getgophish CVE Vulnerabilities & Metrics

Focus on getgophish vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About getgophish Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with getgophish. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total getgophish CVEs: 12
Earliest CVE date: 09 Sep 2019, 13:15 UTC
Latest CVE date: 06 Mar 2024, 11:15 UTC

Latest CVE reference: CVE-2024-2211

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -100.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -100.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical getgophish CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 3.13

Max CVSS: 9.3

Critical CVEs (≥9): 1

CVSS Range vs. Count

Range	Count
0.0-3.9	8
4.0-6.9	3
7.0-8.9	0
9.0-10.0	1

CVSS Distribution Chart

Top 5 Highest CVSS getgophish CVEs

These are the five CVEs with the highest CVSS scores for getgophish, sorted by severity first and recency.

CVE-2020-24707 getgophish Published on 28 Oct 2020, 20:15 UTC (CVSS: 9.3)
Gophish before 0.11.0 allows the creation of CSV sheets that contain malicious content.
CVE-2020-24713 getgophish Published on 28 Oct 2020, 20:15 UTC (CVSS: 5.0)
Gophish through 0.10.1 does not invalidate the gophish cookie upon logout.
CVE-2020-24710 getgophish Published on 28 Oct 2020, 20:15 UTC (CVSS: 5.0)
Gophish before 0.11.0 allows SSRF attacks.
CVE-2020-24711 getgophish Published on 28 Oct 2020, 20:15 UTC (CVSS: 4.3)
The Reset button on the Account Settings page in Gophish before 0.11.0 allows attackers to cause a denial of service via a clickjacking attack
CVE-2020-24712 getgophish Published on 28 Oct 2020, 20:15 UTC (CVSS: 3.5)
Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the IMAP Host field on the account settings page.

All CVEs for getgophish

CVE-2024-2211 getgophish vulnerability CVSS: 0 06 Mar 2024, 11:15 UTC

Cross-Site Scripting stored vulnerability in Gophish affecting version 0.12.1. This vulnerability could allow an attacker to store a malicious JavaScript payload in the campaign menu and trigger the payload when the campaign is removed from the menu.

CVE-2022-45004 getgophish vulnerability CVSS: 0 22 Mar 2023, 21:15 UTC

Gophish through 0.12.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted landing page.

CVE-2022-45003 getgophish vulnerability CVSS: 0 22 Mar 2023, 21:15 UTC

Gophish through 0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted payload involving autofocus.

CVE-2022-25295 getgophish vulnerability CVSS: 0 11 Sep 2022, 14:15 UTC

This affects the package github.com/gophish/gophish before 0.12.0. The Open Redirect vulnerability exists in the next query parameter. The application uses url.Parse(r.FormValue("next")) to extract path and eventually redirect user to a relative URL, but if next parameter starts with multiple backslashes like \\\\\\example.com, browser will redirect user to http://example.com.

CVE-2020-24713 getgophish vulnerability CVSS: 5.0 28 Oct 2020, 20:15 UTC

Gophish through 0.10.1 does not invalidate the gophish cookie upon logout.

CVE-2020-24712 getgophish vulnerability CVSS: 3.5 28 Oct 2020, 20:15 UTC

Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the IMAP Host field on the account settings page.

CVE-2020-24711 getgophish vulnerability CVSS: 4.3 28 Oct 2020, 20:15 UTC

The Reset button on the Account Settings page in Gophish before 0.11.0 allows attackers to cause a denial of service via a clickjacking attack

CVE-2020-24710 getgophish vulnerability CVSS: 5.0 28 Oct 2020, 20:15 UTC

Gophish before 0.11.0 allows SSRF attacks.

CVE-2020-24709 getgophish vulnerability CVSS: 3.5 28 Oct 2020, 20:15 UTC

Cross Site Scripting (XSS) vulnerability in Gophish through 0.10.1 via a crafted landing page or email template.

CVE-2020-24708 getgophish vulnerability CVSS: 3.5 28 Oct 2020, 20:15 UTC

Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the Host field on the send profile form.

CVE-2020-24707 getgophish vulnerability CVSS: 9.3 28 Oct 2020, 20:15 UTC

Gophish before 0.11.0 allows the creation of CSV sheets that contain malicious content.

CVE-2019-16146 getgophish vulnerability CVSS: 3.5 09 Sep 2019, 13:15 UTC

Gophish through 0.8.0 allows XSS via a username.