calibreweb vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2025-65858Lowcalibreweb: Calibre-Web Has a Stored Cross-Site Scripting (XSS) Vulnerability via the 'username' Field During User CreationCVE-2025-7404Mediumcalibreweb: Calibre Web and Autocaliweb have OS Command Injection vulnerabilityCVE-2025-6998Highcalibreweb: Calibre Web and Autocaliweb have a ReDoS vulnerabilityCVE-2021-3988Mediumcalibreweb: Cross-site Scripting (XSS) - DOM in janeczku/calibre-webCVE-2021-3987Mediumcalibreweb: Improper Access Control in janeczku/calibre-webCVE-2021-3986Mediumcalibreweb: Generation of Error Message Containing Sensitive Information in janeczku/calibre-webCVE-2024-39123Mediumcalibreweb: Calibre-Web Cross Site Scripting (XSS)CVE-2022-2525Mediumcalibreweb: Improper Restriction of Excessive Authentication Attempts in calibrewebCVE-2023-2106Highcalibreweb: Weak Password Requirements in calibrewebCVE-2022-30765Criticalcalibreweb: SQL injection in calibrewebCVE-2022-0766Criticalcalibreweb: Server-Side Request Forgery in calibrewebCVE-2022-0767Criticalcalibreweb: Server-Side Request Forgery in calibrewebCVE-2022-0339Mediumcalibreweb: Server-Side Request Forgery in calibrewebCVE-2022-0273Highcalibreweb: Incorrect Authorization in calibrewebCVE-2022-0352Mediumcalibreweb: Cross-site Scripting in calibrewebCVE-2021-4170Mediumcalibreweb: calibre-web is vulnerable to Cross-site ScriptingCVE-2021-4164Highcalibreweb: calibre-web is vulnerable to Cross-Site Request Forgery (CSRF)CVE-2021-4171Criticalcalibreweb: calibre-web is vulnerable to Business Logic Errors

Stop the waste.
Protect your environment with Kodem.