VYPR
Vendor

Kareadita

Products
1
CVEs
8
Across products
8
Status
Private

Products

1

Recent CVEs

8
  • CVE-2026-47202CriMay 26, 2026
    risk 0.60cvss epss 0.00

    Kavita is a cross platform reading server. Prior to 0.9.0.2, an Improper Token validation flaw permits a remote and unauthenticated threat actor to request a JWT for any user including admins given knowledge of their username. This vulnerability is fixed in 0.9.0.2.

  • CVE-2026-44775MedMay 26, 2026
    risk 0.45cvss epss 0.00

    Kavita is a cross platform reading server. Prior to 0.9.0, the ReaderController.GetImage endpoint is decorated with [AllowAnonymous], allowing completely unauthenticated access to page images from any chapter in any library. While the endpoint accepts an apiKey parameter, it is…

  • CVE-2026-44776MedMay 26, 2026
    risk 0.38cvss epss 0.00

    Kavita is a cross platform reading server. Prior to 0.9.0, the download, size-check, and chapter metadata endpoints do not enforce library-level authorization. A low-privileged user who knows or guesses a chapterId, volumeId, or seriesId belonging to a library they are not…

  • CVE-2024-39307LowJun 28, 2024
    risk 0.23cvss 3.5epss 0.00

    Kavita is a cross platform reading server. Opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Kavita doesn't sanitize or sandbox the contents of epubs, allowing scripts inside ebooks to execute. This vulnerability was patched in…

  • CVE-2023-0919HigFeb 19, 2023
    risk 0.00cvss 8.1epss 0.00

    Missing Authentication for Critical Function in GitHub repository kareadita/kavita prior to 0.7.0.

  • CVE-2022-3993CriNov 14, 2022
    risk 0.00cvss 9.4epss 0.01

    Improper Restriction of Excessive Authentication Attempts in GitHub repository kareadita/kavita prior to 0.6.0.3.

  • CVE-2022-3945MedNov 11, 2022
    risk 0.00cvss 5.3epss 0.01

    Improper Restriction of Excessive Authentication Attempts in GitHub repository kareadita/kavita prior to 0.6.0.3.

  • CVE-2022-2756MedAug 10, 2022
    risk 0.00cvss 6.5epss 0.02

    Server-Side Request Forgery (SSRF) in GitHub repository kareadita/kavita prior to 0.5.4.1.