Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

dani-garcia — Vulnerabilities & Security Advisories 10

Browse all 10 CVE security advisories affecting dani-garcia. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Dani-garcia develops open-source web applications primarily used for self-hosting media servers and content management systems. Historically, their codebase has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, with 10 CVEs documented. Security researchers have identified consistent issues in input validation and access control mechanisms. While no major public security incidents have been widely reported, the recurring nature of certain vulnerability classes suggests ongoing challenges in secure coding practices. The project maintains community-driven development, which may impact response times for addressing security flaws compared to commercially supported alternatives.

Top products by dani-garcia: vaultwarden
CVE IDTitleCVSSSeverityPublished
CVE-2026-33420 Vaultwarden missing authorization check allows Manager-role users to enumerate all collections — vaultwardenCWE-862--2026-05-05
CVE-2026-31835 Vaultwarden WebAuthn credential metadata tampered before signature verification — vaultwardenCWE-345--2026-05-05
CVE-2026-27898 Vaultwarden: Unauthorized Access via Partial Update API on Another User’s Cipher — vaultwardenCWE-639 5.4 Medium2026-03-04
CVE-2026-27803 Vaultwarden: Collection Management Operations Allowed Without `manage` Verification for Manager Role — vaultwardenCWE-269 8.3 High2026-03-04
CVE-2026-27802 Vaultwarden: Privilege Escalation via Bulk Permission Update to Unauthorized Collections by Manager — vaultwardenCWE-269 8.3 High2026-03-04
CVE-2026-27801 Vaultwarden: 2FA Bypass on Protected Actions due to Faulty Rate Limit Enforcement — vaultwardenCWE-307 8.8AIHighAI2026-03-04
CVE-2026-26012 vaultwarden has Full Cipher Enumeration Ignoring Organization Collection Permissions — vaultwardenCWE-863 6.5 Medium2026-02-11
CVE-2025-24365 vaultwarden allows escalation of privilege via variable confusion in OrgHeaders trait — vaultwardenCWE-284 8.1 High2025-01-27
CVE-2025-24364 vaultwarden allows RCE in the admin panel — vaultwardenCWE-74 7.2 High2025-01-27
CVE-2024-56335 Privilege escalation allows organization groups to be updated/deleted if their UUID is known in vaultwarden — vaultwardenCWE-269 7.6 High2024-12-20

This page lists every published CVE security advisory associated with dani-garcia. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.