Browse all 3 CVE security advisories affecting beancount. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Beancount serves as a plain-text double-entry accounting system for tracking personal and business finances. Historically, its vulnerabilities have included remote code execution flaws in parsing functions and cross-site scripting issues in web interfaces. Privilege escalation vulnerabilities have also been documented in certain configurations. The project maintains a minimal attack surface due to its command-line nature, though web frontends introduce additional risks. While no major security incidents have been widely reported, the three CVEs highlight potential risks in input validation and access control implementations. Users should apply patches promptly, especially when exposing accounting systems to network access.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2022-2589 | Cross-site Scripting (XSS) - Reflected in beancount/fava — beancount/favaCWE-79 | 6.1 | - | 2022-08-01 |
| CVE-2022-2523 | Cross-site Scripting (XSS) - Reflected in beancount/fava — beancount/favaCWE-79 | 6.1 | - | 2022-07-25 |
| CVE-2022-2514 | Cross-site Scripting (XSS) - Reflected in beancount/fava — beancount/favaCWE-79 | 6.1 | - | 2022-07-25 |
This page lists every published CVE security advisory associated with beancount. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.