VYPR

Pocketbase

by Pocketbase

Source repositories

CVEs (2)

  • CVE-2026-44166HigMay 12, 2026
    risk 0.42cvss 7.6epss 0.00

    Pocketbase is an open source web backend written in go. Prior to 0.22.42 and 0.37.4, in some situations, if an attacker knows the email address of the victim they can create and link an unverified PocketBase user in advance by authenticating with one of the OAuth2 app providers,…

  • CVE-2024-38351MedJun 18, 2024
    risk 0.28cvss 5.4epss 0.00

    Pocketbase is an open source web backend written in go. In affected versions a malicious user may be able to compromise other user accounts. In order to be exploited users must have both OAuth2 and Password auth methods enabled. A possible attack scenario could be: 1. a…