CVE security advisories and vulnerability history for server by nextcloud.
175
Total CVEs
Published
0
In CISA KEV
Exploited in the wild
11
Public exploits
With known exploit
5.0
Avg CVSS
2017–2025
Last updated
Overview
nextcloud server has 175 published CVE records since 2017, of which 0 are in CISA's Known Exploited Vulnerabilities catalog and 11 have a known public exploit. The average CVSS base score across scored CVEs is 5.0.
This page aggregates every publicly disclosed vulnerability (CVE) affecting nextcloud server, with a severity breakdown, the affected and patched versions, the most common weakness types, and the full CVE list.
Severity and exploitation
How the CVSS severity of nextcloud server's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.
Critical2
High18
Medium52
Low40
63 additional CVEs have no CVSS severity score.
In CISA’s Known Exploited Vulnerabilities catalog
0
None of nextcloud server's CVEs are currently listed in CISA's KEV catalog.
Public exploits
11
11 of nextcloud server's CVEs have a known public exploit available.
Affected versions and CVEs
Browse every nextcloud server version named in a CVE, then pick one to see only the CVEs that affect it.
Common questions about nextcloud server vulnerabilities.
How many CVEs does nextcloud server have?
nextcloud server has 175 published CVE records since 2017.
How many nextcloud server CVEs are in CISA KEV?
None of nextcloud server's CVEs are currently listed in CISA's Known Exploited Vulnerabilities catalog.
Are there public exploits for nextcloud server vulnerabilities?
Yes — 11 of nextcloud server's CVEs have a known public exploit.
Which versions of nextcloud server are affected?
1,041 distinct nextcloud server versions are named across its CVEs. Use the version filter above to see the CVEs affecting a specific version.
What are the most common weakness types in nextcloud server CVEs?
nextcloud server's CVEs most often map to these CWE weakness types: CWE-284 (Improper Access Control), CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-287 (Improper Authentication), CWE-307 (Improper Restriction of Excessive Authentication Attempts).
How many critical nextcloud server vulnerabilities are there?
nextcloud server has 2 critical and 18 high-severity CVEs.
What is the average severity of nextcloud server CVEs?
The average CVSS base score across nextcloud server's scored CVEs is 5.0.
