Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

chartbrew — Vulnerabilities & Security Advisories 14

All 14 CVE vulnerabilities found in chartbrew, with AI-generated Chinese analysis, references, and POCs.

Vendor: chartbrew

CVE IDTitleCVSSSeverityPublished
CVE-2026-40603 Chartbrew: Incorrect Access Control in /api/project/dashboard/:brewName via same-team override CWE-284 6.5 Medium2026-04-30
CVE-2026-40601 Chartbrew: Missing Authorization in /api/chart/:chart_id/query via team-level refresh toggle CWE-862 7.5 High2026-04-30
CVE-2026-40600 Chartbrew: Incorrect Access Control in project share policy routes via unbound policy_id CWE-639 8.1 High2026-04-30
CVE-2026-40595 Chartbrew: Incorrect Access Control in public chart and export routes via missing onReport and SharePolicy checks CWE-284 7.5 High2026-04-30
CVE-2026-35514 Unauthenticated Account Registration via /user/invited Bypasses All Signup Restrictions in Chartbrew CWE-306 6.5 Medium2026-04-30
CVE-2026-40904 Chartbrew: Incorrect Access Control in dataset and dataRequest routes via team-scoped permission checks CWE-284 8.1 High2026-04-30
CVE-2026-32252 Chartbrew Cross-Tenant Template Export and Secret Disclosure in `GET /team/:team_id/template/generate/:project_id` CWE-285 7.7 High2026-04-10
CVE-2026-30232 Chartbrew has SSRF in API Data Connection - No IP Validation on User-Provided URLs CWE-918 8.1 -2026-04-10
CVE-2026-27605 Chartbrew: Stored Cross-Site Scripting (XSS) via File Upload API CWE-434 6.3 Medium2026-03-06
CVE-2026-27603 Chartbrew: Unauthenticated Chart Filter Endpoint: POST /project/:project_id/chart/:chart_id/filter missing verifyToken + checkPermissions CWE-306 5.3 -2026-03-06
CVE-2026-27005 Chartbrew: SQL injection in date-type variable handling (applyMysqlOrPostgresVariables) CWE-89 9.1 -2026-03-06
CVE-2026-25888 Chartbrew: Remote Code Execution (RCE) via Vulnerable API CWE-94 8.8 High2026-03-06
CVE-2026-25887 Chartbrew: Remote Code Execution (RCE) via MongoDB Dataset Query CWE-94 7.2 High2026-03-06
CVE-2026-25877 Chartbrew: Insecure Direct Object Reference (IDOR) in Chart Operations CWE-284 6.5 Medium2026-03-06

All 14 known CVE vulnerabilities affecting chartbrew with full Chinese analysis, references, and POCs where available.