Vaultwarden
Recent Changes
Update vaultwarden to 1.36.0
SSO Login CSRF GHSA-pfp2-jhgq-6hg5 GHSA-w6h6-8r66-hcv7
User/Organization Enumeration GHSA-hxqh-ff5p-wfr3
SSO existing-user binding GHSA-j4j8-gpvj-7fqr GHSA-6x5c-84vm-5j56
SSRF via Icon Endpoint GHSA-72vh-x5jq-m82g
Archiving of items is available https://bitwarden.com/blog/keep-your-vault-tidy-with-item-archiving/ https://bitwarden.com/nl-nl/help/managing-items/#archive
Web Vault updated to v2026.4.1
SSO fallback to UserInfo preferred_username by @Timshel in #7128
Add support for archiving items by @matt-aaron in #6916
Fix favicon fetching to check all icon links instead of just the first one by @Shocker in #6880
fix: return Err instead of panic on unknown cipher atype in to_json() by @mango766 in #7068
Overview
This is the Rust implementation of the Bitwarden backend, not the official server backend, but fully compatible with the Client apps.
Vaultwarden is a self-hosted password manager. It allows you to store and manage your passwords, credit cards, and other private information in a secure way while still allowing you to access it from your browser, phone, or desktop.
Client Apps
The official client apps from bitwarden.com are all supported. In fact the webfrontend, packaged together with this app, is also the official one.
Clients can be downloaded at bitwarden.com
Those apps are a lot of effort to maintain, so please consider supporting the upstream project.
Install Vaultwarden in a few minutes on your server with Cloudron. To install Cloudron first, follow our setup steps.