Security Advisories · nextcloud/security-advisories · GitHub

Security Advisories

View information about security vulnerabilities from this repository's maintainers.

Tables app allowed to include local file via PhpSpreadsheet when importing a table
GHSA-wpp5-4w35-pxq6 published Oct 16, 2025 by nickvergessen

Moderate
Insecure temporary file creation, race with write access and permission
GHSA-q568-2933-gcjq published May 16, 2025 by nickvergessen

Low
Test remote endpoint is not rate limited
GHSA-c7vq-m7f8-rx37 published May 16, 2025 by nickvergessen

Moderate
Bypass group folder quota limit using attachment in text file
GHSA-qqgg-hhfq-vhww published May 16, 2025 by nickvergessen

Moderate
Second factor not requested after session timeout
GHSA-9h3w-f3h4-qqrh published May 16, 2025 by nickvergessen

Moderate
3rdparty applications can create share links via socket API
GHSA-qm2f-959g-7p65 published May 16, 2025 by nickvergessen

Moderate
User password is available in memory of the PHP process
GHSA-w7v5-mgxm-v6gm published Nov 15, 2024 by nickvergessen

Low
Custom defined credentials of external storages are sent back to the frontend
GHSA-42w6-r45m-9w9j published Nov 15, 2024 by nickvergessen

Moderate
Potential hash collision for background jobs could skip queuing them
GHSA-2q6f-gjgj-7hp4 published Nov 15, 2024 by nickvergessen

Low
Link reference provider can be tricked into downloading bigger files than intended
GHSA-pxqf-cfxw-mqmj published Nov 15, 2024 by nickvergessen

Moderate