Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

chatwoot — Vulnerabilities & Security Advisories 15

Browse all 15 CVE security advisories affecting chatwoot. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Chatwoot serves as an open-source customer support platform enabling businesses to manage conversations across multiple channels. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and access control flaws. While no major public security incidents have been widely reported, the platform's 15 recorded CVEs highlight recurring issues in authentication mechanisms and third-party integrations. Its modular architecture introduces potential attack surfaces through plugins and APIs, requiring regular security updates. The platform's popularity makes it a target for opportunistic attackers seeking to exploit misconfigured deployments or outdated versions.

Top products by chatwoot: chatwoot/chatwoot chatwoot
CVE IDTitleCVSSSeverityPublished
CVE-2024-0640 Stored XSS in chatwoot/chatwoot — chatwoot/chatwootCWE-79 4.8 -2025-03-20
CVE-2025-21628 Chatwoot has a Blind SQL-injection in Conversation and Contacts filters — chatwootCWE-89 9.1 Critical2025-01-09
CVE-2021-3740 Session Fixation in chatwoot/chatwoot — chatwoot/chatwootCWE-384 7.1AIHighAI2024-11-15
CVE-2021-3742 Server-Side Request Forgery (SSRF) in chatwoot/chatwoot — chatwoot/chatwootCWE-918 5.4AIMediumAI2024-11-15
CVE-2021-3741 Stored Cross-site Scripting (XSS) in chatwoot/chatwoot — chatwoot/chatwootCWE-79 5.4AIMediumAI2024-11-15
CVE-2023-2109 Cross-site Scripting (XSS) - DOM in chatwoot/chatwoot — chatwoot/chatwootCWE-79 6.1 -2023-04-17
CVE-2022-3741 Improper Restriction of Excessive Authentication Attempts in chatwoot/chatwoot — chatwoot/chatwootCWE-307 9.1 -2022-10-28
CVE-2022-2901 Improper Authorization in chatwoot/chatwoot — chatwoot/chatwootCWE-285 5.4 -2022-09-06
CVE-2022-0542 Cross-site Scripting (XSS) - DOM in chatwoot/chatwoot — chatwoot/chatwootCWE-79 6.1 -2022-08-19
CVE-2022-1021 Insecure Storage of Sensitive Information in chatwoot/chatwoot — chatwoot/chatwootCWE-922 7.6 -2022-08-19
CVE-2022-1022 Cross-site Scripting (XSS) - Stored in chatwoot/chatwoot — chatwoot/chatwootCWE-79 5.4 -2022-04-21
CVE-2021-3813 Improper Privilege Management in chatwoot/chatwoot — chatwoot/chatwootCWE-269 8.1 -2022-02-09
CVE-2022-0527 Cross-site Scripting (XSS) - Stored in chatwoot/chatwoot — chatwoot/chatwootCWE-79 5.4 -2022-02-09
CVE-2022-0526 Cross-site Scripting (XSS) - Stored in chatwoot/chatwoot — chatwoot/chatwootCWE-79 5.4 -2022-02-09
CVE-2021-3649 Inefficient Regular Expression Complexity in chatwoot/chatwoot — chatwoot/chatwootCWE-1333 7.5 -2021-07-16

This page lists every published CVE security advisory associated with chatwoot. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.