Browse all 4 CVE security advisories affecting mealie-recipes. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Mealie-recipes is a self-hosted recipe management application designed for organizing and sharing culinary content. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, as evidenced by its four recorded CVEs. The application's web interface and API endpoints have been primary attack vectors, often stemming from improper input validation and insufficient access controls. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities in a relatively small codebase suggests ongoing security challenges that require careful deployment and regular updates to mitigate potential exploitation risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-31994 | Mealie vulnerable to a DoS in recipe image importer (GHSL-2023-228) — mealieCWE-400 | 6.5 | Medium | 2024-04-19 |
| CVE-2024-31993 | Mealie vulnerable to a GET-based SSRF in recipe image importer (GHSL-2023-227) — mealieCWE-918 | 6.2 | Medium | 2024-04-19 |
| CVE-2024-31992 | Mealie contains a DoS vulnerability in recipe importer — mealieCWE-400 | 6.5 | Medium | 2024-04-19 |
| CVE-2024-31991 | Mealie vulnerable to a GET-based SSRF in recipe importer (GHSL-2023-225) — mealieCWE-918 | 4.1 | Medium | 2024-04-19 |
This page lists every published CVE security advisory associated with mealie-recipes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.