Security: thunderbird/appointment
Security
No security policy detected
This project has not set up a SECURITY.md file yet.
Report a vulnerability-
Cross-user calendar IDOR — GET /rmt/cal/{id}/… omits the ownership check its siblings perform, letting any authenticated user read another user's remote calendar eventsGHSA-25g9-pgr8-25cx published
Jun 17, 2026 by SancusModerate
Learn more about advisories related to thunderbird/appointment in the GitHub Advisory Database