Please see https://docs.readthedocs.io/page/security.html.
Security: readthedocs/readthedocs.org
Security
SECURITY.md
- 
  Write access to GitHub repositories using deploy key in Read the Docs for BusinessGHSA-jqm9-f79c-8wx6 publishedJul 2, 2025 by stsewdCritical
- 
  Email verification bypassGHSA-h73w-m588-h9r6 publishedJan 23, 2025 by stsewdModerate
- 
  Cross site scripting in new dashboardGHSA-gg7x-cc2v-mcp3 publishedJan 13, 2025 by stsewdHigh
- 
  Cross site scripting in Read the Docs for BusinessGHSA-v4vm-q9fw-x237 publishedOct 29, 2024 by stsewdHigh
- 
  Project linking to any repository when importing a project via API V3GHSA-rmqq-mq6q-8hpg publishedJul 31, 2024 by stsewdModerate
- 
  Cross site scripting on beta dashboardGHSA-8v7c-r4x6-h796 publishedApr 1, 2024 by stsewdHigh
- 
  Open redirect on docs domains when using exact redirects with `/:splat`GHSA-ggh8-mg84-m86h publishedJan 23, 2024 by stsewdLow
- 
  CAS session takeover on projects with pull request previews enabled in Read the Docs for BusinessGHSA-pw32-ffxw-68rh publishedJan 24, 2024 by stsewdModerate
- 
  Cross site scripting in docs domains when including search results from malicious projectsGHSA-qhqx-5j25-rv48 publishedJan 15, 2024 by stsewdModerate
- 
  Cross site scripting in application and docs domainsGHSA-9vh9-cxm2-p2c4 publishedNov 16, 2023 by stsewdHigh
         Learn more about advisories related to readthedocs/readthedocs.org in the GitHub Advisory Database