pkg:PyPI/copyparty

All known vulnerabilities

• HIGH7.5CVE-2025-54796copyparty allows Regex Denial of Service (ReDoS) in the upload listing
  from 0, < 1.18.9
• HIGH7.5CVE-2023-37474copyparty vulnerable to path traversal attack
  from 0, < 1.8.2
• HIGH7.5CVE-2023-37474copyparty vulnerable to path traversal attack
  from 0, < 043e3c7dd683113e2b1c15cacb9c8e68f76513ff | from 0, < 1.8.2
• MEDIUM6.5Copyparty ftp/sftp: Sharing a single file did not fully restrict source-folder access
  from 0, < 1.20.12
• MEDIUM6.5Copyparty ftp/sftp: Sharing a single file did not fully restrict source-folder access
  from 0, < 1.20.12
• MEDIUM6.3copyparty Reflected XSS via Filter Parameter
  from 0, < 1.18.7
• MEDIUM6.3copyparty vulnerable to reflected cross-site scripting via k304 parameter
  from 0, < 1.8.7
• MEDIUM6.3copyparty vulnerable to reflected cross-site scripting via k304 parameter
  from 0, < 007d948cb982daa05bc6619cd20ee55b7e834c38 | from 0, < 1.8.7
• MEDIUM5.4Copyparty vulnerable to reflected XSS via setck parameter
  from 0, < 1.20.9
• MEDIUM5.4copyparty has DOM-Based XSS vulnerability when displaying multimedia metadata
  from 0, < 1.18.5
• MEDIUM4.6copyparty: volflag `nohtml` did not block javascript in svg files
  from 0, < 1.20.11
• LOW3.7Copyparty has unexpected JavaScript execution via crafted URL to folder with `.prologue.html`
  from 0, < 1.20.12
• LOW3.7Copyparty has unexpected JavaScript execution via crafted URL to folder with `.prologue.html`
  from 0, < 1.20.12
• LOW3.6copyparty renders unsanitized filenames as HTML when user uploads empty files
  from 0, < 1.16.15
• —copyparty: Sharing a single file does not fully restrict access to other files in source folder
  from 0, < 1.19.8