Please see https://docs.readthedocs.io/page/security.html.
Security: readthedocs/readthedocs.org
Security
SECURITY.md
-
Cross site scripting in Read the Docs for BusinessGHSA-v4vm-q9fw-x237 published
Oct 29, 2024 by stsewdHigh -
Project linking to any repository when importing a project via API V3GHSA-rmqq-mq6q-8hpg published
Jul 31, 2024 by stsewdModerate -
Cross site scripting on beta dashboardGHSA-8v7c-r4x6-h796 published
Apr 1, 2024 by stsewdHigh -
Open redirect on docs domains when using exact redirects with `/:splat`GHSA-ggh8-mg84-m86h published
Jan 23, 2024 by stsewdLow -
CAS session takeover on projects with pull request previews enabled in Read the Docs for BusinessGHSA-pw32-ffxw-68rh published
Jan 24, 2024 by stsewdModerate -
Cross site scripting in docs domains when including search results from malicious projectsGHSA-qhqx-5j25-rv48 published
Jan 15, 2024 by stsewdModerate -
Cross site scripting in application and docs domainsGHSA-9vh9-cxm2-p2c4 published
Nov 16, 2023 by stsewdHigh -
Creation of integrations for any project from anonymous usersGHSA-45hq-g76r-46wv published
Nov 14, 2023 by stsewdModerate -
Arbitrary write to files from builder serverGHSA-v7x4-rhpg-3p2r published
Aug 8, 2023 by stsewdModerate -
Write access to projects via API V2 (`/api/v2/project/*` endpoints) for any logged-in userGHSA-rqfv-8rrx-prmh published
May 30, 2023 by stsewdHigh
Learn more about advisories related to readthedocs/readthedocs.org in the GitHub Advisory Database