Browse all 3 CVE security advisories affecting jitsi. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Jitsi provides open-source video conferencing and communication solutions, enabling secure real-time collaboration. Historically, the platform has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, with three CVEs currently documented. While Jitsi emphasizes end-to-end encryption and self-hosting options to enhance security, its open nature requires regular updates to address potential flaws. The project's transparency in reporting issues has helped maintain trust, though organizations should implement proper hardening and monitoring to mitigate risks associated with its complex web interface and underlying dependencies.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-64754 | Jitsi Meet has DOM Redirect on Microsoft OAuth Flow — jitsi-meetCWE-601 | 8.2 | - | 2025-11-13 |
| CVE-2021-39215 | Authentication Bypass: Forged Tokens Allow Access to Arbitrary Rooms — jitsi-meetCWE-287 | 7.5 | High | 2021-09-15 |
| CVE-2021-39205 | DOM-based XSS/Content Spoofing via Prototype Pollution — jitsi-meetCWE-79 | 6.8 | Medium | 2021-09-15 |
This page lists every published CVE security advisory associated with jitsi. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.