Browse all 4 CVE security advisories affecting viewvc. AI-powered Chinese analysis, POCs, and references for each vulnerability.
ViewVC is a web-based interface for browsing version control repositories, primarily used for code review and access to historical project data. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, as evidenced by its four recorded CVEs. The application's exposure of sensitive repository information and its handling of user input have frequently created attack vectors. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities in web interfaces and file access functionality has made it a recurring concern for organizations deploying it without proper hardening or timely updates.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-54141 | ViewVC's standalone server exposes arbitrary server filesystem content — viewvcCWE-22 | 7.5 | High | 2025-07-22 |
| CVE-2023-22464 | ViewVC XSS vulnerability in revision view changed path "copyfrom" locations — viewvcCWE-80 | 5.4 | Medium | 2023-01-04 |
| CVE-2023-22456 | ViewVC XSS vulnerability in revision view changed paths — viewvcCWE-79 | 6.1 | Medium | 2023-01-03 |
| CVE-2020-5283 | XSS vulnerability in CVS show_subdir_lastmod support — viewvcCWE-80 | 3.1 | Low | 2020-04-03 |
This page lists every published CVE security advisory associated with viewvc. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.