Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

dani-garcia — Vulnerabilities & Security Advisories 14

Browse all 14 CVE security advisories affecting dani-garcia. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Dani-garcia develops open-source web applications primarily used for self-hosting media servers and content management systems. Historically, their codebase has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, with 10 CVEs documented. Security researchers have identified consistent issues in input validation and access control mechanisms. While no major public security incidents have been widely reported, the recurring nature of certain vulnerability classes suggests ongoing challenges in secure coding practices. The project maintains community-driven development, which may impact response times for addressing security flaws compared to commercially supported alternatives.

Found 14 results / 14Clear Filters
Top products by dani-garcia: vaultwarden
CVE IDTitleCVSSSeverityPublished
CVE-2026-43914 Vaultwarden: Brute-force protection bypass vulnerability — vaultwardenCWE-307 7.3 High2026-05-11
CVE-2026-43913 Vaultwarden: Unconfirmed Owner Can Purge Entire Organization Vault — vaultwardenCWE-863 8.1 High2026-05-11
CVE-2026-43912 Vaultwarden: Cross-Org Group Binding Enables Unauthorized Read And Write Access Into Another Organization — vaultwardenCWE-285 8.7 High2026-05-11
CVE-2026-43911 Vaultwarden: Refresh tokens not invalidated on security stamp rotation — vaultwardenCWE-613 6.8 Medium2026-05-11
CVE-2026-33420 Vaultwarden missing authorization check allows Manager-role users to enumerate all collections — vaultwardenCWE-862 6.5 -2026-05-05
CVE-2026-31835 Vaultwarden WebAuthn credential metadata tampered before signature verification — vaultwardenCWE-345 7.5 -2026-05-05
CVE-2026-27898 Vaultwarden: Unauthorized Access via Partial Update API on Another User’s Cipher — vaultwardenCWE-639 5.4 Medium2026-03-04
CVE-2026-27803 Vaultwarden: Collection Management Operations Allowed Without `manage` Verification for Manager Role — vaultwardenCWE-269 8.3 High2026-03-04
CVE-2026-27802 Vaultwarden: Privilege Escalation via Bulk Permission Update to Unauthorized Collections by Manager — vaultwardenCWE-269 8.3 High2026-03-04
CVE-2026-27801 Vaultwarden: 2FA Bypass on Protected Actions due to Faulty Rate Limit Enforcement — vaultwardenCWE-307 8.8AIHighAI2026-03-04
CVE-2026-26012 vaultwarden has Full Cipher Enumeration Ignoring Organization Collection Permissions — vaultwardenCWE-863 6.5 Medium2026-02-11
CVE-2025-24365 vaultwarden allows escalation of privilege via variable confusion in OrgHeaders trait — vaultwardenCWE-284 8.1 High2025-01-27
CVE-2025-24364 vaultwarden allows RCE in the admin panel — vaultwardenCWE-74 7.2 High2025-01-27
CVE-2024-56335 Privilege escalation allows organization groups to be updated/deleted if their UUID is known in vaultwarden — vaultwardenCWE-269 7.6 High2024-12-20

This page lists every published CVE security advisory associated with dani-garcia. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.