VYPR

Canarytokens

by Thinkst

Source repositories

CVEs (10)

  • CVE-2019-9768HigMar 14, 2019
    risk 0.53cvss 7.5epss 0.12

    Thinkst Canarytokens through commit hash 4e89ee0 (2019-03-01) relies on limited variation in size, metadata, and timestamp, which makes it easier for attackers to estimate whether a Word document contains a token.

  • CVE-2024-41664MedJul 23, 2024
    risk 0.35cvss 5.4epss 0.00

    Canarytokens help track activity and actions on a network. Prior to `sha-8ea5315`, Canarytokens.org was vulnerable to a blind SSRF in the Webhook alert feature. When a Canarytoken is created, users choose to receive alerts either via email or via a webhook. If a webhook is…

  • CVE-2024-41663LowJul 23, 2024
    risk 0.23cvss 3.5epss 0.00

    Canarytokens help track activity and actions on a network. A Cross-Site Scripting vulnerability was identified in the "Cloned Website" Canarytoken, whereby the Canarytoken's creator can attack themselves. The creator of a slow-redirect Canarytoken can insert Javascript into the…

  • CVE-2026-11859LowJun 10, 2026
    risk 0.13cvss epss 0.00

    An HTML injection vulnerability in the "fetch links" email sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting (XSS) in emails clients that render HTML emails. This issue affects Canarytokens: from Docker tag sha-c0f3cf142…

  • CVE-2026-10729LowJun 3, 2026
    risk 0.08cvss epss 0.00

    An HTML injection vulnerability in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens exists in Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting (XSS) in emails clients that render HTML emails. This issue…

  • CVE-2026-13140Jun 24, 2026
    risk 0.00cvss epss 0.00

    Stored Cross-Site Scripting in the exposed AWS API key store of Thinkst Applied Research Canarytokens. Anonymous exploitation requires knowledge of a random identifier. This issue affects Canarytokens: from Docker tag sha-4116b92cb before sha-f5aa5c4e, from Git commit…

  • CVE-2026-12888Jun 22, 2026
    risk 0.00cvss epss 0.00

    An HTML injection vulnerability exists in the Google Chat webhook notification  sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation in Google Chat. An attacker can insert limited HTML content including links. This issue affects Canarytokens: from…

  • CVE-2024-28111MedMar 6, 2024
    risk 0.00cvss 6.5epss 0.01

    Canarytokens helps track activity and actions on a network. Canarytokens.org supports exporting the history of a Canarytoken's incidents in CSV format. The generation of these CSV files is vulnerable to a CSV Injection vulnerability. This flaw can be used by an attacker who…

  • CVE-2023-22475MedJan 6, 2023
    risk 0.00cvss 6.3epss 0.01

    Canarytokens is an open source tool which helps track activity and actions on your network. A Cross-Site Scripting vulnerability was identified in the history page of triggered Canarytokens prior to sha-fb61290. An attacker who discovers an HTTP-based Canarytoken (a URL) can use…

  • CVE-2022-31113MedJul 1, 2022
    risk 0.00cvss 6.3epss 0.01

    Canarytokens is an open source tool which helps track activity and actions on your network. A Cross-Site Scripting vulnerability was identified in the history page of triggered Canarytokens. This permits an attacker who recognised an HTTP-based Canarytoken (a URL) to execute…