Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Palantir — Vulnerabilities & Security Advisories 47

Browse all 47 CVE security advisories affecting Palantir. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Palantir:com.palantir.foundry:foundry-frontendGothamcom.palantir.comments:commentscom.palantir.acme.gaia:gaiacom.palantir.acme.cerberus:cerberuscom.palantir.magritte:magritte-rest-source-bundlecom.palantir.acme:gotham-fe-bundlecom.palantir.apollo:autopilotcom.palantir.tiles:tilescom.palantir.meta:orbital-simulatorcom.palantir.video:video-application-servercom.palantir.skywise:guardiancom.palantir.gotham:blackbird-witchcraftcom.palantir.srx.prometheus.sls-oracle-sidecar:sls-oracle-sidecarcom.palantir.gotham:external-artifactscom.palantir.artifacts:artifactscom.palantir.secupload:secure-uploadcom.palantir.controlpanel:control-panelcom.palantir.compute:compute-servicecom.palantir.gotham:gluttoncom.palantir.acme:gotham-default-apps-bundlecom.palantir.aries:ariessls-loggingFoundry MultipassAtlasDBFoundry Magritte plugin osisoft-pi-web-connectorFoundry Blobster ServiceFoundry Build2Foundry Code-WorkbooksPalantir Gotham Chat IRC helper
CVE IDTitleCVSSSeverityPublished
CVE-2025-68609 Authentication bypass in Aries due to misconfiguration — com.palantir.aries:ariesCWE-305 6.6 Medium2026-01-22
CVE-2025-62487 Under certain configurations, file artifacts uploaded to the Dossier and Slides apps did not inherit security markings of their parent artifact. This lack of security markings could lead to unintended access to the uploaded files. — com.palantir.acme:gotham-default-apps-bundleCWE-863 3.5 Low2026-01-09
CVE-2023-30971 Gaia unauthenticated endpoints — com.palantir.acme.gaia:gaiaCWE-592 6.8 Medium2025-12-19
CVE-2024-49587 Glutton V1 endpoints missing authentication — com.palantir.gotham:gluttonCWE-305 9.1 Critical2025-12-19
CVE-2025-53710 Network boundaries not respected in certain Foundry namespaces. — com.palantir.compute:compute-serviceCWE-653 7.5 High2025-12-18
CVE-2025-64400 Insufficient permission checks when pre-enrolling users Summary — com.palantir.controlpanel:control-panelCWE-284 4.1 Medium2025-12-18
CVE-2025-53709 Access control issues impacting secure-upload service — com.palantir.secupload:secure-uploadCWE-285 5.4 Medium2025-07-10
CVE-2024-49589 Foundry artifacts denial of service — com.palantir.artifacts:artifactsCWE-770 6.5 Medium2025-02-18
CVE-2024-49581 Access control issue impacting RV backed objects — com.palantir.gotham:external-artifactsCWE-862 6.5 Medium2024-12-02
CVE-2024-49588 Multiple authenticated SQL injections in oracle-sidecar — com.palantir.srx.prometheus.sls-oracle-sidecar:sls-oracle-sidecarCWE-89 6.8 Medium2024-11-21
CVE-2023-30968 Stored XSS in gaia — com.palantir.acme.gaia:gaiaCWE-434 6.8 Medium2024-03-12
CVE-2023-22836 In cases where a multi-tenant stack user is operating Foundry’s Linter service, and the user changes the linter name from the default value, the renamed value may be visible to the rest of the stack’s tenants. — com.palantir.skywise:guardianCWE-862 3.5 Low2024-01-29
CVE-2023-30970 Gotham table and Forward App Path traversal — com.palantir.gotham:blackbird-witchcraftCWE-36 6.5 Medium2024-01-29
CVE-2023-30954 Gotham Video Broken Authentication — com.palantir.video:video-application-serverCWE-285 2.7 Low2023-11-15
CVE-2023-30967 Gotham Orbital Simulator path traversal — com.palantir.meta:orbital-simulatorCWE-22 9.8 Critical2023-10-25
CVE-2023-30969 Palantir Tiles missing authentication on API endpoints — com.palantir.tiles:tilesCWE-284 8.2 High2023-10-25
CVE-2023-30961 Palantir Gotham UI bug that could lead to incorrect data classification — com.palantir.acme:gotham-fe-bundleCWE-710 6.5 Medium2023-09-26
CVE-2023-30959 Stored XSS via javascript URI in Apollo Change Requests comment — com.palantir.apollo:autopilotCWE-84 4.1 Medium2023-09-26
CVE-2023-30962 Stored XSS in cerberus attachments — com.palantir.acme.cerberus:cerberusCWE-434 6.8 Medium2023-09-12
CVE-2023-30952 Foundry Issues reporterPath phishing by parameter injection — com.palantir.foundry:foundry-frontendCWE-20 5.0 Medium2023-08-03
CVE-2023-30950 CVE-2023-30950 — com.palantir.campaigns:campaignsCWE-290 6.5 Medium2023-08-03
CVE-2023-30958 DOM XSS in Developer mode dashboard via redirect GET parameter — com.palantir.foundry:foundry-frontendCWE-83 4.7 Medium2023-08-03
CVE-2023-30951 CVE-2023-30951 — com.palantir.magritte:magritte-rest-source-bundleCWE-611 6.3 Medium2023-08-03
CVE-2023-30949 CVE-2023-30949 — com.palantir.slate:slateCWE-1173 4.3 Medium2023-07-26
CVE-2023-30956 IDOR in Foundry Comments allows retrieval of attachments — com.palantir.comments:commentsCWE-639 5.3 Medium2023-07-10
CVE-2023-30960 Insecure Direct Object Reference (IDOR) in Foundry job-tracker — com.palantir.foundry.jobtracker:job-trackerCWE-639 4.3 Medium2023-07-10
CVE-2023-30963 Stored XSS in Foundry Slate Query Dropdown menu — com.palantir.foundry:foundry-frontendCWE-82 5.4 Medium2023-07-10
CVE-2023-22835 Denial of Service in Foundry Issues — com.palantir.foundry:foundry-frontendCWE-20 7.7 High2023-07-10
CVE-2023-30946 Issues notification metadata lacks authorization — com.palantir.issues:issuesCWE-420 3.5 Low2023-06-29
CVE-2023-30955 Foundry workspace-server Developer Mode Authorization Bypass — com.palantir.workspace:workspaceCWE-602 4.3 Medium2023-06-29

This page lists every published CVE security advisory associated with Palantir. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.