Zulip
Products
2- 51 CVEs
- 35 CVEs
Recent CVEs
67| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-0910 | Hig | 0.57 | 8.8 | 0.01 | Nov 27, 2017 | In Zulip Server before 1.7.1, on a server with multiple realms, a vulnerability in the invitation system lets an authorized user of one realm on the server create a user account on any other realm. | ||
| CVE-2026-25741 | Hig | 0.46 | 7.1 | 0.00 | Feb 26, 2026 | Zulip is an open-source team collaboration tool. Prior to commit bf28c82dc9b1f630fa8e9106358771b20a0040f7, the API endpoint for creating a card update session during an upgrade flow was accessible to users with only organization member privileges. When the associated Stripe… | ||
| CVE-2017-0896 | Med | 0.42 | 6.5 | 0.01 | Jun 2, 2017 | Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization even if the organization was configured… | ||
| CVE-2018-9990 | Med | 0.40 | 6.1 | 0.01 | Apr 18, 2018 | In Zulip Server versions before 1.7.2, there was an XSS issue with stream names in topic typeahead. | ||
| CVE-2018-9987 | Med | 0.40 | 6.1 | 0.01 | Apr 18, 2018 | In Zulip Server versions 1.5.x, 1.6.x, and 1.7.x before 1.7.2, there was an XSS issue with muting notifications. | ||
| CVE-2018-9986 | Med | 0.40 | 6.1 | 0.01 | Apr 18, 2018 | In Zulip Server versions before 1.7.2, there were XSS issues with the frontend markdown processor. | ||
| CVE-2026-40300 | Med | 0.35 | 6.5 | 0.00 | May 12, 2026 | Zulip is an open-source team collaboration tool. Prior to 12.0, With message_edit_history_visibility_policy set to "moves", /api/v1/messages/{id}/history still returns historical content values, allowing low-privilege users to recover text that was edited away from other users'… | ||
| CVE-2018-9999 | Med | 0.35 | 5.4 | 0.01 | Apr 18, 2018 | In Zulip Server versions before 1.7.2, there was an XSS issue with user uploads and the (default) LOCAL_UPLOADS_DIR storage backend. | ||
| CVE-2026-26058 | Med | 0.33 | 6.1 | 0.00 | Apr 3, 2026 | Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, ./manage.py import reads arbitrary files from the server filesystem via path traversal in uploads/records.json. A crafted export tarball causes the server to copy any file the zulip user… | ||
| CVE-2017-0881 | Med | 0.28 | 4.3 | 0.01 | Mar 28, 2017 | An error in the implementation of an autosubscribe feature in the check_stream_exists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to… | ||
| CVE-2026-25742 | Med | 0.27 | 5.3 | 0.00 | Apr 3, 2026 | Zulip is an open-source team collaboration tool. Prior to version 11.6, Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, even after spectator access (enable_spectator_access / WEB_PUBLIC_STREAMS_ENABLED) is disabled, attachments… | ||
| CVE-2025-25195 | Med | 0.21 | 4.3 | 0.00 | Feb 13, 2025 | Zulip is an open source team chat application. A weekly cron job (added in 50256f48314250978f521ef439cafa704e056539) demotes channels to being "inactive" after they have not received traffic for 180 days. However, upon doing so, an event was sent to all users in the… | ||
| CVE-2026-24050 | 0.00 | — | 0.00 | Feb 6, 2026 | Zulip is an open-source team collaboration tool. From 5.0 to before 11.5, some administrative actions on the user profile were susceptible to stored XSS in group names or channel names. Exploiting these vulnerabilities required the user explicitly interacting with the… | |||
| CVE-2025-52559 | 0.00 | — | 0.00 | Jul 2, 2025 | Zulip is an open-source team chat application. From versions 2.0.0-rc1 to before 10.4 in Zulip Server, the /digest/ URL of a server shows a preview of what the email weekly digest would contain. This URL, though not the digest itself, contains a cross-site scripting (XSS)… | |||
| CVE-2025-47930 | 0.00 | — | 0.00 | May 15, 2025 | Zulip is an open-source team chat application. Starting in version 10.0 and prior to version 10.3, the "Who can create public channels" access control mechanism can be circumvented by creating a private or web-public channel, and then changing the channel privacy to public. A… | |||
| CVE-2025-31478 | 0.00 | — | 0.00 | Apr 16, 2025 | Zulip is an open-source team collaboration tool. Zulip supports a configuration where account creation is limited solely by being able to authenticate with a single-sign on authentication backend, meaning the organization places no restrictions on email address domains or… | |||
| CVE-2025-30369 | 0.00 | — | 0.00 | Mar 31, 2025 | Zulip is an open-source team collaboration tool. The API for deleting an organization custom profile field is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefore, an… | |||
| CVE-2025-30368 | 0.00 | — | 0.00 | Mar 31, 2025 | Zulip is an open-source team collaboration tool. The API for deleting an organization export is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefore, an administrator of… | |||
| CVE-2025-27149 | 0.00 | — | 0.00 | Mar 31, 2025 | Zulip server provides an open-source team chat that helps teams stay productive and focused. Prior to 10.0, the data export to organization administrators feature in Zulip leaks private data. The collection of user-agent types identifying specific integrations or HTTP libraries… | |||
| CVE-2024-56136 | 0.00 | — | 0.01 | Jan 16, 2025 | Zulip server provides an open-source team chat that helps teams stay productive and focused. Zulip Server 7.0 and above are vulnerable to an information disclose attack, where, if a Zulip server is hosting multiple organizations, an unauthenticated user can make a request and… |
- risk 0.57cvss 8.8epss 0.01
In Zulip Server before 1.7.1, on a server with multiple realms, a vulnerability in the invitation system lets an authorized user of one realm on the server create a user account on any other realm.
- risk 0.46cvss 7.1epss 0.00
Zulip is an open-source team collaboration tool. Prior to commit bf28c82dc9b1f630fa8e9106358771b20a0040f7, the API endpoint for creating a card update session during an upgrade flow was accessible to users with only organization member privileges. When the associated Stripe…
- risk 0.42cvss 6.5epss 0.01
Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization even if the organization was configured…
- risk 0.40cvss 6.1epss 0.01
In Zulip Server versions before 1.7.2, there was an XSS issue with stream names in topic typeahead.
- risk 0.40cvss 6.1epss 0.01
In Zulip Server versions 1.5.x, 1.6.x, and 1.7.x before 1.7.2, there was an XSS issue with muting notifications.
- risk 0.40cvss 6.1epss 0.01
In Zulip Server versions before 1.7.2, there were XSS issues with the frontend markdown processor.
- risk 0.35cvss 6.5epss 0.00
Zulip is an open-source team collaboration tool. Prior to 12.0, With message_edit_history_visibility_policy set to "moves", /api/v1/messages/{id}/history still returns historical content values, allowing low-privilege users to recover text that was edited away from other users'…
- risk 0.35cvss 5.4epss 0.01
In Zulip Server versions before 1.7.2, there was an XSS issue with user uploads and the (default) LOCAL_UPLOADS_DIR storage backend.
- risk 0.33cvss 6.1epss 0.00
Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, ./manage.py import reads arbitrary files from the server filesystem via path traversal in uploads/records.json. A crafted export tarball causes the server to copy any file the zulip user…
- risk 0.28cvss 4.3epss 0.01
An error in the implementation of an autosubscribe feature in the check_stream_exists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to…
- risk 0.27cvss 5.3epss 0.00
Zulip is an open-source team collaboration tool. Prior to version 11.6, Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, even after spectator access (enable_spectator_access / WEB_PUBLIC_STREAMS_ENABLED) is disabled, attachments…
- risk 0.21cvss 4.3epss 0.00
Zulip is an open source team chat application. A weekly cron job (added in 50256f48314250978f521ef439cafa704e056539) demotes channels to being "inactive" after they have not received traffic for 180 days. However, upon doing so, an event was sent to all users in the…
- CVE-2026-24050Feb 6, 2026risk 0.00cvss —epss 0.00
Zulip is an open-source team collaboration tool. From 5.0 to before 11.5, some administrative actions on the user profile were susceptible to stored XSS in group names or channel names. Exploiting these vulnerabilities required the user explicitly interacting with the…
- CVE-2025-52559Jul 2, 2025risk 0.00cvss —epss 0.00
Zulip is an open-source team chat application. From versions 2.0.0-rc1 to before 10.4 in Zulip Server, the /digest/ URL of a server shows a preview of what the email weekly digest would contain. This URL, though not the digest itself, contains a cross-site scripting (XSS)…
- CVE-2025-47930May 15, 2025risk 0.00cvss —epss 0.00
Zulip is an open-source team chat application. Starting in version 10.0 and prior to version 10.3, the "Who can create public channels" access control mechanism can be circumvented by creating a private or web-public channel, and then changing the channel privacy to public. A…
- CVE-2025-31478Apr 16, 2025risk 0.00cvss —epss 0.00
Zulip is an open-source team collaboration tool. Zulip supports a configuration where account creation is limited solely by being able to authenticate with a single-sign on authentication backend, meaning the organization places no restrictions on email address domains or…
- CVE-2025-30369Mar 31, 2025risk 0.00cvss —epss 0.00
Zulip is an open-source team collaboration tool. The API for deleting an organization custom profile field is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefore, an…
- CVE-2025-30368Mar 31, 2025risk 0.00cvss —epss 0.00
Zulip is an open-source team collaboration tool. The API for deleting an organization export is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefore, an administrator of…
- CVE-2025-27149Mar 31, 2025risk 0.00cvss —epss 0.00
Zulip server provides an open-source team chat that helps teams stay productive and focused. Prior to 10.0, the data export to organization administrators feature in Zulip leaks private data. The collection of user-agent types identifying specific integrations or HTTP libraries…
- CVE-2024-56136Jan 16, 2025risk 0.00cvss —epss 0.01
Zulip server provides an open-source team chat that helps teams stay productive and focused. Zulip Server 7.0 and above are vulnerable to an information disclose attack, where, if a Zulip server is hosting multiple organizations, an unauthenticated user can make a request and…