Security: 9001/copyparty
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Unexpected JavaScript execution via crafted URL to folder with `.prologue.html`GHSA-rcp6-88mm-9vgf published
Mar 11, 2026 by 9001Low -
ftp/sftp: Sharing a single file did not fully restrict source-folder accessGHSA-67rw-2x62-mqqm published
Mar 11, 2026 by 9001Low -
volflag `nohtml` did not block javascript in svg filesGHSA-m6hv-x64c-27mm published
Mar 8, 2026 by 9001Moderate -
Reflected cross-site scripting via setck parameterGHSA-62cr-6wp5-q43h published
Feb 25, 2026 by 9001Moderate -
Sharing a single file did not fully restrict access to other files in source folderGHSA-pxvw-4w88-6x95 published
Sep 8, 2025 by 9001Moderate -
Regex Denial of Service (ReDoS) in upload listingGHSA-5662-2rj7-f2v6 published
Aug 1, 2025 by 9001High -
Reflected XSS via filter parameterGHSA-8mx2-rjh8-q3jq published
Jul 30, 2025 by 9001Moderate -
DOM-Based XSS when displaying multimedia metadataGHSA-9q4r-x2hj-jmvr published
Jul 27, 2025 by 9001Moderate -
Unsanitized filenames are rendered as HTML during uploadGHSA-m2jw-cj8v-937r published
Feb 25, 2025 by 9001Low -
Reflected cross-site scripting via k304 parameterGHSA-f54q-j679-p9hh published
Jul 23, 2023 by 9001Moderate