Browse all 3 CVE security advisories affecting monkeytypegame. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Monkeytypegame is a browser-based typing test application that helps users improve typing speed and accuracy. Historically, it has been vulnerable to cross-site scripting (XSS) and remote code execution (RCE) due to improper input validation and insecure handling of user-generated content. The application's open-source nature and frequent updates have led to several security disclosures, with three CVEs recorded to date. While no major security incidents have been widely reported, the presence of multiple CVEs indicates ongoing security challenges. The platform's reliance on client-side processing and user interaction creates potential attack vectors, necessitating continued focus on input sanitization and secure coding practices to maintain user safety.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-66563 | Monkeytype vulnerable to stored XSS in approve quotes page — monkeytypeCWE-79 | 6.1AI | MediumAI | 2025-12-04 |
| CVE-2025-59838 | Monkeytype Vulnerable to Self-XSS on loading saved custom text — monkeytypeCWE-79 | 6.1AI | MediumAI | 2025-09-25 |
| CVE-2024-41127 | Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its `ci-failure-comment.yml` GitHub Workflow, enabling attackers to gain `pull-requests` write access. — monkeytypeCWE-74 | 8.4 | High | 2024-08-02 |
This page lists every published CVE security advisory associated with monkeytypegame. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.