github.com/mattermost/mattermost-server/v5
govv5.39.3Mattermost is an open source platform for secure collaboration across the entire software development lifecycle..
License Apache-2.0permissive393 versions1198 maintainers0 deps36,306 weekly dl
mattermost/mattermost-server/v543
/ 100
Health
safe to use
github.com/mattermost/mattermost-server/[email protected] is safe to use (health: 43/100)
Update to >= 8.0.0-20260127144908-ced9a56e3988 to fix known vulnerabilities
Health breakdown0 – 100
0/25
maintenance
10/20
popularity
5/25
security
15/15
maturity
13/15
community
Vulnerabilities
114
10 medium104 low
Advisories (114)
| Severity | ID | Summary | Fixed in |
|---|---|---|---|
| low | CVE-2025-53971 | Mattermost Fails to Properly Validate Team Role Modification | 8.0.0-20250721095846-c602a4a78e1f |
| medium | BIT-mattermost-2023-1776 | Mattermost vulnerable to cross-site scripting (XSS) | 7.1.6 |
| medium | BIT-mattermost-2023-1775 | Mattermost vulnerable to information disclosure | 7.1.6 |
| medium | BIT-mattermost-2023-1774 | Mattermost fails to properly authentication inviter's permissions to private channel | 7.1.6 |
| medium | CVE-2025-36530 | Mattermost Fails to Validate File Paths | 8.0.0-20250619095651-9dd0b3943e55 |
| medium | CVE-2025-8402 | Mattermost has Potential Server Crash due to Unvalidated Import Data | 9.11.18 |
| medium | CVE-2025-11776 | Mattermost fails to properly restrict access to archived channel search API | 5.3.2-0.20250815165020-c8d66301415d |
| low | CVE-2025-11777 | Mattermost Incorrect Authorization vulnerability | 5.3.2-0.20250905150616-ba86dfc5876b |
| medium | CVE-2025-49222 | Mattermost Fails to Validate Remote Cluster Upload Sessions | 8.0.0-20250708173752-d6b35c41f0ae5 |
| medium | CVE-2025-47870 | Mattermost Does Not Sanitize the Team Invite ID | 8.0.0-20250708065844-b38e2eccda18 |
| low | BIT-mattermost-2024-28053 | Mattermost Server Resource Exhaustion | 0.0.0-20240209181221-674f549daf0e |
| medium | CVE-2023-5968 | Mattermost password hash disclosure vulnerability | 5.3.2-0.20230825233148-f787fd63368a |
| low | BIT-mattermost-2024-39837 | Mattermost did not properly restrict channel creation | 9.5.7 |
| medium | CVE-2025-8023 | Mattermost Fails to Sanitize Path Traversal Sequences | 8.0.0-20250708065844-b38e2eccda18 |
| unknown | BIT-mattermost-2022-1337 | Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server | 6.4.2 |
| unknown | BIT-mattermost-2022-1385 | Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server | 6.5.0 |
| unknown | BIT-mattermost-2023-50333 | Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server | — |
| unknown | BIT-mattermost-2023-7113 | Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server | — |
| unknown | BIT-mattermost-2023-48732 | Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server | 8.1.7+incompatible |
| unknown | BIT-mattermost-2023-47858 | Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server | — |
... and 94 more
Threat intelligence
1 likely exploited (EPSS ≥ 0.5)
Threat tier per vulnerability derived from CISA KEV catalog + FIRST.org EPSS scores.
Health History
Dependency Tree
License Audit
API access
Get this data programmatically — free, no authentication.
curl https://depscope.dev/api/check/go/github.com/mattermost/mattermost-server/v5Last updated · 2021-12-15T17:40:34Z