Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

opencast — Vulnerabilities & Security Advisories 18

Browse all 18 CVE security advisories affecting opencast. AI-powered Chinese analysis, POCs, and references for each vulnerability.

OpenCast is an open-source platform for creating, managing, and distributing educational video content and lectures. Historically, it has been vulnerable to multiple remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from improper input validation and access control weaknesses. The platform's extensive plugin architecture and integration with external services have introduced additional attack surfaces. While no major public security incidents have been widely documented, the 18 recorded CVEs highlight consistent security challenges, particularly in authentication mechanisms and file handling. Organizations implementing OpenCast should prioritize timely patching and harden configurations against common web vulnerabilities.

Top products by opencast: opencast
CVE IDTitleCVSSSeverityPublished
CVE-2025-61906 Opencast's editor accidentally publishes videos/overwrites publications #1626 — opencastCWE-200 3.5AILowAI2025-10-08
CVE-2025-61788 Opencast Paella Player 7 vulnerable to Cross-Site-Scripting — opencastCWE-79 5.4AIMediumAI2025-10-08
CVE-2025-55202 Opencast has a partial path traversal vulnerability in UI config — opencastCWE-23 6.5 -2025-08-29
CVE-2025-54380 Opencast still publishes global system account credentials — opencastCWE-200 6.5 Medium2025-07-26
CVE-2024-52797 Searching Opencast may cause a denial of service — opencastCWE-770 6.5 Medium2024-11-21
CVE-2022-41965 Opencast Authenticated OpenRedirect Vulnerability — opencastCWE-601 5.7 Medium2022-11-28
CVE-2022-29237 Limited Authentication Bypass for Media Files in Opencast — opencastCWE-287 5.4 Medium2022-05-24
CVE-2021-43821 Files Accessible to External Parties in Opencast — opencastCWE-552 9.9 Critical2021-12-14
CVE-2021-43807 HTTP Method Spoofing in Opencast — opencastCWE-290 7.5 High2021-12-14
CVE-2021-32623 Opencast vulnerable to billion laughs attack (XML bomb) — opencastCWE-776 8.1 High2021-06-15
CVE-2021-21318 Removing access may not effect published series — opencastCWE-863 5.4 Medium2021-02-18
CVE-2020-26234 Disabled Hostname Verification in OpenCast — opencastCWE-346 4.8 Medium2020-12-08
CVE-2020-5206 Authentication Bypass For Endpoints With Anonymous Access in OpenCast — opencastCWE-285 8.7 High2020-01-30
CVE-2020-5231 Opencast users with ROLE_COURSE_ADMIN can create new users — opencastCWE-285 4.8 Medium2020-01-30
CVE-2020-5230 Opencast uses unsafe identifiers — opencastCWE-99 7.7 High2020-01-30
CVE-2020-5222 Hard-Coded Key Used For Remember-me Token in OpenCast — opencastCWE-798 6.8 Medium2020-01-30
CVE-2020-5229 Opencast stores passwords using outdated MD5 hash algorithm — opencastCWE-327 7.7 High2020-01-30
CVE-2020-5228 Opencast allows unauthorized public access via OAI-PMH — opencastCWE-862 7.6 High2020-01-30

This page lists every published CVE security advisory associated with opencast. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.