Vulnerabilities > Brave > Brave

DATE CVE VULNERABILITY TITLE RISK
2023-05-11 CVE-2023-28360 Unspecified vulnerability in Brave
An omission of security-relevant information vulnerability exists in Brave desktop prior to version 1.48.171 when a user was saving a file there was no download safety check dialog presented to the user.
network
low complexity
brave
4.3
2022-12-24 CVE-2022-47932 Unspecified vulnerability in Brave
Brave Browser before 1.43.34 allowed a remote attacker to cause a denial of service via a crafted HTML file that mentions an ipfs:// or ipns:// URL.
network
low complexity
brave
6.5
2022-12-24 CVE-2022-47933 Improper Handling of Exceptional Conditions vulnerability in Brave
Brave Browser before 1.42.51 allowed a remote attacker to cause a denial of service via a crafted HTML file that references the IPFS scheme.
network
low complexity
brave CWE-755
6.5
2022-12-24 CVE-2022-47934 Unspecified vulnerability in Brave
Brave Browser before 1.43.88 allowed a remote attacker to cause a denial of service in private and guest windows via a crafted HTML file that mentions an ipfs:// or ipns:// URL.
network
low complexity
brave
6.5
2022-05-07 CVE-2022-30334 Information Exposure vulnerability in Brave
Brave before 1.34, when a Private Window with Tor Connectivity is used, leaks .onion URLs in Referer and Origin headers.
network
low complexity
brave CWE-200
5.3
2021-12-27 CVE-2021-45884 Information Exposure vulnerability in Brave
In Brave Desktop 1.17 through 1.33 before 1.33.106, when CNAME-based adblocking and a proxying extension with a SOCKS fallback are enabled, additional DNS requests are issued outside of the proxying extension using the system's DNS settings, resulting in information disclosure.
network
low complexity
brave CWE-200
7.5
2021-08-31 CVE-2021-22929 Information Exposure Through Log Files vulnerability in Brave
An information disclosure exists in Brave Browser Desktop prior to version 1.28.62, where logged warning messages that included timestamps of connections to V2 onion domains in tor.log.
local
low complexity
brave CWE-532
6.1
2021-07-12 CVE-2021-22916 Unspecified vulnerability in Brave
In Brave Desktop between versions 1.17 and 1.26.60, when adblocking is enabled and a proxy browser extension is installed, the CNAME adblocking feature issues DNS requests that used the system DNS settings instead of the extension's proxy settings, resulting in possible information disclosure.
network
high complexity
brave
5.9
2021-02-23 CVE-2021-21323 Information Exposure vulnerability in Brave
Brave is an open source web browser with a focus on privacy and security.
network
low complexity
brave CWE-200
5.3
2020-11-09 CVE-2020-8276 Cleartext Storage of Sensitive Information vulnerability in Brave
The implementation of Brave Desktop's privacy-preserving analytics system (P3A) between 1.1 and 1.18.35 logged the timestamp of when the user last opened an incognito window, including Tor windows.
local
low complexity
brave CWE-312
5.5