XWiki security policy is detailed on the following document: https://dev.xwiki.org/xwiki/bin/view/Community/SecurityPolicy/.
Security: xwiki/xwiki-platform
Security
SECURITY.md
-
SQL injection in query endpoint of REST API with OracleGHSA-prwh-7838-xf82 published
Jun 12, 2025 by tmortagneCritical -
No required right warnings for notification displayer objectsGHSA-j7p2-87q3-44w7 published
Jun 13, 2025 by michituxModerate -
No required right warnings for XClass definitionsGHSA-59w6-r9hm-439h published
Jun 13, 2025 by michituxHigh -
SQL injection in getdocuments.vm with sort parameterGHSA-wh34-m772-5398 published
Dec 12, 2024 by manuelleducCritical -
SQL injection in short form select requests through the script query APIGHSA-g9jj-75mx-wjcx published
Apr 23, 2025 by tmortagneHigh -
SQL injection in query endpoint of REST APIGHSA-f69v-xrj8-rhxf published
Apr 23, 2025 by tmortagneCritical -
The WikiManager REST API allows any user to create wikisGHSA-gfp2-6qhm-7x43 published
Mar 19, 2025 by surliHigh -
Any user with view access to the XWiki space can change the authenticatorGHSA-f9c6-2f9p-82jj published
Apr 30, 2025 by tmortagneHigh -
Wrong wiki reference used in AuthorizationManagerGHSA-gq32-758c-3wm3 published
Mar 19, 2025 by surliHigh -
Unregistered users can access private pages information through REST endpointGHSA-22q5-9phm-744v published
Mar 19, 2025 by surliHigh
Learn more about advisories related to xwiki/xwiki-platform in the GitHub Advisory Database