Please report (suspected) security vulnerabilities to security@tolgee.io You will receive a response from us within 48 hours. If the issue is confirmed, we will release a patch as soon as possible depending on complexity but historically within a few days.
Security: tolgee/tolgee-platform
Security
SECURITY.md
-
API keys created by server admin users bypass the permission checkGHSA-pm57-hcm8-38gw published
Apr 18, 2024 by JanCizmarModerate -
Permission scopes not checked correctly when querying key and translation dataGHSA-r95p-fqqv-fppc published
Apr 18, 2024 by JanCizmarLow -
HTML Injection with Tolgee email - OrgGHSA-gx3w-rwh5-w5cg published
Sep 7, 2023 by JanCizmarModerate -
Lack of Permission Check for API Key for some endpointsGHSA-4f9j-4vh4-p85v published
Jul 27, 2023 by JanCizmarHigh
Learn more about advisories related to tolgee/tolgee-platform in the GitHub Advisory Database