Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

gitroomhq — Vulnerabilities & Security Advisories 11

Browse all 11 CVE security advisories affecting gitroomhq. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Gitroomhq provides a collaborative platform for managing Git repositories and development workflows. Historically, the platform has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, as evidenced by its six recorded CVEs. These vulnerabilities often stem from insufficient input validation and improper access controls in web interfaces and API endpoints. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities suggests potential risks for organizations relying on the platform for sensitive development operations. Users should maintain current patching and implement additional security controls to mitigate exposure.

Top products by gitroomhq: postiz-app
CVE IDTitleCVSSSeverityPublished
CVE-2026-48783 Postiz has an unauthenticated billing-enforcement bypass via /public/modify-subscription — postiz-appCWE-345 4.8 Medium2026-06-16
CVE-2026-48781 Postiz has cross-tenant SUPERADMIN takeover via Skool-provider JWT forgery — postiz-appCWE-302 9.9 Critical2026-06-16
CVE-2026-42556 Postiz stored XSS in public preview page — postiz-appCWE-79 8.9 High2026-05-08
CVE-2026-42346 Postiz: TOCTOU DNS rebinding bypasses all SSRF URL validation paths — postiz-appCWE-918 6.5 Medium2026-05-08
CVE-2026-42298 Postiz: Arbitrary Code Execution and Token Exfiltration in pr-docker-build.yml via untrusted Dockerfile.dev — postiz-appCWE-94 10.0 Critical2026-05-08
CVE-2026-40487 Postiz Has Unrestricted File Upload via MIME Type Spoofing that Leads to Stored XSS — postiz-appCWE-79 8.9 High2026-04-18
CVE-2026-40168 Postiz has Server-Side Request Forgery via Redirect Bypass in /api/public/stream — postiz-appCWE-918 8.2 High2026-04-10
CVE-2026-34590 Postiz: SSRF via Webhook Creation Endpoint Missing URL Safety Validation — postiz-appCWE-918 5.4 Medium2026-04-02
CVE-2026-34577 Postiz: Unauthenticated Full-Read SSRF via /public/stream Endpoint with Trivially Bypassable Extension Check — postiz-appCWE-918 8.6 High2026-04-02
CVE-2026-34576 Postiz: SSRF in upload-from-url endpoint allows fetching internal resources and cloud metadata — postiz-appCWE-918 6.5AIMediumAI2026-04-02
CVE-2025-53641 Postiz allows header mutation in middleware facilitates resulting in SSRF — postiz-appCWE-918 8.2 High2025-07-11

This page lists every published CVE security advisory associated with gitroomhq. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.