Please see https://docs.readthedocs.io/page/security.html.
Security: readthedocs/readthedocs.org
Security
SECURITY.md
-
CAS session hijacking on Read the Docs for BusinessGHSA-4mgr-vrh5-hj8q published
May 3, 2023 by stsewdModerate -
Serving content from pull requests previews on main docs domainsGHSA-h4cf-8gv8-4chf published
Feb 28, 2023 by ericholscherModerate -
Cache poisoning: serving arbitrary content on documentation sitesGHSA-mp38-vprc-7hf5 published
Feb 14, 2023 by ericholscherHigh -
Path traversal: access to files from any projectGHSA-5w8m-r7jm-mhp9 published
Feb 1, 2023 by stsewdHigh -
Symlink following: Arbitrary file access from builder serverGHSA-hqwg-gjqw-h5wg published
Jan 12, 2023 by ericholscherModerate -
Cache poisoningGHSA-7fcx-wwr3-99jv published
Jan 16, 2023 by ericholscherModerate -
Symlink following: Arbitrary file access from builder serverGHSA-368m-86q9-m99w published
Dec 8, 2022 by ericholscherHigh -
XSS: Allow serving of arbitrary HTML files from main domainGHSA-98pf-gfh3-x3mp published
Nov 9, 2022 by ericholscherModerate -
CSRF from `readthedocs.io`/`readthedocs-hosted.com` and domains registered in the platformGHSA-3v5m-qmm9-3c6c published
Jun 15, 2021 by ericholscherHigh -
Open Redirect Issue affecting Read the Docs versions 5.12.3 and 5.13.0GHSA-625x-cj64-6j7h published
Apr 6, 2021 by ericholscherLow
Learn more about advisories related to readthedocs/readthedocs.org in the GitHub Advisory Database