Browse all 9 CVE security advisories affecting onionshare. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Onionshare enables secure file sharing through Tor, allowing users to send files anonymously without tracking. Historically, it has faced vulnerabilities including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation, primarily stemming from improper input validation and insecure session management. The application's Tor integration provides inherent anonymity but has been compromised in past versions through directory traversal flaws and insecure default configurations. While no major public security incidents have been documented, the 9 CVEs on record highlight ongoing challenges in secure development, particularly around web service components and file handling mechanisms.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2022-21694 | OTF-006: Broken Website Hardening Control: The CSP can be turned on or off but not configured for the specific needs of the website — onionshareCWE-732 | 3.7 | Low | 2022-01-18 |
| CVE-2022-21690 | Cross-Site Scripting in Onionshare — onionshareCWE-79 | 8.7 | High | 2022-01-18 |
| CVE-2022-21692 | Improper Access Control in Onionshare — onionshareCWE-287 | 4.3 | Medium | 2022-01-18 |
| CVE-2022-21689 | Denial of Service in Onionshare — onionshareCWE-400 | 7.5 | High | 2022-01-18 |
| CVE-2022-21693 | Path traversal in Onionshare — onionshareCWE-22 | 6.3 | Medium | 2022-01-18 |
| CVE-2022-21691 | Improper Access Control in Onionshare — onionshareCWE-306 | 4.3 | Medium | 2022-01-18 |
| CVE-2022-21695 | Improper Access Control in Onionshare — onionshareCWE-287 | 4.3 | Medium | 2022-01-18 |
| CVE-2022-21688 | Out-of-bounds Read in Onionshare — onionshareCWE-125 | 7.5 | High | 2022-01-18 |
| CVE-2022-21696 | Username spoofing in OnionShare — onionshareCWE-20 | 4.3 | Medium | 2022-01-18 |
This page lists every published CVE security advisory associated with onionshare. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.