Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

bigbluebutton — Vulnerabilities & Security Advisories 34

Browse all 34 CVE security advisories affecting bigbluebutton. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by bigbluebutton:bigbluebuttongreenlightbigbluebutton/bigbluebutton
CVE IDTitleCVSSSeverityPublished
CVE-2026-41127 BigBlueButton's missing authorization allows viewer to inject/overwrite captions — bigbluebuttonCWE-639 6.5 Medium2026-04-21
CVE-2026-41126 BigBlueButton has Open Redirect through bigbluebutton/api/join via get-parameter "logoutURL" — bigbluebuttonCWE-601 4.3 Medium2026-04-21
CVE-2026-27736 BigBlueButton has Open Redirect vulnerability in ApiController — bigbluebuttonCWE-601 6.1 Medium2026-02-25
CVE-2026-27467 BigBlueButton: Audio from participants to the server initially unmuted — bigbluebuttonCWE-200 2.0 Low2026-02-21
CVE-2026-27466 BigBlueButton: Exposed ClamAV port enables Denial of Service — bigbluebuttonCWE-668 7.2 High2026-02-21
CVE-2025-61602 BigBlueButton vulnerable to Chat DoS via invalid reactionEmojiId — bigbluebuttonCWE-703 7.5 High2025-10-09
CVE-2025-61601 BigBlueButton vulnerable to DoS via PollSubmitVote GraphQL mutation — bigbluebuttonCWE-703 7.5 High2025-10-09
CVE-2025-55200 BigBlueButton vulnerable to Stored XSS via name of user at Shared Notes — bigbluebuttonCWE-79 7.1 High2025-10-09
CVE-2024-39302 Some bbb-record-core files installed with wrong file permission — bigbluebuttonCWE-269 3.7 Low2024-06-28
CVE-2024-38518 bbb-web API additional parameters considered — bigbluebuttonCWE-284 4.6 Medium2024-06-28
CVE-2022-36029 BigBlueButton Greenlight Open Redirect vulnerability — greenlightCWE-601 9.1 Critical2024-04-25
CVE-2022-36028 BigBlueButton Greenlight Open Redirect vulnerability — greenlightCWE-601 9.1 Critical2024-04-25
CVE-2023-43798 BigBlueButton Blind SSRF When Uploading Presentation (mitigation bypass) — bigbluebuttonCWE-918 5.6 Medium2023-10-30
CVE-2023-43797 BigBlueButton Stored Cross-site Scripting vulnerability at Guest Lobby — bigbluebuttonCWE-79 6.3 Medium2023-10-30
CVE-2023-42804 BigBlueButton Path Traversal – Reading Certain File Extensions — bigbluebuttonCWE-22 3.1 Low2023-10-30
CVE-2023-42803 BigBlueButton Unrestricted File Upload vulnerability — bigbluebuttonCWE-434 5.3 Medium2023-10-30
CVE-2023-33176 Blind SSRF When Uploading Presentation in BigBlueButton — bigbluebuttonCWE-918 4.8 Medium2023-06-26
CVE-2022-23488 BigBlueButton vulnerable to Insertion of Sensitive Information Into Sent Data — bigbluebuttonCWE-201 6.5 Medium2022-12-17
CVE-2022-23490 Improper access control to polling votes — bigbluebuttonCWE-200 4.3 Medium2022-12-16
CVE-2022-41964 BigBlueButton contains Response leaks in anonymous polls — bigbluebuttonCWE-200 5.7 Medium2022-12-16
CVE-2022-41963 BigBlueButton contains Improper Preservation of Permissions for whiteboard — bigbluebuttonCWE-281 2.7 Low2022-12-16
CVE-2022-41962 BigBlueButton contains Incorrect Authorization for setting emoji status — bigbluebuttonCWE-863 2.7 Low2022-12-16
CVE-2022-41961 BigBlueButton subject to Ineffective user bans — bigbluebuttonCWE-346 4.3 Medium2022-12-16
CVE-2022-41960 BigBlueButton contains DoS via failed authToken validation — bigbluebuttonCWE-345 4.3 Medium2022-12-15
CVE-2022-31064 Cross site scripting in username that will trigger by sending chat — bigbluebuttonCWE-79 6.5 Medium2022-06-27
CVE-2022-31065 Cross site scripting vulnerability for private chat in bigbluebutton — bigbluebuttonCWE-79 6.5 Medium2022-06-27
CVE-2022-31039 Improper privilege management - Anyone can view room settings in GreenLight — greenlightCWE-269 4.3 Medium2022-06-27
CVE-2022-29235 Limited data exposure for shared external videos in BigBlueButton — bigbluebuttonCWE-200 5.3 Medium2022-06-01
CVE-2022-29236 Improper access control for pencil annotations in BigBlueButton — bigbluebuttonCWE-285 4.3 Medium2022-06-01
CVE-2022-29234 Grace period for lock settings in public/private chats in BigBlueButton — bigbluebuttonCWE-285 4.3 Medium2022-06-01

This page lists every published CVE security advisory associated with bigbluebutton. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.