Fedora: Security Advisory (FEDORA-2025-9f8cbb5e03)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2025-6dd003943f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EUVD-2022-7777

Malicious code in bioql PyPI...

[SECURITY] Fedora 41 Update: gotify-desktop-1.3.7-5.fc41

Small Gotify daemon to receive messages and forward them as desktop notificat ions. Read Gotify messages, and forward them as standard desktop notification . Forward message priority. Auto reconnect if server connection is lost and g et missed messages. Automatically download, cache, and show app...

[SECURITY] Fedora 42 Update: gotify-desktop-1.3.7-5.fc42

Small Gotify daemon to receive messages and forward them as desktop notificat ions. Read Gotify messages, and forward them as standard desktop notification . Forward message priority. Auto reconnect if server connection is lost and g et missed messages. Automatically download, cache, and show app...

CVE-2022-46181

Gotify server is a simple server for sending and receiving messages in real-time per WebSocket. Versions prior to 2.2.2 contain an XSS vulnerability that allows authenticated users to upload .html files. An attacker could execute client side scripts if another user opened a link. The attacker cou...

[SECURITY] Fedora 40 Update: gotify-desktop-1.3.7-4.fc40

Small Gotify daemon to receive messages and forward them as desktop notificat ions. Read Gotify messages, and forward them as standard desktop notification . Forward message priority. Auto reconnect if server connection is lost and g et missed messages. Automatically download, cache, and show app...

[SECURITY] Fedora 41 Update: gotify-desktop-1.3.7-4.fc41

Small Gotify daemon to receive messages and forward them as desktop notificat ions. Read Gotify messages, and forward them as standard desktop notification . Forward message priority. Auto reconnect if server connection is lost and g et missed messages. Automatically download, cache, and show app...

Cross-site Scripting (XSS)

github.com/gotify/server is vulnerable to Cross-site Scripting XSS. The vulnerability is due to outdated Swagger UI, which uses a vulnerable version of DOMPurify, allowing an attacker to execute arbitrary JavaScript through external Swagger config files...

GO-2022-1208 gotify/server vulnerable to Cross-site Scripting in the application image file upload in github.com/gotify/server

gotify/server vulnerable to Cross-site Scripting in the application image file upload in github.com/gotify/server...

GO-2023-1471 Reflected XSS in Gotify's /docs via import of outdated Swagger UI in github.com/gotify/server

Reflected XSS in Gotify's /docs via import of outdated Swagger UI in github.com/gotify/server...

GHSA-3244-8MFF-W398 Reflected XSS in Gotify's /docs via import of outdated Swagger UI

Impact Gotify exposes an outdated instance of the Swagger UI API documentation frontend at /docs which is susceptible to reflected XSS attacks when loading external Swagger config files. Specifically, the DOMPurify version included with this version of Swagger UI is vulnerable to a rendering XSS...

Reflected XSS in Gotify's /docs via import of outdated Swagger UI

Impact Gotify exposes an outdated instance of the Swagger UI API documentation frontend at /docs which is susceptible to reflected XSS attacks when loading external Swagger config files. Specifically, the DOMPurify version included with this version of Swagger UI is vulnerable to a rendering XSS...

CVE-2022-46181

Gotify server is a simple server for sending and receiving messages in real-time per WebSocket. Versions prior to 2.2.2 contain an XSS vulnerability that allows authenticated users to upload .html files. An attacker could execute client side scripts if another user opened a link. The attacker cou...

Spoofing

Gotify server is a simple server for sending and receiving messages in real-time per WebSocket. Versions prior to 2.2.2 contain an XSS vulnerability that allows authenticated users to upload .html files. An attacker could execute client side scripts if another user opened a link. The attacker cou...

CVE-2022-46181

The CVE-2022-46181 entry describes an XSS vulnerability in Gotify server prior to version 2.2.2. Authenticated users could upload .html files via the image upload functionality, enabling client‑side script execution if another user clicked a crafted link (e.g., an image path with an HTML file). T...

CVE-2022-46181 Gotify server XSS vulnerability in the application image file upload

Gotify server is a simple server for sending and receiving messages in real-time per WebSocket. Versions prior to 2.2.2 contain an XSS vulnerability that allows authenticated users to upload .html files. An attacker could execute client side scripts if another user opened a link. The attacker cou...

CVE-2022-46181 Gotify server XSS vulnerability in the application image file upload

Gotify server is a simple server for sending and receiving messages in real-time per WebSocket. Versions prior to 2.2.2 contain an XSS vulnerability that allows authenticated users to upload .html files. An attacker could execute client side scripts if another user opened a link. The attacker cou...

CVE-2022-46181 Gotify server XSS vulnerability in the application image file upload

Gotify server is a simple server for sending and receiving messages in real-time per WebSocket. Versions prior to 2.2.2 contain an XSS vulnerability that allows authenticated users to upload .html files. An attacker could execute client side scripts if another user opened a link. The attacker cou...

Gotify 跨站脚本漏洞

Gotify is a simple server to send and receive messages. A cross-site scripting vulnerability exists in Gotify server versions prior to 2.2.2, which stems from an XSS vulnerability that allows an authenticated user to upload an html file, which allows an attacker to execute client-side script and...