mattermost/mattermost-server |
| CVE-2017-18911 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server has X.509 Improper Certificate Validation in github.com/mattermost/mattermost-server |
