Browse all 8 CVE security advisories affecting tauri-apps. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Tauri-apps develops a framework for building lightweight, cross-platform desktop applications using web technologies. Historically, the project has faced vulnerabilities including remote code execution through unsafe deserialization, cross-site scripting in webview components, and privilege escalation via improper input validation. Security characteristics include Rust-based backend code and sandboxed webviews, though the project has experienced incidents where insufficient input sanitization led to arbitrary code execution in specific versions. The eight recorded CVEs primarily stem from improper handling of external inputs and webview security boundaries, emphasizing the need for careful implementation of its hybrid architecture.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-31477 | Improper Scope Validation in the open Endpoint of tauri-plugin-shell — plugins-workspaceCWE-20 | 9.8AI | CriticalAI | 2025-04-02 |
| CVE-2024-35222 | iFrames Bypass Origin Checks for Tauri API Access Control — tauriCWE-284 | 5.9 | Medium | 2024-05-23 |
| CVE-2023-46115 | Updater Private Keys Possibly Leaked via Vite Environment Variables in tauri-cli — tauriCWE-200 | 8.4 | High | 2023-10-19 |
| CVE-2023-34460 | Tauri vulnerable to Regression on Filesystem Scope Checks for Dotfiles — tauriCWE-285 | 4.8 | Medium | 2023-06-23 |
| CVE-2023-31134 | Tauri Open Redirect Vulnerability Possibly Exposes IPC to External Sites — tauriCWE-601 | 4.8 | Medium | 2023-05-09 |
| CVE-2022-46171 | Tauri vulnerable to path traversal — tauriCWE-22 | 6.8 | Medium | 2022-12-23 |
| CVE-2022-41874 | Tauri Filesystem Scope can be Partially Bypassed — tauriCWE-668 | 2.6 | Low | 2022-11-10 |
| CVE-2022-39215 | The readDir Endpoint Scope can be Bypassed With Symbolic Links in Tauri — tauriCWE-22 | 8.3 | High | 2022-09-15 |
This page lists every published CVE security advisory associated with tauri-apps. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.