Nextcloud icon Nextcloud HackerOne

Target Policy
https://hackerone.com/nextcloud?type=team
Structured Scope
  • Asset Identifier
    Asset Type
    Max Severity
  • https://conf.nextcloud.com

    This is a legacy system now redirecting to our [eventyay page](https://eventyay.com/e/de88e486/). Please report issues within eventyay directly to [the responsible contacts](https://eventyay.com/imprint/).

    URL
    none
  • https://support.nextcloud.com

    This asset is running Zammad, and as such reports of newly discovered vulnerabilities should be submitted to them: [https://zammad.com/contact](https://zammad.com/contact "https://zammad.com/contact") – Please use this scope only for reporting missing security updates on our Zammad installation.

    Please be extremely careful when testing this server as it is used by our customers as well.

    URL
    critical
  • https://surveyserver.nextcloud.com

    The survey server data processes and stores anonymous statistics about deployed Nextcloud instances. Source code of the server can be found at [https://github.com/nextcloud/survey\_server](https://github.com/nextcloud/survey_server "https://github.com/nextcloud/survey\_server") and source code of the client at [https://github.com/nextcloud/survey\_client](https://github.com/nextcloud/survey_client "https://github.com/nextcloud/survey\_client")

    URL
    critical
  • https://knowledge.nextcloud.com

    Internally used system behind SSO. We'd like to ask you to not actively test against our production SSO server. You can find the used software at [http://www.keycloak.org/](http://www.keycloak.org/ "http://www.keycloak.org/")

    URL
    critical
  • nextcloud/recommendations

    Code from [https://github.com/nextcloud/recommendations](https://github.com/nextcloud/recommendations "https://github.com/nextcloud/recommendations") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • https://sentry.nextcloud.com

    We would ask you to not test against our development environments. If you discover a security issue in Sentry please report this to https://sentry.io/security/ instead.

    URL
    none
  • https://auth.nextcloud.com

    Internally used system behind SSO. We'd like to ask you to not actively test against our production SSO server. You can find the used software at [http://www.keycloak.org/](http://www.keycloak.org/ "http://www.keycloak.org/")

    URL
    critical
  • nextcloud/approval

    Code from [https://github.com/nextcloud/approval](https://github.com/nextcloud/approval) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • https://scan.nextcloud.com/

    Runs the web interface for the software used by the Nextcloud security scanner.

    URL
    critical
  • https://projects.nextcloud.com

    Internally used system behind SSO. We'd like to ask you to not actively test against our production SSO server. You can find the used software at [http://www.keycloak.org/](http://www.keycloak.org/ "http://www.keycloak.org/")

    URL
    critical
  • https://lists.nextcloud.com

    Internally used system behind SSO. We'd like to ask you to not actively test against our production SSO server. You can find the used software at [http://www.keycloak.org/](http://www.keycloak.org/ "http://www.keycloak.org/")

    URL
    critical
  • https://logs.nextcloud.com

    Internally used system behind SSO. We'd like to ask you to not actively test against our production SSO server. You can find the used software at [http://www.keycloak.org/](http://www.keycloak.org/ "http://www.keycloak.org/")

    URL
    critical
  • https://cloud.nextcloud.com

    [https://cloud.nextcloud.com](https://cloud.nextcloud.com "https://cloud.nextcloud.com") is our internal production Nextcloud instance. Please limit testing to your own testing instances.

    URL
    none
  • nextcloud/terms_of_service

    Code from [https://github.com/nextcloud/terms_of_service](https://github.com/nextcloud/terms_of_service) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • https://docs.nextcloud.com

    Static web server serving the generated documentation from [https://github.com/nextcloud/documentation](https://github.com/nextcloud/documentation "https://github.com/nextcloud/documentation")

    URL
    critical
  • https://nextcloud.com

    The nextcloud.com website is running Wordpress and the source code of our theme and adjustments can be found at [https://github.com/nextcloud/nextcloud.com](https://github.com/nextcloud/nextcloud.com "https://github.com/nextcloud/nextcloud.com")

    URL
    critical
  • https://newsletter.nextcloud.com
    URL
    low
  • try.nextcloud.com

    https://try.nextcloud.com is running on dedicated machines. While you can try to find security vulnerabilities in the demo instances there please verify that they are also exploitable in the current Nextcloud source code. Select then the proper component while reporting.

    URL
    none
  • https://download.nextcloud.com

    While updates and downloads are cryptographically signed this is still a core part of Nextcloud. We thus pay out monetary rewards for issues affecting the integrity of the system. (e.g. allowing an attacker replacing arbitrary files on the system)

    URL
    critical
  • https://stats.nextcloud.com

    Internally used system behind SSO. We'd like to ask you to not actively test against our production SSO server. You can find the used software at [http://www.keycloak.org/](http://www.keycloak.org/ "http://www.keycloak.org/")

    URL
    critical
  • https://push-notifications.nextcloud.com

    Backend behind the push notification proxy for our mobile apps. Our push notifications are End-To-End encrypted and thus an attacker would not be able to gain access to the content of push notifications.

    The push notification proxy client can be found at [https://github.com/nextcloud/notifications](https://github.com/nextcloud/notifications "https://github.com/nextcloud/notifications")

    URL
    critical
  • https://portal.nextcloud.com

    Portal with support answers by the Nextcloud support team.

    Please be extremely careful when testing this server as it is used by our customers as well.

    URL
    critical
  • https://static.apps.nextcloud.com

    Part of the Nextcloud app store which source code is available from [https://github.com/nextcloud/appstore](https://github.com/nextcloud/appstore "https://github.com/nextcloud/appstore"). Note that all apps are cryptographically signed by developers and reports thus usually don't qualify for monetary rewards as they don't affect Nextcloud instances.

    URL
    critical
  • https://crm.nextcloud.com

    Internally used system behind SSO. We'd like to ask you to not actively test against our production SSO server. You can find the used software at [http://www.keycloak.org/](http://www.keycloak.org/ "http://www.keycloak.org/")

    URL
    critical
  • nextcloud/groupfolders

    Code from [https://github.com/nextcloud/groupfolders](https://github.com/nextcloud/groupfolders) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • https://demo.nextcloud.com

    [https://demo.nextcloud.com](https://demo.nextcloud.com "https://demo.nextcloud.com") is running on dedicated machines. While you can try to find security vulnerabilities in the demo instances there please verify that they are also exploitable in the current Nextcloud source code. Select then the proper component while reporting.

    URL
    none
  • https://apps.nextcloud.com/

    Part of the Nextcloud app store which source code is available from [https://github.com/nextcloud/appstore](https://github.com/nextcloud/appstore "https://github.com/nextcloud/appstore"). Note that all apps are cryptographically signed by developers and reports thus usually don't qualify for monetary rewards as they don't affect Nextcloud instances.

    URL
    critical
  • https://usercontent.apps.nextcloud.com

    Note that usercontent.apps.nextcloud.com serves potentially untrusted user content and is always setting a Content-Type of attachment. The source code for the software can be found at [https://github.com/nextcloud/usercontent.apps.nextcloud.com](https://github.com/nextcloud/usercontent.apps.nextcloud.com "https://github.com/nextcloud/usercontent.apps.nextcloud.com")

    URL
    critical
  • https://help.nextcloud.com

    This asset is running Discourse, and as such reports of newly discovered vulnerabilities should be submitted to their program instead: [https://hackerone.com/discourse](https://hackerone.com/discourse "https://hackerone.com/discourse") – Please use this scope only for reporting missing security updates on our Discourse installation.

    URL
    critical
  • it.niedermann.owncloud.notes

    Our official Android Notes client from [https://play.google.com/store/apps/details?id=it.niedermann.owncloud.notes](https://play.google.com/store/apps/details?id=it.niedermann.owncloud.notes "https://play.google.com/store/apps/details?id=it.niedermann.owncloud.notes")

    GOOGLE_PLAY_APP_ID
    medium
  • com.nextcloud.talk2

    Our official Android Talk client from [https://play.google.com/store/apps/details?id=com.nextcloud.talk2](https://play.google.com/store/apps/details?id=com.nextcloud.talk2)

    GOOGLE_PLAY_APP_ID
    medium
  • nextcloud/twofactor_webauthn

    Code from [https://github.com/nextcloud/twofactor_webauthn](https://github.com/nextcloud/twofactor_webauthn) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/serverinfo

    Code from [https://github.com/nextcloud/serverinfo](https://github.com/nextcloud/serverinfo "https://github.com/nextcloud/serverinfo") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/twofactor_u2f

    Code from [https://github.com/nextcloud/twofactor_u2f](https://github.com/nextcloud/twofactor_u2f) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • https://drone.nextcloud.com

    Our Drone server contains no sensitive data and we would ask you to not test against our development environments. If you discover a security issue in Drone please report this to [https://github.com/drone/drone](https://github.com/drone/drone "https://github.com/drone/drone") instead.

    URL
    none
  • https://lookup.nextcloud.com

    The Nextcloud lookup server source code can be found at [https://github.com/nextcloud/lookup-server/](https://github.com/nextcloud/lookup-server/ "https://github.com/nextcloud/lookup-server/")

    URL
    critical
  • https://updates.nextcloud.com

    This domain serves updates to Nextcloud server and the Nextcloud desktop client.

    - Client updater server:[https://github.com/nextcloud/client\_updater\_server](https://github.com/nextcloud/client_updater_server "https://github.com/nextcloud/client\_updater\_server")
    - Server updater server: [https://github.com/nextcloud/updater\_server](https://github.com/nextcloud/updater_server "https://github.com/nextcloud/updater\_server")

    While updates are cryptographically signed this is still a core part of Nextcloud. We thus pay out monetary rewards for issues affecting the integrity of the system. (e.g. allowing an attacker to announce malicious updates)

    URL
    critical
  • daita/files_fulltextsearch_tesseract

    Code from [https://github.com/daita/files_fulltextsearch_tesseract](https://github.com/daita/files_fulltextsearch_tesseract) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • https://pushfeed.nextcloud.com

    pushfeed.nextcloud.com is used to push cryptographically signed announcements to administrators of all Nextcloud instances. The source code for the generation of said announcement feeds can be found at [https://github.com/nextcloud/announcer](https://github.com/nextcloud/announcer "https://github.com/nextcloud/announcer") and the client at [https://github.com/nextcloud/nextcloud\_announcements](https://github.com/nextcloud/nextcloud_announcements "https://github.com/nextcloud/nextcloud\_announcements")

    URL
    low
  • nextcloud/password_policy

    Code from [https://github.com/nextcloud/password\_policy](https://github.com/nextcloud/password_policy "https://github.com/nextcloud/password\_policy") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • https://customerupdates.nextcloud.com

    This domain serves updates to Nextcloud server and the Nextcloud desktop client.

    - Client updater server:[https://github.com/nextcloud/client\_updater\_server](https://github.com/nextcloud/client_updater_server "https://github.com/nextcloud/client\_updater\_server")
    - Server updater server: [https://github.com/nextcloud/updater\_server](https://github.com/nextcloud/updater_server "https://github.com/nextcloud/updater\_server")

    While updates are cryptographically signed this is still a core part of Nextcloud. We thus pay out monetary rewards for issues affecting the integrity of the system. (e.g. allowing an attacker to announce malicious updates)

    URL
    critical
  • nextcloud/deck

    Code from [https://github.com/nextcloud/deck](https://github.com/nextcloud/deck "https://github.com/nextcloud/deck") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • Desktop Client

    Issues affecting the Desktop Client available from [https://nextcloud.com/install/#install-clients](https://nextcloud.com/install/#install-clients "https://nextcloud.com/install/#install-clients")

    DOWNLOADABLE_EXECUTABLES
    critical
  • nextcloud/mail

    Code from [https://github.com/nextcloud/mail](https://github.com/nextcloud/mail "https://github.com/nextcloud/mail") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/external

    Code from [https://github.com/nextcloud/external](https://github.com/nextcloud/external) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/fulltextsearch_elasticsearch

    Code from [https://github.com/nextcloud/fulltextsearch_elasticsearch](https://github.com/nextcloud/fulltextsearch_elasticsearch) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/notify_push

    Code from [https://github.com/nextcloud/notify_push](https://github.com/nextcloud/notify_push) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • https://github.com/nextcloud/collectives

    Code from [https://github.com/nextcloud/collectives](https://github.com/nextcloud/collectives) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/files_automatedtagging

    Code from [https://github.com/nextcloud/files\_automatedtagging](https://github.com/nextcloud/files_automatedtagging "https://github.com/nextcloud/files\_automatedtagging") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/photos

    Code from [https://github.com/nextcloud/photos](https://github.com/nextcloud/photos "https://github.com/nextcloud/photos") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/logreader

    Code from [https://github.com/nextcloud/logreader](https://github.com/nextcloud/logreader "https://github.com/nextcloud/logreader") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/fulltextsearch

    Code from [https://github.com/nextcloud/fulltextsearch](https://github.com/nextcloud/fulltextsearch) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/flow_notifications

    Code from [https://github.com/nextcloud/flow_notifications](https://github.com/nextcloud/flow_notifications) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/workflow_script

    Code from [https://github.com/nextcloud/workflow_script](https://github.com/nextcloud/workflow_script) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/files_retention

    Code from [https://github.com/nextcloud/files\_retention](https://github.com/nextcloud/files_retention "https://github.com/nextcloud/files\_retention") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/richdocuments

    Code from [https://github.com/nextcloud/richdocuments](https://github.com/nextcloud/richdocuments) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    **Note:** We only issue monetary awards for issue in our own code base. For any bugs within Collabora Online, please contact [Collabora](https://www.collaboraoffice.com/about-us/).

    SOURCE_CODE
    critical
  • com.peterandlinda.iOCNotes

    Our official iOS Nextcloud Notes client from [https://itunes.apple.com/app/id813973264](https://itunes.apple.com/app/id813973264)

    APPLE_STORE_APP_ID
    critical
  • nextcloud/onlyoffice

    Code from [https://github.com/ONLYOFFICE/onlyoffice-nextcloud](https://github.com/ONLYOFFICE/onlyoffice-nextcloud) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    **Note:** We only issue monetary awards for issue in our own code base. For any bugs within ONLYOFFICE, please contact [ONLYOFFICE](https://www.onlyoffice.com/support-contact-form.aspx).

    SOURCE_CODE
    critical
  • nextcloud/calendar_resource_management

    Code from [https://github.com/nextcloud/calendar_resource_management](https://github.com/nextcloud/calendar_resource_management) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/suspicious_login

    Code from [https://github.com/nextcloud/suspicious_login](https://github.com/nextcloud/suspicious_login) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/files_accesscontrol

    Code from [https://github.com/nextcloud/files\_accesscontrol](https://github.com/nextcloud/files_accesscontrol "https://github.com/nextcloud/files\_accesscontrol") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/files_pdfviewer

    Code from [https://github.com/nextcloud/files\_pdfviewer](https://github.com/nextcloud/files_pdfviewer "https://github.com/nextcloud/files\_pdfviewer") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/bruteforcesettings

    Code from [https://github.com/nextcloud/bruteforcesettings](https://github.com/nextcloud/bruteforcesettings) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/user_migration

    Code from [https://github.com/nextcloud/user_migration](https://github.com/nextcloud/user_migration) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/end_to_end_encryption

    Code from [https://github.com/nextcloud/end_to_end_encryption](https://github.com/nextcloud/end_to_end_encryption "https://github.com/nextcloud/end_to_end_encryption") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/updater

    Code from [https://github.com/nextcloud/updater](https://github.com/nextcloud/updater "https://github.com/nextcloud/updater") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/user_oidc

    Code from [https://github.com/nextcloud/user_oidc](https://github.com/nextcloud/user_oidc) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/survey_client

    Code from [https://github.com/nextcloud/survey\_client](https://github.com/nextcloud/survey_client "https://github.com/nextcloud/survey\_client") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/user_saml

    Code from [https://github.com/nextcloud/user\_saml](https://github.com/nextcloud/user_saml "https://github.com/nextcloud/user\_saml") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/notes

    Code from [https://github.com/nextcloud/notes](https://github.com/nextcloud/notes "https://github.com/nextcloud/notes") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/related_resources

    Code from [https://github.com/nextcloud/related_resources](https://github.com/nextcloud/related_resources) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/nextcloud_announcements

    Code from [https://github.com/nextcloud/nextcloud\_announcements](https://github.com/nextcloud/nextcloud_announcements "https://github.com/nextcloud/nextcloud\_announcements") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/files_rightclick

    Code from [https://github.com/nextcloud/files_rightclick](https://github.com/nextcloud/files_rightclick "https://github.com/nextcloud/files_rightclick") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/viewer

    Code from [https://github.com/nextcloud/viewer](https://github.com/nextcloud/viewer "https://github.com/nextcloud/viewer") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/files_texteditor

    Code from [https://github.com/nextcloud/files\_texteditor](https://github.com/nextcloud/files_texteditor "https://github.com/nextcloud/files\_texteditor") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/firstrunwizard

    Code from [https://github.com/nextcloud/firstrunwizard](https://github.com/nextcloud/firstrunwizard "https://github.com/nextcloud/firstrunwizard") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/notifications

    Code from [https://github.com/nextcloud/notifications](https://github.com/nextcloud/notifications "https://github.com/nextcloud/notifications") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/data_request

    Code from [https://github.com/nextcloud/data_request](https://github.com/nextcloud/data_request) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/files_fulltextsearch

    Code from [https://github.com/nextcloud/files_fulltextsearch](https://github.com/nextcloud/files_fulltextsearch) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/guests

    Code from [https://github.com/nextcloud/guests](https://github.com/nextcloud/guests) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/sharepoint

    Code from [https://github.com/nextcloud/sharepoint](https://github.com/nextcloud/sharepoint) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/socialsharing

    Code from [https://github.com/nextcloud/socialsharing](https://github.com/nextcloud/socialsharing) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/privacy

    Code from [https://github.com/nextcloud/privacy](https://github.com/nextcloud/privacy "https://github.com/nextcloud/privacy") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • https://github.com/nextcloud/files_confidential

    Code from [https://github.com/nextcloud/files_confidential](https://github.com/nextcloud/files_confidential) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/files_antivirus

    Code from [https://github.com/nextcloud/files_antivirus](https://github.com/nextcloud/files_antivirus) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/3rdparty

    Code from [https://github.com/nextcloud/3rdparty](https://github.com/nextcloud/3rdparty "https://github.com/nextcloud/3rdparty") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/contacts

    Code from [https://github.com/nextcloud/contacts](https://github.com/nextcloud/contacts) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/calendar

    Code from [https://github.com/nextcloud/calendar](https://github.com/nextcloud/calendar) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/globalsiteselector

    Code from [https://github.com/nextcloud/globalsiteselector](https://github.com/nextcloud/globalsiteselector) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/circles

    Code from [https://github.com/nextcloud/circles](https://github.com/nextcloud/circles "https://github.com/nextcloud/circles") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/files_lock

    Code from [https://github.com/nextcloud/files_lock](https://github.com/nextcloud/files_lock) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/activity

    Code from [https://github.com/nextcloud/activity](https://github.com/nextcloud/activity "https://github.com/nextcloud/activity") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/twofactor_totp

    Code from [https://github.com/nextcloud/twofactor_totp](https://github.com/nextcloud/twofactor_totp) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • com.nextcloud.Talk

    Our official iOS Talk client from [https://itunes.apple.com/app/id1296825574](https://itunes.apple.com/app/id1296825574)

    APPLE_STORE_APP_ID
    medium
  • https://github.com/nextcloud/tables

    Code from [https://github.com/nextcloud/tables](https://github.com/nextcloud/tables) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • nextcloud/text

    Code from [https://github.com/nextcloud/text](https://github.com/nextcloud/text "https://github.com/nextcloud/text") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • it.twsweb.Nextcloud

    Our official iOS client from [https://itunes.apple.com/app/nextcloud/id1125420102](https://itunes.apple.com/app/nextcloud/id1125420102 "https://itunes.apple.com/app/nextcloud/id1125420102")

    APPLE_STORE_APP_ID
    medium
  • nextcloud/spreed

    Code from [https://github.com/nextcloud/spreed](https://github.com/nextcloud/spreed) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
  • com.nextcloud.client

    Our official Android client from [https://play.google.com/store/apps/details?id=com.nextcloud.client](https://play.google.com/store/apps/details?id=com.nextcloud.client "https://play.google.com/store/apps/details?id=com.nextcloud.client")

    GOOGLE_PLAY_APP_ID
    medium
  • nextcloud/server

    Code from [https://github.com/nextcloud/server](https://github.com/nextcloud/server "https://github.com/nextcloud/server") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.

    SOURCE_CODE
    critical
Target Scope Domains
  • apps.nextcloud.com
  • auth.nextcloud.com
  • crm.nextcloud.com
  • customerupdates.nextcloud.com
  • docs.nextcloud.com
  • download.nextcloud.com
  • help.nextcloud.com
  • knowledge.nextcloud.com
  • lists.nextcloud.com
  • logs.nextcloud.com
  • lookup.nextcloud.com
  • newsletter.nextcloud.com
  • nextcloud.com
  • portal.nextcloud.com
  • projects.nextcloud.com
  • push-notifications.nextcloud.com
  • pushfeed.nextcloud.com
  • scan.nextcloud.com
  • static.apps.nextcloud.com
  • stats.nextcloud.com
  • support.nextcloud.com
  • surveyserver.nextcloud.com
  • updates.nextcloud.com
  • usercontent.apps.nextcloud.com
Tech Stack
Last Finished Scan:
Scan Name
Fleet
Finished
State
auto-gausubs-2-kxss
allkxss
1 year, 1 month ago
Finished
auto-gausubs-2-kxss
  • Fleet: allkxss
  • Duration: 20.67 Minutes
  • Finished: 1 year, 1 month ago