OfflineIMAP/offlineimap3

Releases152

Frequency1 month 2 weeks

Last Release 5 days ago

Stars626

Read/sync your IMAP mailboxes (python3)

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-37248 ↗	Jun 8, 2026Monday, 8 June 2026, 16:16	6.5 MEDIUM	—
OfflineIMAP before 8.0.3 trusts the server with their STARTTLS capability prior to authentication, which allows STRIPTLS/man-in-the-middle attacks, taking over the connection and extracting account credentials in cleartext.