Known Vulnerabilities for products from Chatwoot
Listed below are 11 of the newest known vulnerabilities associated with the vendor "Chatwoot".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-44707 json | Not Provided | 2026-05-26 | 2026-05-26 | |
| CVE-2026-44706 json | Not Provided | 2026-05-26 | 2026-05-26 | |
| CVE-2026-5205 json | Not Provided | 2026-03-31 | 2026-04-03 | |
| CVE-2026-4990 json | Not Provided | 2026-03-27 | 2026-03-31 | |
| CVE-2025-12246 json | A security flaw has been discovered in chatwoot up to 4.7.0. This issue affects some unknown processing of the file app/javas... | Not Provided | 2025-10-27 | 2026-04-29 |
| CVE-2023-2109 json | Cross-site Scripting (XSS) - DOM in GitHub repository chatwoot/chatwoot prior to 2.14.0. | 6.1 - MEDIUM | 2023-04-17 | 2023-04-21 |
| CVE-2022-3741 json | Impact varies for each individual vulnerability in the application. For generation of accounts, it may be possible, depending... | 9.8 - CRITICAL | 2022-10-28 | 2022-11-01 |
| CVE-2022-2901 json | Improper Authorization in GitHub repository chatwoot/chatwoot prior to 2.8. | 7.1 - HIGH | 2022-09-06 | 2022-09-13 |
| CVE-2022-1022 json | Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chatwoot prior to 2.5.0. | 5.4 - MEDIUM | 2022-04-21 | 2022-04-28 |
| CVE-2022-1021 json | Insecure Storage of Sensitive Information in GitHub repository chatwoot/chatwoot prior to 2.6.0. | 5.4 - MEDIUM | 2022-08-19 | 2022-08-19 |
| CVE-2022-0542 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.1 - MEDIUM | 2022-08-19 | 2022-08-23 |
| CVE-2022-0527 json | Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chatwoot prior to 2.2.0. | 6.1 - MEDIUM | 2022-02-09 | 2022-02-11 |
| CVE-2022-0526 json | Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chatwoot prior to 2.2.0. | 6.1 - MEDIUM | 2022-02-09 | 2022-02-11 |
| CVE-2021-3813 json | Improper Privilege Management in GitHub repository chatwoot/chatwoot prior to v2.2. | 6.5 - MEDIUM | 2022-02-09 | 2022-10-27 |
| CVE-2021-3649 json | chatwoot is vulnerable to Inefficient Regular Expression Complexity | 7.5 - HIGH | 2021-07-16 | 2022-07-29 |