Security
Headlines

Headlines Latest CVEs

Headline

GHSA-j5vq-62gr-8v3r: Mattermost fails to check Websocket request for proper UTF-8 format potentially crashing Calls plug-in

Mattermost versions 11.0.x <= 11.0.4, 10.12.x <= 10.12.2, 10.11.x <= 10.11.6 fail to check WebSocket request field for proper UTF-8 format, which allows attacker to crash Calls plug-in via sending malformed request.

3 days ago

#web #git #intel

Skip to content

Navigation Menu

- AI CODE CREATION
  - GitHub CopilotWrite better code with AI
  - GitHub SparkBuild and deploy intelligent apps
  - GitHub ModelsManage and compare prompts
  - MCP RegistryNewIntegrate external tools

View all features

Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

Appearance settings

GitHub Advisory Database
GitHub Reviewed
CVE-2025-12689

Mattermost fails to check Websocket request for proper UTF-8 format potentially crashing Calls plug-in

Moderate severity GitHub Reviewed Published Dec 17, 2025 to the GitHub Advisory Database • Updated Dec 20, 2025

Package

gomod github.com/mattermost/mattermost-plugin-calls (Go)

Affected versions

< 1.11.0

Description

Published to the GitHub Advisory Database

Dec 17, 2025

Last updated

Dec 20, 2025

ghsa: Latest News

GHSA-83jg-m2pm-4jxj: Cowrie has a SSRF vulnerability in wget/curl emulation enabling DDoS amplification

4 hours ago

GHSA-f43r-cc68-gpx4: External Control of File Name or Path in Langflow

22 hours ago

GHSA-5993-7p27-66g5: Langflow vulnerable to Server-Side Request Forgery

22 hours ago

GHSA-24v3-254g-jv85: Tuta Mail has DOM attribute and CSS injection in its Contact Viewer feature

1 day ago

GHSA-4hx9-48xh-5mxr: Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization

1 day ago