Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Brave — Vulnerabilities & Security Advisories 10

Browse all 10 CVE security advisories affecting Brave. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Brave is a privacy-focused web browser that blocks ads and trackers by default, with its core use case centered on user privacy and security. Historically, Brave has faced vulnerabilities across multiple classes, including remote code execution (RCE), cross-site scripting (XSS), privilege escalation, and sandbox bypasses. The browser has addressed approximately 10 CVEs to date, with notable incidents including a 2020 RCE vulnerability in its update mechanism and a 2021 XSS flaw in its rewards system. Brave maintains a security-focused development approach, though its aggressive blocking features have occasionally introduced compatibility issues and potential bypass vectors.

Top products by Brave: Brave Popup Builder Brave Desktop Browser brave-browser Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content Android Browser Brave Conversion Engine (PRO)
CVE IDTitleCVSSSeverityPublished
CVE-2025-68508 WordPress Brave plugin <= 0.8.3 - Broken Access Control vulnerability — BraveCWE-862 5.3 Medium2025-12-24
CVE-2025-48980 Brave Browser Desktop 安全漏洞 — Desktop Browser 6.1 -2025-10-30
CVE-2025-7710 Brave Conversion Engine (PRO) <= 0.7.7 - Authentication Bypass to Administrator — Brave Conversion Engine (PRO)CWE-288 9.8 Critical2025-08-02
CVE-2025-23086 Brave Browser 输入验证错误漏洞 — Desktop Browser 6.1 -2025-01-21
CVE-2024-37406 Brave 安全漏洞 — Android Browser 5.3AIMediumAI2024-09-18
CVE-2024-43337 WordPress Brave plugin <= 0.7.0 - Cross Site Request Forgery (CSRF) vulnerability — Brave Popup BuilderCWE-352 4.3 Medium2024-08-26
CVE-2024-35655 WordPress Brave – Interactive Content plugin <= 0.6.9 - Cross Site Scripting (XSS) vulnerability — BraveCWE-79 5.9 Medium2024-06-04
CVE-2024-30453 WordPress Brave plugin <= 0.6.5 - Server Side Request Forgery (SSRF) vulnerability — Brave Popup BuilderCWE-918 5.4 Medium2024-03-29
CVE-2023-51534 WordPress Brave Popup Builder Plugin <= 0.6.2 is vulnerable to Cross Site Scripting (XSS) — Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive ContentCWE-79 5.9 Medium2024-02-01
CVE-2021-21323 Regression in DNS leakage from Tor windows — brave-browserCWE-200 4.3 Medium2021-02-23

This page lists every published CVE security advisory associated with Brave. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.