Browse all 261 CVE security advisories affecting Nextcloud. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Nextcloud operates as an open-source file sharing and collaboration platform, providing self-hosted alternatives to commercial cloud services. With 261 recorded Common Vulnerabilities and Exposures (CVEs), the software has historically been susceptible to critical security flaws, including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. These issues often stem from improper input validation or insecure default configurations within its PHP-based architecture. Notable incidents have involved unauthorized data access and server compromise, highlighting risks associated with complex plugin ecosystems and frequent updates. While the project maintains a public security policy and encourages responsible disclosure, the high volume of past CVEs indicates a need for rigorous code auditing and strict configuration management by administrators to mitigate potential exploitation vectors in production environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2021-43863 | SQL Injection in FileContentProvider (GHSL-2021-1007) — androidCWE-89 | 7.5 | High | 2022-01-25 |
This page lists every published CVE security advisory associated with Nextcloud. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.