appwrite/server-ce

Packagist4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting appwrite/server-cepage 1 of 1

CVE-2021-23682HIGHCVSS 7.3EG 7.3✓ Fixed in 0.11.1
2022-02-16
vulnerable: 0.1.13 ... 0.9.4 (27 versions)
This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the query string in the getJsonFromUrl function, the key that is set in the result object is not…
CVE-2022-25377HIGHCVSS 7.5EG 7.5✓ Fixed in 0.12.2
2024-02-22
vulnerable: 0.10.0 ... 0.9.4 (26 versions)
The ACME-challenge endpoint in Appwrite 0.5.0 through 0.12.x before 0.12.2 allows remote attackers to read arbitrary local files via ../ directory traversal. In order to be vulnerable, APP_STORAGE_CERTIFICATES/.well-known/acme-challenge mu…
CVE-2022-2925MEDIUMCVSS 5.4EG 5.4✓ Fixed in 1.0.0-RC1
2022-09-09
vulnerable: 0.1.13 ... 0.9.4 (46 versions)
Cross-site Scripting (XSS) - Stored in GitHub repository appwrite/appwrite prior to 1.0.0-RC1.
CVE-2023-27159HIGHCVSS 7.5EG 7.5
2023-03-31
vulnerable: 0.1.13 ... 1.2.1 (56 versions)
Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.

Check whether appwrite/server-ce is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for appwrite/server-ce CVEs against the assets you own.

Start Free Scan →