Vulnerabilities > Appwrite

DATE CVE VULNERABILITY TITLE RISK
2024-01-30 CVE-2024-1063 Server-Side Request Forgery (SSRF) vulnerability in Appwrite
Appwrite <= v1.4.13 is affected by a Server-Side Request Forgery (SSRF) via the '/v1/avatars/favicon' endpoint due to an incomplete fix of CVE-2023-27159.
network
low complexity
appwrite CWE-918
7.5
2024-01-09 CVE-2023-50974 Use of Hard-coded Credentials vulnerability in Appwrite Command Line Interface
In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a ~/.appwrite/prefs.json file with 0644 as UNIX permissions.
local
low complexity
appwrite CWE-798
5.5
2023-03-31 CVE-2023-27159 Server-Side Request Forgery (SSRF) vulnerability in Appwrite
Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon.
network
low complexity
appwrite CWE-918
7.5
2022-09-09 CVE-2022-2925 Unspecified vulnerability in Appwrite
Cross-site Scripting (XSS) - Stored in GitHub repository appwrite/appwrite prior to 1.0.0-RC1.
network
low complexity
appwrite
5.4
2022-02-16 CVE-2021-23682 This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1.
network
low complexity
appwrite litespeed-js-project
critical
9.8