Vulnerabilities > Kovidgoyal > Kitty > 0.18.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-04-20 | CVE-2025-43929 | Origin Validation Error vulnerability in Kovidgoyal Kitty open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document (e.g., a document opened in KDE ghostwriter). | 7.8 |
| 2020-12-21 | CVE-2020-35605 | The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message. | 9.8 |