CVE security advisories and vulnerability history for deck by nextcloud.
17
Total CVEs
Published
0
In CISA KEV
Exploited in the wild
3
Public exploits
With known exploit
4.9
Avg CVSS
2020–2025
Last updated
Overview
nextcloud deck has 17 published CVE records since 2020, of which 0 are in CISA's Known Exploited Vulnerabilities catalog and 3 have a known public exploit. The average CVSS base score across scored CVEs is 4.9.
This page aggregates every publicly disclosed vulnerability (CVE) affecting nextcloud deck, with a severity breakdown, the affected and patched versions, the most common weakness types, and the full CVE list.
Severity and exploitation
How the CVSS severity of nextcloud deck's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.
Critical0
High1
Medium5
Low4
7 additional CVEs have no CVSS severity score.
In CISA’s Known Exploited Vulnerabilities catalog
0
None of nextcloud deck's CVEs are currently listed in CISA's KEV catalog.
Public exploits
3
3 of nextcloud deck's CVEs have a known public exploit available.
Affected versions and CVEs
Browse every nextcloud deck version named in a CVE, then pick one to see only the CVEs that affect it.
Common questions about nextcloud deck vulnerabilities.
How many CVEs does nextcloud deck have?
nextcloud deck has 17 published CVE records since 2020.
How many nextcloud deck CVEs are in CISA KEV?
None of nextcloud deck's CVEs are currently listed in CISA's Known Exploited Vulnerabilities catalog.
Are there public exploits for nextcloud deck vulnerabilities?
Yes — 3 of nextcloud deck's CVEs have a known public exploit.
Which versions of nextcloud deck are affected?
242 distinct nextcloud deck versions are named across its CVEs. Use the version filter above to see the CVEs affecting a specific version.
What are the most common weakness types in nextcloud deck CVEs?
nextcloud deck's CVEs most often map to these CWE weakness types: CWE-639 (Authorization Bypass Through User-Controlled Key), CWE-284 (Improper Access Control), CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor).
What is the average severity of nextcloud deck CVEs?
The average CVSS base score across nextcloud deck's scored CVEs is 4.9.
