By the Year
In 2020 there have been 2 vulnerabilities in GNU Mailman with an average score of 6.3 out of ten. Last year Mailman had 0 security vulnerabilities published. That is, 2 more vulnerabilities have already been reported in 2020 as compared to last year.
It may take a day or so for new Mailman vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.
Latest GNU Mailman Security Vulnerabilities
/options/mailman in GNU Mailman before 2.1.31
6.5 - Medium
- May 06, 2020
/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection.
GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts
6.1 - Medium
- April 24, 2020
Cross-site scripting vulnerability in Mailman 2.1.26 and earlier
5.4 - Medium
- July 26, 2018
Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
An issue was discovered in GNU Mailman before 2.1.28
6.5 - Medium
- July 12, 2018
An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site.
Improper Input Validation