OfflineIMAP/offlineimap

Releases149

Frequency1 month 1 week

Last Release almost 5 years ago

Stars1.86K

Read/sync your IMAP mailboxes (python2) [LEGACY: move to offlineimap3]

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-37248 ↗	Jun 8, 2026Monday, 8 June 2026, 16:16	6.5 MEDIUM	—
OfflineIMAP before 8.0.3 trusts the server with their STARTTLS capability prior to authentication, which allows STRIPTLS/man-in-the-middle attacks, taking over the connection and extracting account credentials in cleartext.