Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

NextCloud — Vulnerabilities & Security Advisories 262

Browse all 262 CVE security advisories affecting NextCloud. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Nextcloud operates as an open-source file sharing and collaboration platform, providing self-hosted alternatives to commercial cloud services. With 261 recorded Common Vulnerabilities and Exposures (CVEs), the software has historically been susceptible to critical security flaws, including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. These issues often stem from improper input validation or insecure default configurations within its PHP-based architecture. Notable incidents have involved unauthorized data access and server compromise, highlighting risks associated with complex plugin ecosystems and frequent updates. While the project maintains a public security policy and encourages responsible disclosure, the high volume of past CVEs indicates a need for rigorous code auditing and strict configuration management by administrators to mitigate potential exploitation vectors in production environments.

Found 1 results / 262Clear Filters
Top products by NextCloud: security-advisories Nextcloud Server com.nextcloud.client Nextcloud Calendar application Nextcloud Contacts application nextcloud/server nextcloud/talk nextcloud-dialogs news-android android cookbook nextcloudpi Nextcloud news
High2025-12-06
Merge pull request #7537 from nextcloud/fix/appointments/unify-ids · nextcloud/calendar@f41650c · GitHub
Medium2025-12-06
Merge pull request #55657 from nextcloud/artonge/fix/do_not_expose_sy… · nextcloud/server@e486686 · GitHub
High2025-12-06
Merge pull request #881 from nextcloud/backport/874/stable1.4 · nextcloud/twofactor_webauthn@5d23021 · GitHub
LowCVE-2025-665152025-12-06
Approval app allows users to request approval for other users file · Advisory · nextcloud/security-advisories · GitHub
MediumGHSA-p53h-6294-crw2025-12-06
Tables app allowed users to view columns metadata information of any table · Advisory · nextcloud/security-advisories ·
MediumGHSA-495w-cqv6-wr592025-12-06
Contacts search allowed users to retrieve contact information of other users beyond their contact list · Advisory · next
High2025-11-13
Also prevent null byte character · nextcloud/server@c3ae21f · GitHub
LowCVE-2024-224002025-11-11
Open redirect in user_saml via RelayState parameter · Advisory · nextcloud/security-advisories · GitHub
LowGHSA-9mh6-cph8-772c2025-11-09
Disabled download shares still allow download through preview images · Advisory · nextcloud/security-advisories · GitHub
MediumCVE-2025-580512025-10-17
Tables app allowed to include local file via PhpSpreadsheet when importing a table · Advisory · nextcloud/security-advis
LowCVE-2025-477942025-05-17
Insecure temporary file creation, race with write access and permission · Advisory · nextcloud/security-advisories · Git
MediumCVE-2025-477932025-05-17
Bypass group folder quota limit using attachment in text file · Advisory · nextcloud/security-advisories · GitHub
MediumCVE-2025-477912025-05-17
Test remote endpoint is not rate limited · Advisory · nextcloud/security-advisories · GitHub
Medium2025-05-17
Second factor not requested after session timeout · Advisory · nextcloud/security-advisories · GitHub

Showing up to 20 recent security advisories. View all →

This page lists every published CVE security advisory associated with NextCloud. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.