Security
Headlines

Headlines Latest CVEs

Headline

GHSA-4fwj-8595-wp25: Mattermost has Insufficiently Protected Credentials

Mattermost versions 10.5.x <= 10.5.7, 9.11.x <= 9.11.16 fail to negotiate a new token when accepting the invite which allows a user that intercepts both invite and password to send synchronization payloads to the server that originally created the invite via the REST API.

1 month ago

GitHub Advisory Database
GitHub Reviewed
CVE-2025-6227

Mattermost has Insufficiently Protected Credentials

Low severity GitHub Reviewed Published Jul 18, 2025 to the GitHub Advisory Database • Updated Jul 21, 2025

Package

gomod github.com/mattermost/mattermost-server (Go)

Affected versions

>= 10.5.0, < 10.5.8

>= 9.11.0, < 9.11.17

Patched versions

10.5.8

9.11.17

gomod github.com/mattermost/mattermost/server/v8 (Go)

< 8.0.0-20250612074655-8f8612c63783

8.0.0-20250612074655-8f8612c63783

Description

Published to the GitHub Advisory Database

Jul 18, 2025

Last updated

Jul 21, 2025

ghsa: Latest News

GHSA-f7qq-56ww-84cr: Picklescan is Vulnerable to Unsafe Globals Check Bypass through Subclass Imports

3 hours ago

GHSA-w765-jm6w-4hhj: Webrecorder packages are vulnerable to XSS through 404 error handling logic

3 hours ago

GHSA-qxfv-fcpc-w36x: Claude Code rg vulnerability does not protect against approval prompt bypass

3 hours ago

GHSA-p8cm-mm2v-gwjm: Monai: Unsafe use of Pickle deserialization may lead to RCE

23 hours ago

GHSA-6vm5-6jv9-rjpj: MONAI: Unsafe torch usage may lead to arbitrary code execution

23 hours ago