palantir Cyber Security Vulnerability Stats and Metrics

Unauthenticated Access Vulnerability in Palantir's Aries Service

CVE-2025-68609

PalantirCom.palantir.aries:aries6.6MEDIUM

Unauthorized Access Control Flaw in Palantir Dossier App

CVE-2025-62487

PalantirCom.palantir.acme:goth...3.5LOW

Unauthenticated Endpoint Exposure in Gotham Gaia Application by Palantir

CVE-2023-30971

PalantirCom.palantir.acme.gaia...6.8MEDIUM

Exposed Service Endpoints in Gotham Stacks Affecting Glutton V1 by Palantir

CVE-2024-49587

PalantirCom.palantir.gotham:gl...9.1CRITICAL

Access Control Bypass in Foundry Container Service by Palantir Technologies

CVE-2025-53710

PalantirCom.palantir.compute:c...7.5HIGH

API Misconfiguration in Control Panel Affects Enrollment Systems by Palantir

CVE-2025-64400

PalantirCom.palantir.controlpa...4.1MEDIUM

Authorization Flaw in Secure-upload Service from Apollo

CVE-2025-53709

PalantirCom.palantir.secupload...5.4MEDIUM

Unauthorized Access to Restricted Data in Palantir Foundry

CVE-2024-49589

PalantirCom.palantir.artifacts...6.5MEDIUM

Bug in OSV1 Could Allow Unauthorized Access to Restricted Objects

CVE-2024-49581

PalantirCom.palantir.gotham:ex...6.5MEDIUM

Gotham Gaia Services Vulnerable to Stored XSS

CVE-2023-30968

PalantirCom.palantir.acme.gaia...6.8MEDIUM

In cases where a multi-tenant stack user is operating Foundry’s Linter service, and the user changes the linter name from the default value, the renamed value may be visible to the rest of the stack’s tenants.

CVE-2023-22836

PalantirCom.palantir.skywise:g...3.5LOW

Gotham table and Forward App Path traversal

CVE-2023-30970

PalantirCom.palantir.gotham:bl...6.5MEDIUM

Gotham Video Broken Authentication

CVE-2023-30954

PalantirCom.palantir.video:vid...2.7LOW

Gotham Orbital Simulator path traversal

CVE-2023-30967

PalantirCom.palantir.meta:orbi...9.8CRITICAL

Palantir Tiles missing authentication on API endpoints

CVE-2023-30969

PalantirCom.palantir.tiles:tiles8.2HIGH

Stored XSS via javascript URI in Apollo Change Requests comment

CVE-2023-30959

PalantirCom.palantir.apollo:au...4.1MEDIUM

Palantir Gotham UI bug that could lead to incorrect data classification

CVE-2023-30961

PalantirCom.palantir.acme:goth...6.5MEDIUM

Stored XSS in cerberus attachments

CVE-2023-30962

Palantircom.palantir.acme.cerb...5.4MEDIUM

CVE-2023-30950

PalantirCom.palantir.campaigns...6.5MEDIUM

CVE-2023-30951

PalantirCom.palantir.magritte:...6.3MEDIUM

Foundry Issues reporterPath phishing by parameter injection

CVE-2023-30952

PalantirCom.palantir.foundry:f...5MEDIUM

DOM XSS in Developer mode dashboard via redirect GET parameter

CVE-2023-30958

PalantirCom.palantir.foundry:f...4.7MEDIUM

CVE-2023-30949

PalantirCom.palantir.slate:slate4.3MEDIUM

IDOR in Foundry Comments allows retrieval of attachments

CVE-2023-30956

PalantirCom.palantir.comments:...5.3MEDIUM

Insecure Direct Object Reference (IDOR) in Foundry job-tracker

CVE-2023-30960

PalantirCom.palantir.foundry.j...4.3MEDIUM

Vulnerability Published:

Sort By:

22 January 2026

Unauthenticated Access Vulnerability in Palantir's Aries Service

9 January 2026

Unauthorized Access Control Flaw in Palantir Dossier App

19 December 2025

Unauthenticated Endpoint Exposure in Gotham Gaia Application by Palantir

Exposed Service Endpoints in Gotham Stacks Affecting Glutton V1 by Palantir

18 December 2025

Access Control Bypass in Foundry Container Service by Palantir Technologies

API Misconfiguration in Control Panel Affects Enrollment Systems by Palantir

10 July 2025

Authorization Flaw in Secure-upload Service from Apollo

18 February 2025

Unauthorized Access to Restricted Data in Palantir Foundry

2 December 2024

Bug in OSV1 Could Allow Unauthorized Access to Restricted Objects

12 March 2024

Gotham Gaia Services Vulnerable to Stored XSS

29 January 2024

In cases where a multi-tenant stack user is operating Foundry’s Linter service, and the user changes the linter name from the default value, the renamed value may be visible to the rest of the stack’s tenants.

Gotham table and Forward App Path traversal

15 November 2023

Gotham Video Broken Authentication

26 October 2023

Gotham Orbital Simulator path traversal

Palantir Tiles missing authentication on API endpoints

27 September 2023

Stored XSS via javascript URI in Apollo Change Requests comment

Palantir Gotham UI bug that could lead to incorrect data classification

12 September 2023

Stored XSS in cerberus attachments

3 August 2023

CVE-2023-30950

CVE-2023-30951

Foundry Issues reporterPath phishing by parameter injection

DOM XSS in Developer mode dashboard via redirect GET parameter

26 July 2023

CVE-2023-30949

10 July 2023

IDOR in Foundry Comments allows retrieval of attachments

Insecure Direct Object Reference (IDOR) in Foundry job-tracker