Skip to main content

Appwrite

3 CVEs product

Monthly

CVE-2024-1063 HIGH This Week

Appwrite <= v1.4.13 is affected by a Server-Side Request Forgery (SSRF) via the '/v1/avatars/favicon' endpoint due to an incomplete fix of CVE-2023-27159. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Appwrite
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-27159 PHP HIGH POC THREAT Act Now

Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 36.2%.

SSRF Appwrite
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
36.2%
Threat
4.1
CVE-2022-2925 PHP MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository appwrite/appwrite prior to 1.0.0-RC1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Appwrite
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
EPSS 0% CVSS 7.5
HIGH This Week

Appwrite <= v1.4.13 is affected by a Server-Side Request Forgery (SSRF) via the '/v1/avatars/favicon' endpoint due to an incomplete fix of CVE-2023-27159. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Appwrite
NVD
EPSS 36% 4.1 CVSS 7.5
HIGH POC THREAT Act Now

Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 36.2%.

SSRF Appwrite
NVD GitHub VulDB
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository appwrite/appwrite prior to 1.0.0-RC1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Appwrite
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy