Browse all 8 CVE security advisories affecting wallabag. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Wallabag serves as a self-hosted read-it-later application, allowing users to save and organize web content for offline reading. Historically, the application has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, accounting for its eight recorded CVEs. Notable security characteristics include its open-source nature and regular security updates, though past incidents have demonstrated risks in authentication mechanisms and input validation. The application's architecture, while offering user control over data, has previously exposed endpoints where insufficient sanitization led to XSS vulnerabilities, highlighting the importance of proper deployment and maintenance in mitigating potential exploits.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-0737 | CSRF in wallabag/wallabag — wallabag/wallabagCWE-352 | 6.5AI | MediumAI | 2024-11-15 |
| CVE-2023-4455 | Cross-Site Request Forgery (CSRF) in wallabag/wallabag — wallabag/wallabagCWE-352 | 6.5 | - | 2023-08-21 |
| CVE-2023-4454 | Cross-Site Request Forgery (CSRF) in wallabag/wallabag — wallabag/wallabagCWE-352 | 6.5 | - | 2023-08-21 |
| CVE-2023-0734 | Improper Authorization in wallabag/wallabag — wallabag/wallabagCWE-285 | - | - | 2023-03-05 |
| CVE-2023-0735 | Cross-Site Request Forgery (CSRF) in wallabag/wallabag — wallabag/wallabagCWE-352 | 6.5 | - | 2023-02-07 |
| CVE-2023-0736 | Cross-site Scripting (XSS) - Stored in wallabag/wallabag — wallabag/wallabagCWE-79 | 5.4 | - | 2023-02-07 |
| CVE-2023-0609 | Improper Authorization in wallabag/wallabag — wallabag/wallabagCWE-285 | - | - | 2023-02-01 |
| CVE-2023-0610 | Improper Authorization in wallabag/wallabag — wallabag/wallabagCWE-285 | - | - | 2023-02-01 |
This page lists every published CVE security advisory associated with wallabag. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.