GO-2026-4916 Mattermost doesn't rate limit login requests, allowing DoS in github.com/mattermost/mattermost-server

Mattermost doesn't rate limit login requests, allowing DoS in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

GO-2026-4734 Mattermost fails to preserve the redacted state of burn-on-read posts during deletion in github.com/mattermost/mattermost-server

Mattermost fails to preserve the redacted state of burn-on-read posts during deletion in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

GO-2026-4467 Mattermost Server has Improper Authorization for Integration Requests in github.com/mattermost/mattermost-server

Mattermost Server has Improper Authorization for Integration Requests in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports...

GO-2026-4303 Mattermost Server is vulnerable CSV Injection in github.com/mattermost/mattermost-server

Mattermost Server is vulnerable CSV Injection in github.com/mattermost/mattermost-server...

GO-2025-4183 CVE-2017-18870 in github.com/mattermost/mattermost-server

CVE-2017-18870 in github.com/mattermost/mattermost-server...

GO-2025-4064 Mattermost Server is vulnerable to XSS through crafted links in github.com/mattermost/mattermost-server

Mattermost Server is vulnerable to XSS through crafted links in github.com/mattermost/mattermost-server...

GO-2025-4046 Mattermost Server is vulnerable to Uncontrolled Resource Consumption in github.com/mattermost/mattermost-server

Mattermost Server is vulnerable to Uncontrolled Resource Consumption in github.com/mattermost/mattermost-server...

GO-2025-4048 Mattermost Server is vulnerable to Code Injection through its LDAP fields in github.com/mattermost/mattermost-server

Mattermost Server is vulnerable to Code Injection through its LDAP fields in github.com/mattermost/mattermost-server...

GO-2025-3978 Mattermost boards plugin fails to restrict download access to files in github.com/mattermost/mattermost-plugin-boards

Mattermost boards plugin fails to restrict download access to files in github.com/mattermost/mattermost-plugin-boards...

GO-2025-3604 Mattermost Fails to Enforce Proper Access Controls on `/api/v4/audits` Endpoint in github.com/mattermost/mattermost-server

Mattermost Fails to Enforce Proper Access Controls on /api/v4/audits Endpoint in github.com/mattermost/mattermost-server...

GO-2024-3338 Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server

Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server...

Path Traversal

github.com/mattermost/mattermost-server is vulnerable to Path Traversal. The vulnerability is due to insufficient input sanitization in the frontend for user-provided redirection paths. This allows attackers to craft malicious links that trick unsuspecting users into clicking on them, leading to...

Fedora: Security Advisory for golang-github-mattermost-xml-roundtrip-validator (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...