Search for packages
| purl | pkg:composer/appwrite/server-ce@0.13.4 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4ptx-3zht-g7b8
Aliases: CVE-2022-2925 GHSA-5ffj-mph5-c5hv |
Appwrite Vulnerable to Cross-site Scripting Appwrite is vulnerable to stored cross-site scripting in usernames, function names, storage bucket names, and database collection names. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-dtju-jew3-3qgz
Aliases: CVE-2023-27159 GHSA-hxgx-584x-vwm8 |
Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-06T03:38:08.047581+00:00 | GitLab Importer | Affected by | VCID-dtju-jew3-3qgz | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/appwrite/server-ce/CVE-2023-27159.yml | 38.6.0 |
| 2026-06-06T02:49:21.358310+00:00 | GitLab Importer | Affected by | VCID-4ptx-3zht-g7b8 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/appwrite/server-ce/CVE-2022-2925.yml | 38.6.0 |