github.com/mattermost/mattermost-server/v6
govv6.7.2Mattermost is an open source platform for secure collaboration across the entire software development lifecycle..
License Apache-2.0permissive39 versions1198 maintainers0 deps36,306 weekly dl
mattermost/mattermost-server/v635
/ 100
Health
update required
github.com/mattermost/mattermost-server/[email protected] has vulnerabilities — update to latest
Update to >= 8.0.0-20260127144908-ced9a56e3988 to fix known vulnerabilities
- Low health score (35/100)
- 2 high severity vulnerabilities
Health breakdown0 – 100
0/25
maintenance
10/20
popularity
0/25
security
12/15
maturity
13/15
community
Vulnerabilities
139
2 high31 medium106 low
Advisories (139)
| Severity | ID | Summary | Fixed in |
|---|---|---|---|
| medium | CVE-2023-5196 | Mattermost Uncontrolled Resource Consumption vulnerability | 7.8.10 |
| medium | CVE-2023-48369 | Mattermost Uncontrolled Resource Consumption vulnerability | 7.8.13 |
| medium | BIT-mattermost-2023-1777 | Mattermost vulnerable to information disclosure | 1.4.1-0.20230301145909-10be118d99a5 |
| low | CVE-2025-53971 | Mattermost Fails to Properly Validate Team Role Modification | 8.0.0-20250721095846-c602a4a78e1f |
| medium | CVE-2023-2783 | Mattermost Server Missing Authorization vulnerability | 6.0.0-20230511130429-1629a6ca7fed |
| medium | CVE-2023-47168 | Mattermost Open Redirect vulnerability | 7.8.13 |
| medium | BIT-mattermost-2023-6459 | Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability | 8.1.5 |
| medium | BIT-mattermost-2023-1776 | Mattermost vulnerable to cross-site scripting (XSS) | 7.1.6 |
| medium | CVE-2023-4107 | Mattermost does not validate requesting user permissions before updating admin details | 7.10.4 |
| high | BIT-mattermost-2023-6458 | Mattermost Injection vulnerability | 9.1.2 |
| high | BIT-mattermost-2023-2515 | Mattermost Incorrect Authorization vulnerability | 7.9.2 |
| medium | CVE-2023-6202 | Mattermost Improper Access Control vulnerability | 7.8.13 |
| medium | BIT-mattermost-2023-1775 | Mattermost vulnerable to information disclosure | 7.1.6 |
| medium | BIT-mattermost-2023-1774 | Mattermost fails to properly authentication inviter's permissions to private channel | 7.1.6 |
| medium | CVE-2023-5195 | Mattermost Incorrect Authorization vulnerability | 7.8.10 |
| medium | CVE-2023-4108 | Mattermost fails to sanitize post metadata | 7.10.4 |
| medium | CVE-2023-40703 | Mattermost Uncontrolled Resource Consumption vulnerability | 7.8.13 |
| low | CVE-2023-4105 | Mattermost fails to correctly delete attachments | 7.8.8 |
| medium | CVE-2025-36530 | Mattermost Fails to Validate File Paths | 8.0.0-20250619095651-9dd0b3943e55 |
| medium | CVE-2025-8402 | Mattermost has Potential Server Crash due to Unvalidated Import Data | 9.11.18 |
... and 119 more
Threat intelligence
1 likely exploited (EPSS ≥ 0.5)
Threat tier per vulnerability derived from CISA KEV catalog + FIRST.org EPSS scores.
Health History
Dependency Tree
License Audit
API access
Get this data programmatically — free, no authentication.
curl https://depscope.dev/api/check/go/github.com/mattermost/mattermost-server/v6Last updated · 2022-06-14T11:04:53Z