Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

TandoorRecipes — Vulnerabilities & Security Advisories 16

Browse all 16 CVE security advisories affecting TandoorRecipes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

TandoorRecipes is a self-hosted recipe management platform designed for organizing culinary content. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, contributing to its 16 recorded CVEs. The application's security posture has been compromised through insufficient input validation and improper access controls, with several critical flaws allowing attackers to execute arbitrary code or gain elevated privileges. While no major public incidents have been widely documented, the consistent discovery of severe vulnerabilities in its codebase indicates ongoing security challenges that require diligent patch management and secure coding practices to mitigate potential exploitation risks.

Top products by TandoorRecipes: recipes
CVE IDTitleCVSSSeverityPublished
CVE-2026-27460 Tandoor Recipes Affected by Denial of Service via Recipe Import — recipesCWE-409 6.5 Medium2026-04-10
CVE-2026-35489 Tandoor Recipes — `amount`/`unit` bypass serializer in `food/{id}/shopping/` — recipesCWE-639 7.3 High2026-04-07
CVE-2026-35488 Tandoor Recipes — CustomIsShared permits DELETE/PUT on RecipeBook by shared (read-only) users — recipesCWE-749 8.1 High2026-04-07
CVE-2026-35046 Tandoor has a Stored CSS Injection via <style> Tag in Recipe Instructions (API-Level) — recipesCWE-79 5.4 Medium2026-04-06
CVE-2026-35045 Tandoor Recipes Affected by Private Recipe Exposure and Unauthorized Modification — recipesCWE-639 8.1 High2026-04-06
CVE-2026-33152 Tandoor Recipes Vulnerable to Unrestricted Brute-Force via BasicAuthentication — recipesCWE-307 9.1 Critical2026-03-26
CVE-2026-33153 Tandoor Recipes's Unauthenticated Debug Parameter Leaks Full Raw SQL Queries Including Schema, Table Names, and Access Control Logic — recipesCWE-89 6.5 -2026-03-26
CVE-2026-33148 URL Parameter Injection in FDC Food Search API Causes Server Crash and Exposes Internal API Key — recipesCWE-74 6.5 Medium2026-03-26
CVE-2026-29055 Tandoor Recipes: WebP and GIF Image Uploads Bypass EXIF/Metadata Stripping, Leaking GPS Coordinates and PII — recipesCWE-1230 5.3 Medium2026-03-26
CVE-2026-28503 Tandoor Recipes has Cross-Space IDOR in SyncViewSet.query_synced_folder: missing space scoping on get_object_or_404 — recipesCWE-639 6.5 -2026-03-26
CVE-2026-33149 Tandoor Recipes Vulnerable to Host Header Injection — recipesCWE-644 8.1 High2026-03-26
CVE-2026-25991 Tandoor Recipes affected by Blind SSRF with Internal Network Access via Recipe Import — recipesCWE-918 7.7 High2026-02-13
CVE-2026-25964 Tandoor Recipes Affected by Authenticated Local File Disclosure (LFD) via Recipe Import leads to Arbitrary File Read — recipesCWE-22 4.9 Medium2026-02-13
CVE-2025-23213 Tandoor Recipes - Stored XSS through Unrestricted File Upload — recipesCWE-434 8.7 High2025-01-28
CVE-2025-23212 Tandoor Recipes - Local file disclosure - Users can read the content of any file on the server — recipesCWE-200 7.7 High2025-01-28
CVE-2025-23211 Tandoor Recipes - SSTI - Remote Code Execution — recipesCWE-1336 10.0 Critical2025-01-28

This page lists every published CVE security advisory associated with TandoorRecipes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.