qutebrowser
PyPI4 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting qutebrowserpage 1 of 1
- CVE-2018-1000559MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.3.32018-06-26
vulnerable: 0.11.0 ... 1.3.2 (15 versions)
qutebrowser version introduced in v0.11.0 (1179ee7a937fb31414d77d9970bac21095358449) contains a Cross Site Scripting (XSS) vulnerability in history command, qute://history page that can result in Via injected JavaScript code, a website can…
- CVE-2018-10895CRITICALCVSS 9.3EG 9.3✓ Fixed in 1.4.12018-07-12
vulnerable: 0.0.0 ... 1.4.0 (43 versions)
qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access 'qute://*' URLs. A malicious website could exploit this to load a 'qute://settings/set' URL, which then sets 'editor.command…
- CVE-2020-11054LOWCVSS 3.5EG 3.5✓ Fixed in 1.11.02020-05-07
vulnerable: 0.0.0 ... 1.10.2 (61 versions)
In qutebrowser versions less than 1.11.1, reloading a page with certificate errors shows a green URL. After a certificate error was overridden by the user, qutebrowser displays the URL as yellow (colors.statusbar.url.warn.fg). However, whe…
- CVE-2021-41146HIGHCVSS 8.8EG 8.8✓ Fixed in 2.4.02021-10-21
vulnerable: 0.0.0 ... 2.3.1 (64 versions)
qutebrowser is an open source keyboard-focused browser with a minimal GUI. Starting with qutebrowser v1.7.0, the Windows installer for qutebrowser registers a `qutebrowserurl:` URL handler. With certain applications, opening a specially cr…
Check whether qutebrowser is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for qutebrowser CVEs against the assets you own.
Start Free Scan →