170 CVEs

1 in CISA KEV

owncloud Vulnerabilities

CVE security advisories and vulnerability history for owncloud.

170

Total CVEs

Published

1

In CISA KEV

Exploited in the wild

12

Public exploits

With known exploit

6.5

Avg CVSS

2012–2026

Overview

owncloud has 170 published CVE records since 2012, of which 1 are in CISA's Known Exploited Vulnerabilities catalog and 12 have a known public exploit. The average CVSS base score across scored CVEs is 6.5.

This page aggregates every publicly disclosed vulnerability (CVE) affecting owncloud products, with severity breakdowns, the most-affected products, the most common weakness types, and the latest disclosures.

Severity and exploitation

How the CVSS severity of owncloud's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical2

High2

Medium7

Low2

157 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

1

One of owncloud's CVEs is confirmed exploited in the wild.

Public exploits

12

12 of owncloud's CVEs have a known public exploit available.

Most affected products

The owncloud products with the most published CVEs.

owncloud119 CVEs
owncloud server108 CVEs
core27 CVEs
nextcloud server9 CVEs
owncloud client7 CVEs
server7 CVEs
owncloud desktop client5 CVEs
android5 CVEs

Common weakness types

The CWE weakness categories most often found in owncloud CVEs. Follow any weakness for its full explanation.

CNAs that assign these CVEs

The CVE Numbering Authorities that publish owncloud CVE records.

Disclosure activity by year

How many owncloud CVEs were published each year.

2019

2

2020

3

2021

18

2022

7

2023

5

2024

1

2025

1

2026

1

Latest owncloud CVEs

The most recently disclosed vulnerabilities affecting owncloud.

OwnCloud 8.1.8 - Username Disclosure
CWE-203
Critical · CVSS 9.8
EPSS 0.2%2026-02-12
Medium vulnerability · 2025-11-05
CWE-203
Medium · CVSS 5.3
EPSS 1.0%2025-11-05
Medium vulnerability · 2024-11-22
CWE-276
Medium · CVSS 6.8
EPSS 3.2%2024-11-22
High vulnerability · 2023-11-21
High · CVSS 8.7
EPSS 0.1%2023-11-21
Critical vulnerability · 2023-11-21
Critical · CVSS 9.8
EPSS 89.6%2023-11-21
High vulnerability · 2023-11-21
CISA KEV
CWE-200
High · CVSS 8.7
EPSS 94.3%2023-11-21
Medium vulnerability · 2023-02-13
CWE-89
Medium · CVSS 6.2
EPSS 0.1%2023-02-13
Medium vulnerability · 2023-02-13
CWE-22
Medium · CVSS 5.0
EPSS 0.1%2023-02-13
Medium vulnerability · 2022-11-10
CWE-284
Medium · CVSS 4.2
EPSS 0.2%2022-11-10
Vulnerability vulnerability · 2022-06-09
Unscored
EPSS 0.4%2022-06-09
Vulnerability vulnerability · 2022-04-07
Unscored
EPSS 0.1%2022-04-07
Vulnerability vulnerability · 2022-04-07
Unscored
EPSS 0.1%2022-04-07

Track new owncloud CVEs as they are disclosed and get AI-written analysis and remediation guidance.

Monitor owncloud CVEs

Other vendors

Browse vulnerabilities for other tracked vendors.

curl173 CVEs FreeRDP172 CVEs janobe172 CVEs mitsubishielectric172 CVEs dedecms171 CVEs Packagist:https://packages.drupal.org/8170 CVEs kashipara169 CVEs Esri168 CVEs

Browse all vendors

Frequently asked questions

Common questions about owncloud vulnerabilities.

How many CVEs does owncloud have?

owncloud has 170 published CVE records since 2012, including 2 in the last two years.

How many owncloud CVEs are in CISA KEV?

Yes — 1 of owncloud's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.

Which owncloud products have the most CVEs?

The owncloud products with the most published CVEs are owncloud, owncloud server, core, nextcloud server, owncloud client.

What are the most common weakness types in owncloud CVEs?

owncloud's CVEs most often map to these CWE weakness types: CWE-451 (User Interface (UI) Misrepresentation of Critical Information), CWE-203 (Observable Discrepancy), CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-275.

Are there public exploits for owncloud vulnerabilities?

Yes — 12 of owncloud's CVEs have a known public exploit.

How many critical owncloud vulnerabilities are there?

owncloud has 2 critical and 2 high-severity CVEs.

What is the average severity of owncloud CVEs?

The average CVSS base score across owncloud's scored CVEs is 6.5.

References

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track owncloud vulnerabilities

Monitor new owncloud vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing