Please check Wire's global SECURITY.md.
Security: wireapp/wire-server
Security
SECURITY.md
-
Unauthorized removal of Bots from ConversationsGHSA-xmjc-c6w3-pcp4 published
Jan 26, 2023 by comawillModerate -
SAML IdP ConfusionGHSA-gq27-gmgq-fmxw published
Oct 18, 2022 by comawillHigh -
Improper Verification of Cryptographic SignatureGHSA-9jg9-9g37-4424 published
Mar 16, 2022 by comawillCritical -
DoS vulnerabiliity in json parserGHSA-phxv-pffh-fq2r published
Apr 13, 2022 by comawillModerate -
Account takeover when having only access to a user's short lived tokenGHSA-9rm2-w6pq-333m published
Oct 4, 2021 by sebastian-wireHigh -
CORS `Access-Control-Allow-Origin` settings are too lenientGHSA-v7xx-cx8m-g66p published
Sep 30, 2021 by sebastian-wireModerate -
Assets can be used for XSS attacksGHSA-hxmc-g6x8-h2mh published
Jun 16, 2021 by franziskuskieferModerate -
Bulk list client endpoint exposes too much metadata about a clientGHSA-qx8q-rhq2-rg4j published
Mar 19, 2021 by raphaelrobertHigh
Learn more about advisories related to wireapp/wire-server in the GitHub Advisory Database