Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

btcpayserver — Vulnerabilities & Security Advisories 9

Browse all 9 CVE security advisories affecting btcpayserver. AI-powered Chinese analysis, POCs, and references for each vulnerability.

BTCPay Server is an open-source payment processor enabling businesses to accept Bitcoin and other cryptocurrencies without third-party intermediaries. Historically, it has been susceptible to multiple vulnerability classes including cross-site scripting (XSS), remote code execution (RCE), and privilege escalation, with nine CVEs documented to date. Notable security characteristics include its self-hosted nature reducing dependency risks, though past incidents have exposed flaws in default configurations and third-party integrations. The platform's decentralized architecture contrasts with traditional payment systems but introduces unique security challenges in securing node infrastructure and managing cryptographic keys.

Top products by btcpayserver: btcpayserver/btcpayserver
CVE IDTitleCVSSSeverityPublished
CVE-2023-1270 Cross-site Scripting in btcpayserver/btcpayserver — btcpayserver/btcpayserverCWE-79 5.4 -2023-03-08
CVE-2023-1149 Improper Neutralization of Equivalent Special Elements in btcpayserver/btcpayserver — btcpayserver/btcpayserverCWE-76 8.2 -2023-03-02
CVE-2023-0879 Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver — btcpayserver/btcpayserverCWE-79 6.3 Medium2023-02-17
CVE-2023-0810 Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver — btcpayserver/btcpayserverCWE-79 5.4 -2023-02-13
CVE-2023-0747 Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver — btcpayserver/btcpayserverCWE-79 5.5 Medium2023-02-08
CVE-2023-0748 Open Redirect in btcpayserver/btcpayserver — btcpayserver/btcpayserverCWE-601 6.4 Medium2023-02-08
CVE-2023-0493 Improper Neutralization of Equivalent Special Elements in btcpayserver/btcpayserver — btcpayserver/btcpayserverCWE-76 5.3 Medium2023-01-26
CVE-2021-3830 Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver — btcpayserver/btcpayserverCWE-79 5.4 -2021-09-26
CVE-2021-3646 Cross-site Scripting (XSS) - Reflected in btcpayserver/btcpayserver — btcpayserver/btcpayserverCWE-79 5.4 -2021-09-10

This page lists every published CVE security advisory associated with btcpayserver. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.