Security

Report a vulnerability

SECURITY.md

Security policy

Supported versions

Version	Supported
v1.x	✅

Reporting a vulnerability

We first appreciate and are very thankful that you've found a vulnerability issue in 1Panel! By disclosing such issue to 1Panel development team you are helping 1Panel to become a much more safer project than before! ;)

To protect the existing users of 1Panel, we kindly ask you to not disclose the vulnerability to anyone except the 1Panel development team before a fix has been rolled out. Send an email to [email protected] instead.

1Panel panel frontend SQL injection to website functionality RCE vulnerability
GHSA-7m53-pwp6-v3f5 published Jul 18, 2024 by wanghe-fit2cloud

Critical
An SQL injection issue related to the orderBy clause.
GHSA-5grx-v727-qmq6 published Jul 18, 2024 by wanghe-fit2cloud

High
Arbitrary file write vulnerability in 1Panel
GHSA-f8ch-w75v-c847 published May 9, 2024 by wanghe-fit2cloud

Moderate
Password validation is suspected to have a timing attack vulnerability.
GHSA-6m9h-2pr2-9j8f published Apr 18, 2024 by wanghe-fit2cloud

Low
1Panel open source panel project has an unauthorized vulnerability.
GHSA-26w3-q4j8-4xjp published Mar 6, 2024 by wanghe-fit2cloud

Moderate
The set-cookie lacks the Secure keyword
GHSA-9xfw-jjq2-7v8h published Feb 5, 2024 by wanghe-fit2cloud

Moderate
An arbitrary file write vulnerability exists in the background
GHSA-hf7j-xj3w-87g4 published Aug 10, 2023 by wanghe-fit2cloud

Critical
1Panel Unauthorized access in Backend
GHSA-85cf-gj29-f555 published Aug 10, 2023 by wanghe-fit2cloud

Moderate
1Panel O&M management panel has a background arbitrary file reading vulnerability
GHSA-pv7q-v9mv-9mh5 published Aug 10, 2023 by wanghe-fit2cloud

Moderate
Command injection in Firewall ip functionality
GHSA-p9xf-74xh-mhw5 published Jul 18, 2023 by wanghe-fit2cloud

High

Learn more about advisories related to 1Panel-dev/1Panel in the GitHub Advisory Database