Vulnerabilities > Brave

DATE CVE VULNERABILITY TITLE RISK
2021-02-23 CVE-2021-21323 Information Exposure vulnerability in Brave
Brave is an open source web browser with a focus on privacy and security.
network
brave CWE-200
4.3
2020-11-09 CVE-2020-8276 Cleartext Storage of Sensitive Information vulnerability in Brave
The implementation of Brave Desktop's privacy-preserving analytics system (P3A) between 1.1 and 1.18.35 logged the timestamp of when the user last opened an incognito window, including Tor windows.
local
low complexity
brave CWE-312
2.1
2018-12-20 CVE-2018-1000815 Improper Input Validation vulnerability in Brave
Brave Software Inc.
network
brave CWE-20
4.3
2018-05-08 CVE-2018-10799 Improper Input Validation vulnerability in Brave
A hang issue was discovered in Brave before 0.14.0 (on, for example, Linux).
network
brave CWE-20
4.3
2018-05-08 CVE-2018-10798 Improper Input Validation vulnerability in Brave
A hang issue was discovered in Brave before 0.14.0 (on, for example, Linux).
network
brave CWE-20
4.3
2018-04-04 CVE-2017-18256 Unspecified vulnerability in Brave Browser
Brave Browser before 0.13.0 allows remote attackers to cause a denial of service (resource consumption) via a long alert() argument in JavaScript code, because window dialogs are mishandled.
network
brave
4.3
2018-04-04 CVE-2016-10718 Improper Input Validation vulnerability in Brave Browser
Brave Browser before 0.13.0 allows a tab to close itself even if the tab was not opened by a script, resulting in denial of service.
network
low complexity
brave CWE-20
5.0
2018-01-03 CVE-2017-1000461 Incorrect Permission Assignment for Critical Resource vulnerability in Brave Browser
Brave Software's Brave Browser, version 0.19.73 (and earlier) is vulnerable to an incorrect access control issue in the "JS fingerprinting blocking" component, resulting in a malicious website being able to access the fingerprinting-associated browser functionality (that the browser intends to block).
network
brave CWE-732
4.3
2017-05-03 CVE-2017-8459 Unspecified vulnerability in Brave 0.12.4
Brave 0.12.4 has a Status Bar Obfuscation issue in which a redirection target is shown in a possibly unexpected way.
network
low complexity
brave
6.5
2017-05-03 CVE-2017-8458 Injection vulnerability in Brave 0.12.4
Brave 0.12.4 has a URI Obfuscation issue in which a string such as https://[email protected]/ is displayed without a clear UI indication that it is not a resource on the safe.example.com web site.
network
brave CWE-74
4.3