✅ Check your installed version
All known vulnerabilities
HIGH7.5CVE-2021-30185Indico Tampering with links (e.g. password reset) in sent emails from 0, < 2.3.4
HIGH7.5CVE-2021-30185Indico Tampering with links (e.g. password reset) in sent emails from 0, < 2.3.4
MEDIUM6.5CVE-2026-28352Indico has a missing access check in the event series management API from 0, < 3.3.11
MEDIUM6.1CVE-2024-45399Indico has a Cross-Site-Scripting during account creation from 0, < 0bdcf656d469e5f675cb56fd644d82fea3a97c2a | from 0, < 7dcb573837b9fd09d95f74d1baeae225b164cc8f | from 0, < 3.3.4
MEDIUM6.1CVE-2024-45399Indico has a Cross-Site-Scripting during account creation from 0, < 3.3.4
MEDIUM5.4CVE-2026-25739Indico Affected by Cross-Site-Scripting via material uploads from 0, < 3.3.10
MEDIUM5.4CVE-2023-37901Indico vulnerable to Cross-Site-Scripting via confirmation prompts from 0, < 3.2.6
MEDIUM5.4CVE-2023-37901Indico vulnerable to Cross-Site-Scripting via confirmation prompts from 0, < 2ee636d318653fb1ab193803dafbfe3e371d4130 | from 0, < 3.2.6
MEDIUM4.6CVE-2025-59035Indico vulnerable to Cross-Site Scripting via LaTeX math code from 0, < 3.3.8
MEDIUM4.3CVE-2025-59034Indico may disclose unauthorized user details access via legacy API from 0, < 3.3.8
>= 3.2.9, < 3.3.3
—CVE-2026-33046Indico discloses local files resulting in Remote Code Execution through LaTeX injection from 0, < 3.3.12
—CVE-2026-25738Indico has Server-Side Request Forgery (SSRF) in multiple places from 0, < 3.3.10
—CVE-2025-53640Indico vulnerability allows attackers to bulk dump user details >= 2.2, < 3.3.7