Browse all 6 CVE security advisories affecting PrivateBin. AI-powered Chinese analysis, POCs, and references for each vulnerability.
PrivateBin serves as a minimalistic, open-source online pastebin focused on secure, encrypted text sharing with no user tracking. Historically, it has been susceptible to cross-site scripting (XSS) and remote code execution (RCE) vulnerabilities, often stemming from improper input sanitization and insecure default configurations. While no major public security incidents have been widely documented, the six CVEs on record highlight recurring issues in handling user-supplied data and session management. The platform's core security relies on client-side encryption and zero-knowledge architecture, though proper deployment and hardening remain critical to mitigate risks associated with its lightweight design.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-64714 | PrivateBin's template-switching feature allows arbitrary local file inclusion through path traversal — PrivateBinCWE-23 | 5.8 | Medium | 2025-11-13 |
| CVE-2025-64711 | PrivateBin vulnerable to malicious filename use for self-XSS / HTML injection locally for users — PrivateBinCWE-79 | 3.9 | Low | 2025-11-13 |
| CVE-2025-62796 | PrivateBin persistent HTML injection in attachment filename enables redirect and defacement — PrivateBinCWE-79 | 5.8 | Medium | 2025-10-28 |
| CVE-2024-39899 | PrivateBin allows shortening of URLs for other domains — PrivateBinCWE-305 | 5.3 | Medium | 2024-07-09 |
| CVE-2022-24833 | Persistent Cross-site Scripting (XSS) vulnerability in PrivateBin — PrivateBinCWE-79 | 8.2 | High | 2022-04-11 |
| CVE-2020-5223 | Persistent XSS vulnerability in filename of attached file in PrivateBin — PrivateBinCWE-79 | 6.1 | Medium | 2020-01-23 |
This page lists every published CVE security advisory associated with PrivateBin. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.