agora-project CVE Vulnerabilities & Metrics

Focus on agora-project vulnerabilities and metrics.

Last updated: 15 Feb 2026, 23:25 UTC

About agora-project Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with agora-project. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total agora-project CVEs: 8
Earliest CVE date: 09 Mar 2017, 09:59 UTC
Latest CVE date: 15 Jan 2026, 16:16 UTC

Latest CVE reference: CVE-2025-67079

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 4

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): -100.0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): -100.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical agora-project CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 2.15

Max CVSS: 4.3

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	4
4.0-6.9	4
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS agora-project CVEs

These are the five CVEs with the highest CVSS scores for agora-project, sorted by severity first and recency.

CVE-2017-6562 agora-project Published on 09 Mar 2017, 09:59 UTC (CVSS: 4.3)
XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=file&targetObjId=fileFolder-2&targetObjIdChild=[XSS] attack.
CVE-2017-6561 agora-project Published on 09 Mar 2017, 09:59 UTC (CVSS: 4.3)
XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=object&action=[XSS] attack.
CVE-2017-6560 agora-project Published on 09 Mar 2017, 09:59 UTC (CVSS: 4.3)
XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=misc&action=[XSS]&editObjId=[XSS] attack.
CVE-2017-6559 agora-project Published on 09 Mar 2017, 09:59 UTC (CVSS: 4.3)
XSS in Agora-Project 3.2.2 exists with an index.php?disconnect=1&msgNotif[]=[XSS] attack.
CVE-2025-67079 agora-project Published on 15 Jan 2026, 16:16 UTC (CVSS: 0)
File upload vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute code through the MSL engine of the Imagick library via crafted PDF file to the file upload and thumbnail functions.

All CVEs for agora-project

CVE-2025-67079 agora-project vulnerability CVSS: 0 15 Jan 2026, 16:16 UTC

File upload vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute code through the MSL engine of the Imagick library via crafted PDF file to the file upload and thumbnail functions.

CVE-2025-67078 agora-project vulnerability CVSS: 0 15 Jan 2026, 16:16 UTC

Cross site scripting (XSS) vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute arbitrary code via the notify parameter of the file controller used to display errors.

CVE-2025-67077 agora-project vulnerability CVSS: 0 15 Jan 2026, 16:16 UTC

File upload vulnerability in Omnispace Agora Project before 25.10 allowing authenticated, or under certain conditions also guest users, via the UploadTmpFile action.

CVE-2025-67076 agora-project vulnerability CVSS: 0 15 Jan 2026, 16:16 UTC

Directory traversal vulnerability in Omnispace Agora Project before 25.10 allowing unauthenticated attackers to read files on the system via the misc controller and the ExternalGetFile action. Only files with an extension can be read.

CVE-2017-6562 agora-project vulnerability CVSS: 4.3 09 Mar 2017, 09:59 UTC

XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=file&targetObjId=fileFolder-2&targetObjIdChild=[XSS] attack.

CVE-2017-6561 agora-project vulnerability CVSS: 4.3 09 Mar 2017, 09:59 UTC

XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=object&action=[XSS] attack.

CVE-2017-6560 agora-project vulnerability CVSS: 4.3 09 Mar 2017, 09:59 UTC

XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=misc&action=[XSS]&editObjId=[XSS] attack.

CVE-2017-6559 agora-project vulnerability CVSS: 4.3 09 Mar 2017, 09:59 UTC

XSS in Agora-Project 3.2.2 exists with an index.php?disconnect=1&msgNotif[]=[XSS] attack.