mattermost
607 tracked vulnerabilities.
CVE-2025-58084
LOW
Mattermost Desktop App <=5.13.0 - SSRF
Oct 13, 2025
CVSS 3.5
EPSS 0.00
CVE-2025-9081
LOW
Mattermost <10.5.8, <9.11.17 - Info Disclosure
Sep 19, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-9079
HIGH
Mattermost <10.8.4 - Code Injection
Sep 19, 2025
CVSS 8.0
EPSS 0.01
CVE-2025-9084
LOW
Mattermost 10.5.0-10.5.9 - Open Redirect via OAuth Login URL
Sep 15, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-9072
HIGH
Mattermost <10.10.1-10.5.9-10.9.4 - Open Redirect
Sep 15, 2025
CVSS 7.6
EPSS 0.00
CVE-2025-9078
MEDIUM
Mattermost <10.8.4 - Info Disclosure
Sep 15, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-9076
MEDIUM
Mattermost <10.10.2 - Info Disclosure
Sep 15, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-8402
MEDIUM
Mattermost 9.11.0-9.11.17 10.5.0-10.5.8 10.8.0-10.8.3 10.9.0-10.9.3 10.10.0 - Denial of Service via Bulk Import Feature
Aug 21, 2025
CVSS 4.9
EPSS 0.00
CVE-2025-6465
MEDIUM
Mattermost 10.5.0-10.5.8, 10.8.0-10.8.3, 10.9.0-10.9.3, 10.10.0 - Path Traversal & Arbitrary File Write
Aug 21, 2025
CVSS 4.3
EPSS 0.01
CVE-2025-8023
MEDIUM
Mattermost 9.11.0-9.11.17 10.5.0-10.5.8 10.8.0-10.8.3 10.9.0-10.9.2 - Path Traversal via Template File
Aug 21, 2025
CVSS 6.8
EPSS 0.00
CVE-2025-53971
LOW
Mattermost 9.11.0-9.11.17 and 10.5.0-10.5.8 - Incorrect Authorization via Team Scheme Role Modification API
Aug 21, 2025
CVSS 3.8
EPSS 0.00
CVE-2025-49810
LOW
Mattermost 10.5.0-10.5.8 - Incorrect Authorization in AI Posts Thread Access
Aug 21, 2025
CVSS 3.5
EPSS 0.00
CVE-2025-49222
MEDIUM
Mattermost Server < 9.11.18 - Unrestricted File Upload
Aug 21, 2025
CVSS 6.8
EPSS 0.00
CVE-2025-47870
MEDIUM
Mattermost 9.11.0-9.11.17 10.5.0-10.5.8 10.8.0-10.8.3 10.9.0-10.9.2 - Team Invite ID Exposure via Restore Endpoint
Aug 21, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-47700
LOW
Mattermost Server 10.5.0-10.5.9 - Server-Side Request Forgery via Empty Request Body Handling
Aug 21, 2025
CVSS 3.5
EPSS 0.00
CVE-2025-36530
MEDIUM
Mattermost 9.11.0-9.11.17 10.5.0-10.5.8 10.8.0-10.8.3 10.9.0-10.9.1 - Authenticated Path Traversal via Plugin Import
Aug 21, 2025
CVSS 6.8
EPSS 0.00
CVE-2025-8285
MEDIUM
Mattermost Confluence Plugin < 1.5.0 - Missing Authorization via Channel Subscription API
Aug 11, 2025
CVSS 4.0
EPSS 0.00
CVE-2025-54525
HIGH
Mattermost Confluence Plugin <1.5.0 - DoS
Aug 11, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-54478
HIGH
Mattermost Confluence Plugin < 1.5.0 - Unauthenticated Channel Subscription Modification via API
Aug 11, 2025
CVSS 7.2
EPSS 0.00
CVE-2025-54463
MEDIUM
Mattermost Confluence Plugin < 1.5.0 - Denial of Service via Invalid Request Body
Aug 11, 2025
CVSS 5.9
EPSS 0.00
CVE-2025-54458
MEDIUM
Mattermost Confluence Plugin < 1.5.0 - Missing Authorization via Create Subscription Endpoint
Aug 11, 2025
CVSS 5.0
EPSS 0.00
CVE-2025-53910
MEDIUM
Mattermost Confluence Plugin <1.5.0 - Info Disclosure
Aug 11, 2025
CVSS 4.0
EPSS 0.00
CVE-2025-53857
LOW
Mattermost Confluence Plugin <1.5.0 - Info Disclosure
Aug 11, 2025
CVSS 3.7
EPSS 0.00
CVE-2025-53514
MEDIUM
Mattermost Confluence Plugin <1.5.0 - DoS
Aug 11, 2025
CVSS 5.9
EPSS 0.00
CVE-2025-52931
HIGH
Mattermost Confluence Plugin < 1.5.0 - Denial of Service via Invalid Request Body
Aug 11, 2025
CVSS 7.5
EPSS 0.00
Products
mattermost_server 451
mattermost 250
mattermost-server 212
Mattermost 104
mattermost_desktop 28
mattermost_mobile 20
confluence 14
mattermost-plugin-confluence 14
mattermost-plugin-playbooks 6
mattermost-plugin-github 4
mattermost-plugin-msteams 4
mattermost-plugin-calls 3
mattermost-plugin-jira 3
Focalboard 2
focalboard 2
mattermost-plugin-boards 2
mattermost-plugin-zoom 2
mattermost_boards 2
ms_teams 2
playbooks 2
zoom 2
Mattermost Google Drive Plugin 1
channel_export 1
github.com/mattermost/mattermost/server/public 1
legal_hold 1
mattermost-plugin-channel-export 1
mattermost-plugin-msteams-meetings 1
mattermost_channel_export 1
mattermost_packages 1
mattermost_plugins 1
Quick Filters