Github.com/casdoor/casdoor
This hub aggregates every CVE we track for Github.com/casdoor/casdoor, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
9
CVEs tracked
1
Critical
6
High
0
In CISA KEV
Severity distribution
HIGH6MEDIUM2CRITICAL1
Monthly trend
0
3
0
0
0
0
0
0
0
0
1
0
0
0
0
1
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 9 most recently published vulnerabilities affecting Github.com/casdoor/casdoor.
- CVE-2025-61524An issue in the permission verification module and organization/application editing interface in Casdoor v2.26.0 and before, and fixed in v.2.63.0, allows remote authenticated administrators of any...7.2
- CVE-2025-4210Casdoor SCIM User Creation Endpoint scim.go HandleScim authorization7.3
- CVE-2024-41658GHSL-2024-036: Reflected XSS in QrCodePage.js6.1
- CVE-2024-41657GHSL-2024-035: Casdoor CORS misconfiguration8.1
- CVE-2024-41264An issue discovered in casdoor v1.636.0 allows attackers to obtain sensitive information via the ssh.InsecureIgnoreHostKey() method.7.5
- CVE-2023-34927Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. This vulnerability allows attackers to arbitrarily change the victim user...6.5
- CVE-2022-44942Casdoor before v1.126.1 was discovered to contain an arbitrary file deletion vulnerability via the uploadFile function.8.1
- CVE-2022-38638Casdoor v1.97.3 was discovered to contain an arbitrary file write vulnerability via the fullFilePath parameter at /api/upload-resource.9.1
- CVE-2022-24124The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by api/get-organizations.7.5
Product normalization is registry-driven with AI assist and human review. How it works