Browse all 36 CVE security advisories affecting zulip. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Zulip is an open-source team communication platform designed to facilitate organized, topic-based discussions, primarily serving enterprise and developer communities. With 36 recorded Common Vulnerabilities and Exposures (CVEs), its security history reflects typical web application risks. Historically, the software has been susceptible to cross-site scripting (XSS) and server-side request forgery (SSRF), often stemming from insufficient input validation in its web interface. While remote code execution (RCE) incidents are rare, privilege escalation vulnerabilities have occasionally allowed unauthorized users to access restricted administrative features. The platform employs standard encryption for data in transit and at rest, yet past incidents highlight the importance of rigorous code auditing. Recent updates have focused on hardening API endpoints and improving session management. Despite these challenges, Zulip maintains a transparent vulnerability disclosure process, allowing organizations to assess risk based on their specific deployment configurations and patch management capabilities.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2021-43799 | RabbitMQ exposes ports with weak default secrets in Zulip Server — zulipCWE-338 | 8.6 | High | 2022-01-25 |
| CVE-2021-3866 | Cross-site Scripting (XSS) - Stored in zulip/zulip — zulip/zulipCWE-79 | 5.4 | - | 2022-01-20 |
| CVE-2021-43791 | Ineffective expiration validation for invitation links in Zulip — zulipCWE-613 | 6.5 | Medium | 2021-12-02 |
| CVE-2021-41115 | Regular expression denial-of-service in Zulip — zulipCWE-400 | 4.3 | Medium | 2021-10-07 |
| CVE-2017-0910 | Zulip Server invitation系统安全漏洞 — Zulip ServerCWE-863 | 8.8 | - | 2017-11-27 |
| CVE-2017-0896 | Zulip Server 安全漏洞 — Zulip ServerCWE-285 | 4.3 | - | 2017-06-02 |
This page lists every published CVE security advisory associated with zulip. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.