pkg:PyPI/copyparty

所有已知漏洞

• HIGH7.5CVE-2025-54796copyparty allows Regex Denial of Service (ReDoS) in the upload listing
  from 0, < 1.18.9
• HIGH7.5CVE-2023-37474copyparty vulnerable to path traversal attack
  from 0, < 1.8.2
• HIGH7.5CVE-2023-37474copyparty vulnerable to path traversal attack
  from 0, < 043e3c7dd683113e2b1c15cacb9c8e68f76513ff | from 0, < 1.8.2
• MEDIUM6.5CVE-2026-32108Copyparty ftp/sftp: Sharing a single file did not fully restrict source-folder access
  from 0, < 1.20.12
• MEDIUM6.5CVE-2026-32108Copyparty ftp/sftp: Sharing a single file did not fully restrict source-folder access
  from 0, < 1.20.12
• MEDIUM6.3CVE-2025-54589copyparty Reflected XSS via Filter Parameter
  from 0, < 1.18.7
• MEDIUM6.3CVE-2023-38501copyparty vulnerable to reflected cross-site scripting via k304 parameter
  from 0, < 1.8.7
• MEDIUM6.3CVE-2023-38501copyparty vulnerable to reflected cross-site scripting via k304 parameter
  from 0, < 007d948cb982daa05bc6619cd20ee55b7e834c38 | from 0, < 1.8.7
• MEDIUM5.4CVE-2026-27948Copyparty vulnerable to reflected XSS via setck parameter
  from 0, < 1.20.9
• MEDIUM5.4CVE-2025-54423copyparty has DOM-Based XSS vulnerability when displaying multimedia metadata
  from 0, < 1.18.5
• MEDIUM4.6CVE-2026-30974copyparty: volflag `nohtml` did not block javascript in svg files
  from 0, < 1.20.11
• LOW3.7CVE-2026-32109Copyparty has unexpected JavaScript execution via crafted URL to folder with `.prologue.html`
  from 0, < 1.20.12
• LOW3.7CVE-2026-32109Copyparty has unexpected JavaScript execution via crafted URL to folder with `.prologue.html`
  from 0, < 1.20.12
• LOW3.6CVE-2025-27145copyparty renders unsanitized filenames as HTML when user uploads empty files
  from 0, < 1.16.15
• —CVE-2025-58753copyparty: Sharing a single file does not fully restrict access to other files in source folder
  from 0, < 1.19.8