Latest version: v0.6.20
| CVE/PVE | Vulnerability ID | Advisory | Affected versions | Severity | Severity Score |
|---|---|---|---|---|---|
| CVE-2020-12627 | 42274 |
Calibre-Web 0.6.7 prevents authentication bypass. Prior versions had … |
|
CRITICAL | 9.8 |
| CVE-2022-2525 | 62623 |
Improper Restriction of Excessive Authentication Attempts in GitHub r… |
|
CRITICAL | 9.8 |
| CVE-2023-2106 | 62874 |
Weak Password Requirements in GitHub repository janeczku/calibre-web … |
|
CRITICAL | 9.8 |
| CVE-2022-0939 | 62588 |
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/cali… |
|
CRITICAL | 9.9 |
| CVE-2022-0990 | 62589 |
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/cali… |
|
CRITICAL | 9.1 |
| CVE-2022-0405 | 62586 |
Improper Access Control in GitHub repository janeczku/calibre-web pri… |
|
MEDIUM | 4.3 |
| CVE-2022-0406 | 62587 |
Improper Authorization in GitHub repository janeczku/calibre-web prio… |
|
MEDIUM | 4.3 |
| CVE-2021-25965 | 62672 |
In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site… |
|
HIGH | 8.8 |
| CVE-2021-25964 | 62667 |
In "Calibre-web" application, v0.6.0 to v0.6.12, are vulnerable to St… |
|
MEDIUM | 5.4 |
| CVE-2022-30765 | 54445 |
Calibre-Web before 0.6.18 allows user table SQL Injection. |
|
CRITICAL | 9.8 |
| CVE-2022-0767 | 54419 |
calibreweb prior to version 0.6.17 is vulnerable to server-side reque… |
|
CRITICAL | 9.9 |
| CVE-2022-0766 | 54414 |
calibreweb prior to version 0.6.17 is vulnerable to server-side reque… |
|
CRITICAL | 9.8 |
| CVE-2022-0273 | 54235 |
calibreweb prior to version 0.6.16 contains an Incorrect Authorizatio… |
|
MEDIUM | 6.5 |
| CVE-2022-0339 | 54237 |
calibreweb prior to version 0.6.16 contains a Server-Side Request For… |
|
CRITICAL | 9.8 |
| CVE-2022-0352 | 54416 |
calibreweb prior to version 0.6.16 contains a cross-site scripting vu… |
|
MEDIUM | 6.1 |
| CVE-2021-4164 | 54147 |
calibre-web is vulnerable to Cross-Site Request Forgery (CSRF) |
|
HIGH | 8.8 |
| CVE-2021-4170 | 54406 |
calibre-web is vulnerable to Improper Neutralization of Input During … |
|
MEDIUM | 5.4 |
| CVE-2021-4171 | 54146 |
calibre-web is vulnerable to Business Logic Errors Affected function… |
|
CRITICAL | 9.8 |