VYPR

Go modules package

github.com/mattermost/mattermost-plugin-github

pkg:golang/github.com/mattermost/mattermost-plugin-github

Vulnerabilities (1)

  • CVE-2025-13352Dec 17, 2025
    affected < 1.0.1-0.20250829075715-0deffcfc6beefixed 1.0.1-0.20250829075715-0deffcfc6bee

    Mattermost versions 10.11.x <= 10.11.6 and Mattermost GitHub plugin versions <=2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary GitHub objects via crafted notifi