Nextcloud Desktop

27 CVEs affecting Nextcloud Desktop. Latest disclosed: 2025-12-05. Critical: 1, High: 4.

Top CVEs affecting Nextcloud Desktop
CVESeverityScorePublishedSummary
CVE-2024-46958Critical9.12024-09-16In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server and client) may become world writable or world readable. Thi…
CVE-2021-22879High8.82021-04-14Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote…
CVE-2020-8224High7.82020-08-10A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory.
CVE-2020-8225High7.52020-09-18A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials.
CVE-2021-37617High7.32021-08-18The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. The Nextcloud Desktop Client invokes its uninstaller script…
CVE-2023-28999Medium6.92023-04-04Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS…
CVE-2020-8227Medium6.82020-08-21Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedica…
CVE-2023-28998Medium6.72023-04-04The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server a…
CVE-2023-28997Medium6.72023-04-04The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server a…
CVE-2020-8140Medium6.72020-03-20A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the envi…
CVE-2022-41882Medium6.62022-11-11The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received a malicious file sha…
CVE-2021-32728Medium6.52021-08-18The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. Clients using the Nextcloud end-to-end encryption feature do…
CVE-2021-22895Medium5.92021-06-11Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register wit…
CVE-2020-8230Medium5.52020-08-17A memory corruption vulnerability exists in NextCloud Desktop Client v2.6.4 where missing ASLR and DEP protections in for windows allowed to corrupt memory.
CVE-2020-8229Medium5.52020-08-10A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system.
CVE-2023-29000Medium5.42023-04-04The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.7.0, by trusting that the…
CVE-2023-23942Medium5.42023-02-06The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml…
CVE-2020-8189Medium5.42020-08-21A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the log…
CVE-2023-22472Medium5.32023-01-09Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. It is possible to make a user…
CVE-2025-47792Medium5.02025-05-16Nextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications already installed on a user m…