If you discover a vulnerability in Coder, please do not hesitate to report it to us by following the instructions here.

From time to time, Coder employees or other community members may discover vulnerabilities in the product.

If a vulnerability requires an immediate upgrade to mitigate a potential security risk, we will add it to the below table.

Click on the description links to view more details about each specific vulnerability.

DescriptionSeverityFixVulnerable Versions
API tokens of deleted users not invalidatedHIGHv0.23.0v0.8.25 - v0.22.2
See an opportunity to improve our docs? Make an edit.