Browse all 5 CVE security advisories affecting bookwyrm-social. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Bookwyrm-social is a decentralized social networking platform focused on book lovers, allowing users to share reading lists and reviews. Historically, it has been vulnerable to classes including remote code execution, cross-site scripting, and privilege escalation, with five CVEs documented. Notable security characteristics include its federated architecture, which distributes risk but introduces complex attack surfaces. While no major public incidents have been reported, the platform's open-source nature and frequent updates suggest active vulnerability management. The platform's reliance on third-party libraries and custom code creates potential for both known and zero-day exploits, requiring continuous security monitoring and patching to maintain user trust and data integrity.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2022-35953 | URL Redirection to Untrusted Site ('Open Redirect') in bookwyrm — bookwyrmCWE-601 | 7.1 | High | 2022-08-12 |
| CVE-2022-2651 | Authentication Bypass by Primary Weakness in bookwyrm-social/bookwyrm — bookwyrm-social/bookwyrmCWE-305 | 9.8 | - | 2022-08-04 |
| CVE-2022-35925 | Missing rate limit in Authentication in bookwyrm — bookwyrmCWE-287 | 5.3 | Medium | 2022-08-02 |
| CVE-2022-31136 | Cross-site Scripting in BookWyrm — bookwyrmCWE-79 | 6.3 | Medium | 2022-07-07 |
| CVE-2022-23644 | Server-side request forgery in BookWyrm — bookwyrmCWE-918 | 8.8 | High | 2022-02-16 |
This page lists every published CVE security advisory associated with bookwyrm-social. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.