-
-
Notifications
You must be signed in to change notification settings - Fork 1k
Security: FreshRSS/FreshRSS
Security Navigation
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Directory enumeration by setting path in theme fieldGHSA-w35p-p867-qr4f published
Sep 27, 2025 by AlkarexLow -
XSS due to lack of CSP on HTML query pageGHSA-rwhf-vjjx-gmm9 published
Sep 27, 2025 by AlkarexModerate -
Unauthorized creation of admin user when registration is enabledGHSA-h625-ghr3-jppq published
Sep 27, 2025 by AlkarexCritical -
Unauthenticated users are able to read information about feeds/tags of the default userGHSA-jf4v-f8p2-8xvq published
Sep 27, 2025 by AlkarexHigh -
Incomplete Session Termination on Logout in FreshRSSGHSA-42v4-65f8-5wgr published
Sep 27, 2025 by AlkarexModerate -
Double clickjacking leads to privilege escalationGHSA-j66v-hvqx-5vh3 published
Sep 27, 2025 by AlkarexModerate -
Admin authenticated RCE <1.26.2GHSA-jcww-48g9-wf57 published
Jul 31, 2025 by AlkarexHigh -
Clickjacking leads to XSS / privilege escalationGHSA-wm5p-7pr7-c8rw published
Sep 27, 2025 by AlkarexLow -
Favicon cache poisoning by editing website URLGHSA-8f79-3q3w-43c4 published
Jun 3, 2025 by AlkarexModerate -
Privilege escalation via SSRF when using HTTP authGHSA-w3m8-wcf4-h8vm published
Jun 3, 2025 by AlkarexHigh