Search for packages
| purl | pkg:composer/roundcube/roundcubemail@1.7.0-beta |
| Tags | Ghost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2hap-9mqs-v3b8
Aliases: CVE-2026-35541 GHSA-46pv-mj2g-93gh |
Roundcube Webmail: Incorrect password comparison in the password plugin |
Affected by 0 other vulnerabilities. |
|
VCID-3rza-7fvy-guce
Aliases: CVE-2026-35537 GHSA-rxj3-rrwm-pj4r |
Roundcube Webmail: Unsafe deserialization in the redis/memcache session handler |
Affected by 0 other vulnerabilities. |
|
VCID-5yts-xnha-4bf3
Aliases: CVE-2026-35539 GHSA-x4q5-8j5g-hpjc |
Roundcube Webmail: Insufficient HTML attachment sanitization in preview mode |
Affected by 0 other vulnerabilities. |
|
VCID-8vmm-1hvf-17ap
Aliases: CVE-2026-35542 GHSA-5hf6-crg4-fg59 |
Roundcube: Bypass of remote image blocking via crafted BODY background attribute |
Affected by 0 other vulnerabilities. |
|
VCID-8xf2-hjfv-hybh
Aliases: CVE-2026-35544 GHSA-xpqh-grpw-4xmg |
Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages |
Affected by 0 other vulnerabilities. |
|
VCID-ck88-1urs-2kes
Aliases: CVE-2026-35543 GHSA-j2g6-8rvg-7mf6 |
Roundcube Webmail: Bypass of remote image blocking via SVG content (with animate attributes) in an e-mail message |
Affected by 0 other vulnerabilities. |
|
VCID-ddfq-28qm-2fbn
Aliases: CVE-2026-35545 GHSA-w846-74jr-76cv |
Roundcube Webmail: Remote image blocking feature can be bypassed via SVG content in an e-mail message |
Affected by 0 other vulnerabilities. |
|
VCID-gh6k-19h8-fqbf
Aliases: CVE-2026-35538 GHSA-8jr8-v43g-5c57 |
Roundcube Webmail: Unsanitized IMAP SEARCH command arguments |
Affected by 0 other vulnerabilities. |
|
VCID-ub6x-9dku-c7fk
Aliases: CVE-2026-35540 GHSA-vxg2-hhgr-37fx |
Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T07:45:49.106658+00:00 | GHSA Importer | Affected by | VCID-3rza-7fvy-guce | https://github.com/advisories/GHSA-rxj3-rrwm-pj4r | 38.4.0 |
| 2026-04-04T14:32:53.660925+00:00 | GHSA Importer | Affected by | VCID-ub6x-9dku-c7fk | https://github.com/advisories/GHSA-vxg2-hhgr-37fx | 38.1.0 |
| 2026-04-04T14:32:53.617926+00:00 | GHSA Importer | Affected by | VCID-5yts-xnha-4bf3 | https://github.com/advisories/GHSA-x4q5-8j5g-hpjc | 38.1.0 |
| 2026-04-04T14:32:53.568228+00:00 | GHSA Importer | Affected by | VCID-8xf2-hjfv-hybh | https://github.com/advisories/GHSA-xpqh-grpw-4xmg | 38.1.0 |
| 2026-04-04T14:32:53.518909+00:00 | GHSA Importer | Affected by | VCID-8vmm-1hvf-17ap | https://github.com/advisories/GHSA-5hf6-crg4-fg59 | 38.1.0 |
| 2026-04-04T14:32:53.470385+00:00 | GHSA Importer | Affected by | VCID-ck88-1urs-2kes | https://github.com/advisories/GHSA-j2g6-8rvg-7mf6 | 38.1.0 |
| 2026-04-04T14:32:53.420548+00:00 | GHSA Importer | Affected by | VCID-ddfq-28qm-2fbn | https://github.com/advisories/GHSA-w846-74jr-76cv | 38.1.0 |
| 2026-04-04T14:32:53.368657+00:00 | GHSA Importer | Affected by | VCID-3rza-7fvy-guce | https://github.com/advisories/GHSA-rxj3-rrwm-pj4r | 38.1.0 |
| 2026-04-04T14:32:53.320629+00:00 | GHSA Importer | Affected by | VCID-2hap-9mqs-v3b8 | https://github.com/advisories/GHSA-46pv-mj2g-93gh | 38.1.0 |
| 2026-04-04T14:32:53.269761+00:00 | GHSA Importer | Affected by | VCID-gh6k-19h8-fqbf | https://github.com/advisories/GHSA-8jr8-v43g-5c57 | 38.1.0 |