Homepage

roundcube vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the roundcube package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • L
CVE-2024-42010

<1.6.5+dfsg-1+deb12u3
  • C
Cross-site Scripting (XSS)

<1.6.5+dfsg-1+deb12u3
  • C
Cross-site Scripting (XSS)

<1.6.5+dfsg-1+deb12u3
  • L
CVE-2024-37384

<1.6.5+dfsg-1+deb12u2
  • M
Cross-site Scripting (XSS)

<1.6.5+dfsg-1+deb12u2
  • M
Cross-site Scripting (XSS)

<1.6.5+dfsg-1~deb12u1
  • M
Cross-site Scripting (XSS)

<1.6.4+dfsg-1~deb12u1
  • M
Cross-site Scripting (XSS)

<1.6.3+dfsg-1~deb12u1
  • M
Cross-site Scripting (XSS)

<1.6.0+dfsg-1
  • C
SQL Injection

<1.5.0+dfsg.1-1
  • M
Cross-site Scripting (XSS)

<1.5.0+dfsg.1-1
  • M
Cross-site Scripting (XSS)

<1.4.5+dfsg.1-1
  • M
Cross-site Scripting (XSS)

<1.4.5+dfsg.1-1
  • M
Cross-site Scripting (XSS)

<1.4.11+dfsg.1-1
  • M
Cross-site Scripting (XSS)

<1.4.10+dfsg.1-1
  • M
Cross-site Scripting (XSS)

<1.4.8+dfsg.1-1
  • M
Cross-site Scripting (XSS)

<1.4.7+dfsg.1-1
  • M
Cross-site Scripting (XSS)

<1.4.5+dfsg.1-1
  • M
Cross-site Scripting (XSS)

<1.4.5+dfsg.1-1
  • L
Arbitrary Argument Injection

<1.4.4+dfsg.1-1
  • L
Directory Traversal

<1.4.4+dfsg.1-1
  • M
Cross-site Request Forgery (CSRF)

<1.4.4+dfsg.1-1
  • M
Cross-site Scripting (XSS)

<1.4.4+dfsg.1-1
  • L
CVE-2019-15237

<1.5.0+dfsg.1-1
  • M
CVE-2019-10740

<1.3.10+dfsg.1-1
  • M
Cross-site Scripting (XSS)

<1.3.8+dfsg.1-1
  • H
Information Exposure

<1.3.8+dfsg.1-1
  • H
Improper Input Validation

<1.3.6+dfsg.1-1
  • L
Incorrect Permission Assignment for Critical Resource

<1.3.10+dfsg.1-1
  • H
Files or Directories Accessible to External Parties

<1.3.3+dfsg.1-1
  • M
Cross-site Scripting (XSS)

<1.1.2+dfsg.1-1
  • M
Information Exposure

<1.1.2+dfsg.1-1
  • H
Improper Privilege Management

<1.2.3+dfsg.1-4
  • M
Cross-site Scripting (XSS)

<1.1.5+dfsg.1-1
  • M
Cross-site Scripting (XSS)

<1.2.1+dfsg.1-1
  • M
Cross-site Scripting (XSS)

<1.2.3+dfsg.1-3
  • H
Arbitrary Code Injection

<1.1.1+dfsg.1-2
  • H
Out-of-Bounds

<1.1.1+dfsg.1-2
  • M
Cross-site Scripting (XSS)

<1.2.0+dfsg.1-1
  • H
Improper Access Control

<1.2.3+dfsg.1-1
  • H
Cross-site Request Forgery (CSRF)

<1.1.5+dfsg.1-1
  • H
Directory Traversal

<1.1.4+dfsg.1-1
  • M
Directory Traversal

<1.1.2+dfsg.1-1
  • M
Cross-site Scripting (XSS)

<1.1.2+dfsg.1-1
  • L
Cross-site Scripting (XSS)

<1.1.3+dfsg.1-1
  • L
Cross-site Scripting (XSS)

<0.9.5+dfsg1-4.2
  • M
Cross-site Request Forgery (CSRF)

<1.1.1+dfsg.1-2
  • M
Directory Traversal

<0.7.2-9
  • H
SQL Injection

<0.9.4-1.1
  • M
Cross-site Scripting (XSS)

<0.9.4-1
  • M
Cross-site Scripting (XSS)

<0.7.2-4
  • M
Cross-site Scripting (XSS)

<0.7.2-4
  • L
Cross-site Scripting (XSS)

<0.7-1
  • M
Resource Management Errors

<0.6+dfsg-1
  • L
Cross-site Scripting (XSS)

<0.5.4+dfsg-1
  • M
Improper Input Validation

<0.5.1-1
  • L
Improper Input Validation

<0.5.1-1
  • M
Information Exposure

<0.3.1-3
  • M
Cross-site Request Forgery (CSRF)

<0.3-1
  • M
Cross-site Request Forgery (CSRF)

<0.3-1
  • L
Cross-site Scripting (XSS)

<0.2~stable-1
  • L
Resource Management Errors

<0.1.1-10
  • H
Arbitrary Code Injection

<0.1.1-9
  • L
Cross-site Scripting (XSS)

<0.1~rc2-6