Browse all 261 CVE security advisories affecting Nextcloud. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Nextcloud operates as an open-source file sharing and collaboration platform, providing self-hosted alternatives to commercial cloud services. With 261 recorded Common Vulnerabilities and Exposures (CVEs), the software has historically been susceptible to critical security flaws, including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. These issues often stem from improper input validation or insecure default configurations within its PHP-based architecture. Notable incidents have involved unauthorized data access and server compromise, highlighting risks associated with complex plugin ecosystems and frequent updates. While the project maintains a public security policy and encourages responsible disclosure, the high volume of past CVEs indicates a need for rigorous code auditing and strict configuration management by administrators to mitigate potential exploitation vectors in production environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2021-29438 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in @nextcloud/dialogs — nextcloud-dialogsCWE-79 | 4.6 | Medium | 2021-04-13 |
This page lists every published CVE security advisory associated with Nextcloud. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.