Vulnerabilities > Appwrite
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-30 | CVE-2024-1063 | Server-Side Request Forgery (SSRF) vulnerability in Appwrite Appwrite <= v1.4.13 is affected by a Server-Side Request Forgery (SSRF) via the '/v1/avatars/favicon' endpoint due to an incomplete fix of CVE-2023-27159. | 7.5 |
| 2024-01-09 | CVE-2023-50974 | Use of Hard-coded Credentials vulnerability in Appwrite Command Line Interface In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a ~/.appwrite/prefs.json file with 0644 as UNIX permissions. | 5.5 |
| 2023-03-31 | CVE-2023-27159 | Server-Side Request Forgery (SSRF) vulnerability in Appwrite Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. | 7.5 |
| 2022-09-09 | CVE-2022-2925 | Cross-site Scripting vulnerability in Appwrite Cross-site Scripting (XSS) - Stored in GitHub repository appwrite/appwrite prior to 1.0.0-RC1. | 5.4 |
| 2022-02-16 | CVE-2021-23682 | This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. | 9.8 |