Browse all 5 CVE security advisories affecting tgstation. AI-powered Chinese analysis, POCs, and references for each vulnerability.
TGStation is a popular fork of the Space Station 13 game, focusing on multiplayer role-playing in a space station environment. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, primarily stemming from its complex BYOND engine and custom codebase. The project maintains a moderate security posture with five CVEs recorded, addressing issues through community-driven patches. While no major security incidents have been widely documented, the game's open nature and frequent updates necessitate ongoing vigilance against potential exploits in its server-client architecture and third-party content integration.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-21611 | tgstation-server's role authorization incorrectly OR'd with user's enabled status — tgstation-serverCWE-285 | 8.8 | High | 2025-01-06 |
| CVE-2024-41799 | tgstation-server's DreamMaker environment files outside the deployment directory can be compiled and ran by insufficiently permissioned users — tgstation-serverCWE-22 | 8.4 | High | 2024-07-29 |
| CVE-2023-34243 | Windows user name disclosure in TGstation — tgstation-serverCWE-200 | 5.8 | Medium | 2023-06-08 |
| CVE-2023-33198 | Incorrectly Specified Chat Message Destinations in tgstation-server and DreamMaker API — tgstation-serverCWE-941 | 6.1 | Medium | 2023-05-30 |
| CVE-2023-32687 | Insufficiently Protected ChatBot Credentials in tgstation-server — tgstation-serverCWE-522 | 7.7 | High | 2023-05-29 |
This page lists every published CVE security advisory associated with tgstation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.