Draft a new security advisory online, or report security issues to [email protected] (PGP public key if relevant).
Security: FreshRSS/FreshRSS
Security
SECURITY.md
-
Admin authenticated RCE <1.26.2GHSA-jcww-48g9-wf57 published
Jul 31, 2025 by AlkarexHigh -
Favicon cache poisoning by editing website URLGHSA-8f79-3q3w-43c4 published
Jun 3, 2025 by AlkarexModerate -
Privilege escalation via SSRF when using HTTP authGHSA-w3m8-wcf4-h8vm published
Jun 3, 2025 by AlkarexHigh -
XSS by embedding <script> tag inside <iframe srcdoc>GHSA-wgrq-mcwc-8f8v published
Jun 3, 2025 by AlkarexModerate -
Directory enumeration via ext.phpGHSA-jjm2-4hf7-9x65 published
Jun 3, 2025 by AlkarexLow -
DoS by malicious feed entry loading logout URLGHSA-vpmc-3fv2-jmgp published
Jun 3, 2025 by AlkarexModerate -
XSS by <iframe>'ing a vulnerable same-origin page in a feed entryGHSA-f6r4-jrvc-cfmr published
Jun 3, 2025 by AlkarexModerate -
Sensitive information exposure in the logs of greader APIGHSA-8vvv-jxg6-8578 published
Mar 4, 2023 by AlkarexModerate -
Insecure file access in ext.php allows exposure of user configurationGHSA-hvrj-5fwj-p7v6 published
Dec 9, 2022 by AlkarexModerate
Learn more about advisories related to FreshRSS/FreshRSS in the GitHub Advisory Database