Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Roundcube — Vulnerabilities & Security Advisories 15

Browse all 15 CVE security advisories affecting Roundcube. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Roundcube serves as a web-based email client with IMAP support, enabling users to access and manage email through browsers. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and session management issues. The application has experienced notable security incidents, including a 2020 supply chain attack where malicious code was added to its update mechanism, affecting multiple installations. Despite these challenges, regular security updates and community vigilance help mitigate risks, though its widespread deployment continues to make it a target for attackers seeking to exploit email access for further compromise.

Top products by Roundcube: Webmail Roundcubemail
Medium2026-04-03
Fix remote image blocking bypass via various SVG animate attributes · roundcube/roundcubemail@82ab5ec · GitHub
High2026-04-03
Fix remote image blocking bypass via various SVG animate attributes · roundcube/roundcubemail@3947134 · GitHub
Medium2026-04-03
Fix remote image blocking bypass via various SVG animate attributes · roundcube/roundcubemail@1a63e01 · GitHub
High2026-04-03
Fix bug where a password could get changed without providing the old … · roundcube/roundcubemail@6fa2bdd · GitHub
High2026-04-03
Fix bug where a password could get changed without providing the old … · roundcube/roundcubemail@6a27567 · GitHub
High2026-04-03
Fix bug where a password could get changed without providing the old … · roundcube/roundcubemail@2e6a99b · GitHub
Medium2026-04-03
Fix SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via f… · roundcube/roundcubemail@7ad62de · GitHub
High2026-04-03
Fix SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via f… · roundcube/roundcubemail@9d18d52 · GitHub
HighCVE-2021-412222026-04-03
Fix SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via f… · roundcube/roundcubemail@fe1320b · GitHub
Medium2026-04-03
Release Roundcube Webmail 1.7 RC6 · roundcube/roundcubemail · GitHub
High2026-04-03
Fix fixed position mitigation bypass via use of !important · roundcube/roundcubemail@226811a · GitHub
Medium2026-04-03
Release Roundcube Webmail 1.6.15 · roundcube/roundcubemail · GitHub
High2026-04-03
Release Roundcube Webmail 1.5.15 · roundcube/roundcubemail · GitHub
High2026-04-03
Fix fixed position mitigation bypass via use of !important · roundcube/roundcubemail@57dec0c · GitHub
Medium2026-04-03
Fix XSS issue in a HTML attachment preview · roundcube/roundcubemail@1b30edf · GitHub
Medium2026-04-03
Fix XSS issue in a HTML attachment preview · roundcube/roundcubemail@10a6d1f · GitHub
High2026-04-03
Fix IMAP Injection + CSRF bypass in mail search · roundcube/roundcubemail@b18a8fa · GitHub
High2026-04-03
Fix IMAP Injection + CSRF bypass in mail search · roundcube/roundcubemail@5fe8a69 · GitHub
High2026-04-03
Fix XSS issue in a HTML attachment preview · roundcube/roundcubemail@d742954 · GitHub
Medium2026-04-03
Fix remote image blocking bypass via a crafted body background attribute · roundcube/roundcubemail@fde14d0 · GitHub

Showing up to 20 recent security advisories. View all →

This page lists every published CVE security advisory associated with Roundcube. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.