Security: manyfold3d/manyfold
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Authenticated Path Traversal via File RenameGHSA-j5f9-r7wf-hv37 published
May 13, 2026 by FloppyHigh -
IDOR in ModelFilesController: Missing auth check on model allows files to be bulk edited and converted without permissionGHSA-v8pw-3r2f-3fqm published
Feb 26, 2026 by FloppyModerate -
OS command injection via ZIP filename in f3d renderGHSA-p589-cf26-v7h2 published
Feb 25, 2026 by FloppyHigh -
Session hijack via cookie leakage in proxy cachesGHSA-g949-hmvj-2r76 published
Feb 25, 2026 by FloppyModerate -
UpdateMetadataFromLinkJob logs credentialsGHSA-g66v-62f6-3h68 published
Sep 18, 2025 by FloppyLow -
Moderators can elevate their own permissionsGHSA-m876-qf99-3wvp published
Jun 18, 2025 by FloppyModerate