Vulnerabilities > Qutebrowser

DATE CVE VULNERABILITY TITLE RISK
2021-10-21 CVE-2021-41146 Command Injection vulnerability in Qutebrowser
qutebrowser is an open source keyboard-focused browser with a minimal GUI.
network
low complexity
qutebrowser CWE-77
8.8
2020-05-07 CVE-2020-11054 Incorrect Provision of Specified Functionality vulnerability in multiple products
In qutebrowser versions less than 1.11.1, reloading a page with certificate errors shows a green URL.
network
low complexity
qutebrowser fedoraproject CWE-684
3.5
2018-07-12 CVE-2018-10895 Cross-Site Request Forgery (CSRF) vulnerability in Qutebrowser
qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access 'qute://*' URLs.
6.8
2018-06-26 CVE-2018-1000559 Cross-site Scripting vulnerability in Qutebrowser
qutebrowser version introduced in v0.11.0 (1179ee7a937fb31414d77d9970bac21095358449) contains a Cross Site Scripting (XSS) vulnerability in history command, qute://history page that can result in Via injected JavaScript code, a website can steal the user's browsing history.
4.3