roundcube/roundcubemail

Licenses: GPL-3.0

License

Known vulnerabilities in the roundcube/roundcubemail package. This does not include vulnerabilities belonging to this package’s dependencies.

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Vulnerability	Vulnerable Version
M Deserialization of Untrusted Data	<1.5.14>=1.6-beta, <1.6.14>=1.7-beta, <1.7-rc5
L Arbitrary Argument Injection	<1.5.14>=1.6-beta, <1.6.14>=1.7-beta, <1.7-rc5
M Cross-site Scripting (XSS)	<1.5.14>=1.6-beta, <1.6.14>=1.7-beta, <1.7-rc5
L Access of Resource Using Incompatible Type ('Type Confusion')	<1.5.14>=1.6-beta, <1.6.14>=1.7-beta, <1.7-rc5
M Incorrect Resource Transfer Between Spheres	<1.5.14>=1.6-beta, <1.6.14>=1.7-beta, <1.7-rc5
M Incorrect Resource Transfer Between Spheres	<1.5.15>=1.6-beta, <1.6.15>=1.7-beta, <1.7-rc5
M Incorrect Resource Transfer Between Spheres	<1.5.14>=1.6-beta, <1.6.14>=1.7-beta, <1.7-rc5
M Server-side Request Forgery (SSRF)	<1.6.14>=1.7-beta, <1.7-rc5
M Incorrect Resource Transfer Between Spheres	<1.5.14>=1.6-beta, <1.6.14>=1.7-beta, <1.7-rc5
M Cross-site Scripting (XSS)	<1.5.12>=1.6.0, <1.6.12
M Improper Encoding or Escaping of Output	<1.5.12>=1.6.0, <1.6.12
M Cross-site Scripting (XSS)	<1.5.7>=1.6.0, <1.6.7