-
-
Notifications
You must be signed in to change notification settings - Fork 2.3k
Security: pterodactyl/panel
Security Navigation
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Unauthenticated Arbitrary Remote Code ExecutionGHSA-24wv-6c99-f843 published
Jun 19, 2025 by matthewpiCritical -
Plain-text logging of user passwords when two-factor authentication is disabledGHSA-c479-wq8g-57hr published
Oct 24, 2024 by matthewpiModerate -
Multiple XSS vulnerabilities in the admin areaGHSA-384w-wffr-x63q published
May 3, 2024 by matthewpiModerate -
Insufficient Session Expiration in Pterodactyl APIGHSA-7v3x-h7r2-34jv published
Jan 20, 2022 by DaneEverittModerate -
Cross-Site Request Forgery allowing sending of test emails and generation of node auto-deployment keysGHSA-wwgq-9jhf-qgw6 published
Nov 17, 2021 by DaneEverittModerate -
CSRF allowing an external page to trigger a user logout eventGHSA-m49f-hcxp-6hm6 published
Oct 23, 2021 by DaneEverittLow -
Authentication bypass due to improper user-provided security token verificationGHSA-5vfx-8w6m-h3v4 published
Oct 2, 2021 by DaneEverittHigh -
Authenticated user can perform actions against servers they do not have access toGHSA-g8gw-6j32-8w7g published
Jan 20, 2021 by DaneEverittCritical -
XSS vulnerability when listing users on add & modify server pages.GHSA-5822-pw57-vv37 published
Oct 3, 2020 by DaneEverittHigh -
Non-administrative users can list basic details about all servers on the Panel using Client APIGHSA-6888-7f3w-92jx published
Jul 26, 2020 by DaneEverittModerate