Mail

This hub aggregates every CVE we track for Mail, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Mail.

• CVE-2025-66514Nextcloud Mail stored HTML injection in subject text3.5Dec 5, 2025
• CVE-2024-52509Nextcloud Mail app does not respect download permissions in shares3.5Nov 15, 2024
• CVE-2024-52508Nextcloud Mail auto configurator can be tricked into sending account information to wrong servers8.2Nov 15, 2024
• CVE-2023-48307Nextcloud Mail app vulnerable to Server-Side Request Forgery3.5Nov 21, 2023
• CVE-2023-45660Require strict cookies for image proxy requests in Nextcloud Mail4.3Oct 16, 2023
• CVE-2023-33184Blind SSRF in the Nextcloud Mail app on avatar endpoint3.5May 27, 2023
• CVE-2023-25160IDOR Vulnerability in Nextcloud Mail4.1Feb 13, 2023
• CVE-2023-23943Blind SSRF via server URL input in the Nextcloud Mail app5.0Feb 6, 2023
• CVE-2023-23944Nexcloud Mail app temporarily stores cleartext password in database2.0Feb 6, 2023
• CVE-2022-31119Password disclosure in log file in Nextcloud Mail App3.1Aug 4, 2022
• CVE-2022-31132Unauthenticated SSRF in 3rd party module "cerdic/csstidy"8.3Aug 4, 2022
• CVE-2013-10001HTC One/Sense Mail Client certificate validation4.8May 17, 2022
• CVE-2021-39220Bypass of image blocking in Nextcloud Mail3.5Oct 25, 2021
• CVE-2021-32707Bypass of image blocking in Nextcloud Mail4.3Jul 12, 2021
• CVE-2021-32652Missing permission check on email metadata retrieval8.8Jun 1, 2021