Overview · pterodactyl/wings · GitHub

Security

No security policy detected

This project has not set up a SECURITY.md file yet.

Report a vulnerability

Maliciously or erroneously created parsed config files can cause wings process to OOM
GHSA-q6hh-gp44-4hcm published Jun 15, 2026 by WilliamVenner

Moderate
Maliciously crafted packet during SFTP connection handshake causes denial of service
GHSA-ghrq-5wpp-hxx5 published Jun 15, 2026 by WilliamVenner

High
Wings exposes node configuration secrets through egg configuration-file templating
GHSA-pfvc-3p5h-x7h6 published Jun 12, 2026 by anthonyphysgun

Critical
Chmod operation can be used to change permissions of files outside of the server container
GHSA-rhq6-9rgh-v45c published May 23, 2026 by DaneEveritt

Moderate
Endless reprocessing/reupload of activity log data due to SQLite max parameters limit not being considered
GHSA-2497-gp99-2m74 published Jan 19, 2026 by anthonyphysgun

High
Arbitrary File Write/Read
GHSA-gqmf-jqgv-v8fw published May 3, 2024 by matthewpi

High
Server-side Request Forgery during remote file pull
GHSA-qq22-jj8x-4wwv published May 3, 2024 by matthewpi

Moderate
Symlink Race in Server Filesystem
GHSA-494h-9924-xww9 published Mar 13, 2024 by matthewpi

Critical
Escape to host from installation container
GHSA-p744-4q6p-hvc2 published May 10, 2023 by matthewpi

Critical
Improper Link Resolution allowing the deletion of files and directories on the host system
GHSA-66p8-j459-rq63 published Feb 8, 2023 by matthewpi

Critical

Learn more about advisories related to pterodactyl/wings in the GitHub Advisory Database