pterodactyl/panel
Packagist10 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting pterodactyl/panelpage 1 of 1
- CVE-2019-1020002HIGHCVSS 7.5EG 7.5✓ Fixed in 0.7.142019-07-29
vulnerable: v0.1.0-beta ... v0.7.9 (46 versions)
Pterodactyl before 0.7.14 with 2FA allows credential sniffing.
- CVE-2021-41129HIGHCVSS 8.1EG 8.1✓ Fixed in 1.6.22021-10-06
vulnerable: v1.0.0 ... v1.6.1 (21 versions)
Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. A malicious user can modify the contents of a `confirmation_token` input during the two-factor authentication process to reference a cache value no…
- CVE-2021-41176MEDIUMCVSS 4.3EG 4.3✓ Fixed in 1.6.32021-10-25
vulnerable: v1.0.0 ... v1.6.2 (22 versions)
Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. In affected versions of Pterodactyl a malicious user can trigger a user logout if a signed in user visits a malicious website that makes a request …
- CVE-2021-41273MEDIUMCVSS 4.3EG 4.3✓ Fixed in 1.6.62021-11-17
vulnerable: v0.1.0-beta ... v1.6.5 (92 versions)
Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. Due to improperly configured CSRF protections on two routes, a malicious user could execute a CSRF-based attack against the following endpoints: Se…
- CVE-2024-34067MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.11.62024-05-03
vulnerable: v0.1.0-beta ... v1.9.2 (112 versions)
Pterodactyl is a free, open-source game server management panel built with PHP, React, and Go. Importing a malicious egg or gaining access to wings instance could lead to cross site scripting (XSS) on the panel, which could be used to gain…
- CVE-2024-49762MEDIUMCVSS 4.6EG 4.6✓ Fixed in 1.11.82024-10-24
vulnerable: v0.1.0-beta ... v1.9.2 (114 versions)
Pterodactyl is a free, open-source game server management panel. When a user disables two-factor authentication via the Panel, a `DELETE` request with their current password in a query parameter will be sent. While query parameters are en…
- CVE-2025-49132CRITICALCVSS 10.0EG 10.0✓ Fixed in 1.11.112025-06-20
vulnerable: v0.1.0-beta ... v1.9.2 (117 versions)
Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being aut…
- CVE-2025-68954MEDIUMCVSS 5.4EG 5.4✓ Fixed in 1.12.02026-01-06
vulnerable: v0.1.0-beta ... v1.9.2 (118 versions)
Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below do not revoke active SFTP connections when a user is removed from a server instance or has their permissions changes with respect to file access ov…
- CVE-2025-69197MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.12.02026-01-06
vulnerable: v0.1.0-beta ... v1.9.2 (118 versions)
Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below allow TOTP to be used multiple times during its validity window. Users with 2FA enabled are prompted to enter a token during sign-in, and afterward…
- CVE-2025-69198MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.12.02026-01-19
vulnerable: v0.1.0-beta ... v1.9.2 (118 versions)
Pterodactyl is a free, open-source game server management panel. Pterodactyl implements rate limits that are applied to the total number of resources (e.g. databases, port allocations, or backups) that can exist for an individual server. T…
Check whether pterodactyl/panel is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for pterodactyl/panel CVEs against the assets you own.
Start Free Scan →