Zulip Zulip
32 CVEs affecting Zulip Zulip. Latest disclosed: 2026-05-12. Critical: 0, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-43799 | High | 8.6 | 2022-01-25 | Zulip is an open-source team collaboration tool. Zulip Server installs RabbitMQ for internal message passing. In versions of Zulip Server prior to 4.9, the ini… |
CVE-2025-31478 | High | 8.2 | 2025-04-16 | Zulip is an open-source team collaboration tool. Zulip supports a configuration where account creation is limited solely by being able to authenticate with a s… |
CVE-2023-33186 | High | 8.2 | 2023-05-30 | Zulip is an open-source team collaboration tool with unique topic-based threading that combines the best of email and chat to make remote work productive and d… |
CVE-2022-21706 | High | 7.2 | 2022-02-25 | Zulip is an open-source team collaboration tool with topic-based threading. Zulip Server version 2.0.0 and above are vulnerable to insufficient access control… |
CVE-2026-25741 | High | 7.1 | 2026-02-26 | Zulip is an open-source team collaboration tool. Prior to commit bf28c82dc9b1f630fa8e9106358771b20a0040f7, the API endpoint for creating a card update session… |
CVE-2025-52559 | Medium | 6.8 | 2025-07-02 | Zulip is an open-source team chat application. From versions 2.0.0-rc1 to before 10.4 in Zulip Server, the /digest/ URL of a server shows a preview of what the… |
CVE-2026-40300 | Medium | 6.5 | 2026-05-12 | Zulip is an open-source team collaboration tool. Prior to 12.0, With message_edit_history_visibility_policy set to "moves", /api/v1/messages/{id}/history still… |
CVE-2024-27286 | Medium | 6.5 | 2024-03-20 | Zulip is an open-source team collaboration tool. When a user moves a Zulip message, they have the option to move all messages in the topic, move only subsequen… |
CVE-2023-32678 | Medium | 6.5 | 2023-08-25 | Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Users who used to be subscribed to a private stream an… |
CVE-2023-28623 | Medium | 6.5 | 2023-05-19 | Zulip is an open-source team collaboration tool with unique topic-based threading. In the event that 1: `ZulipLDAPAuthBackend` and an external authentication b… |
CVE-2021-43791 | Medium | 6.5 | 2021-12-02 | Zulip is an open source group chat application that combines real-time chat with threaded conversations. In affected versions expiration dates on the confirmat… |
CVE-2026-26058 | Medium | 6.1 | 2026-04-03 | Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, ./manage.py import reads arbitrary files from the server filesystem… |
CVE-2022-31168 | Medium | 5.4 | 2022-07-22 | Zulip is an open source team chat tool. Due to an incorrect authorization check in Zulip Server 5.4 and earlier, a member of an organization could craft an API… |
CVE-2022-24751 | Medium | 5.4 | 2022-03-16 | Zulip is an open source group chat application. Starting with version 4.0 and prior to version 4.11, Zulip is vulnerable to a race condition during account dea… |
CVE-2026-25742 | Medium | 5.3 | 2026-04-03 | Zulip is an open-source team collaboration tool. Prior to version 11.6, Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 1… |
CVE-2022-31134 | Medium | 4.9 | 2022-07-12 | Zulip is an open-source team collaboration tool. Zulip Server versions 2.1.0 above have a user interface tool, accessible only to server owners and server admi… |
CVE-2022-23656 | Medium | 4.6 | 2022-03-02 | Zulip is an open source team chat app. The `main` development branch of Zulip Server from June 2021 and later is vulnerable to a cross-site scripting vulnerabi… |
CVE-2023-22735 | Medium | 4.4 | 2023-02-07 | Zulip is an open-source team collaboration tool. In versions of zulip prior to commit `2f6c5a8` but after commit `04cf68b` users could upload files with arbitr… |
CVE-2025-25195 | Medium | 4.3 | 2025-02-13 | Zulip is an open source team chat application. A weekly cron job (added in 50256f48314250978f521ef439cafa704e056539) demotes channels to being "inactive" after… |
CVE-2024-21630 | Medium | 4.3 | 2024-01-25 | Zulip is an open-source team collaboration tool. A vulnerability in version 8.0 is similar to CVE-2023-32677, but applies to multi-use invitations, not single-… |