VYPR
Vendor

Mealie Recipes

Products
1
CVEs
4
Across products
4
Status
Private

Products

1

Recent CVEs

4
  • CVE-2025-56795CriSep 29, 2025
    risk 0.00cvss 9.0epss 0.00

    Mealie 3.0.1 and earlier is vulnerable to Stored Cross-Site Scripting (XSS) in the recipe creation functionality. Unsanitized user input in the "note" and "text" fields of the "/api/recipes/{recipe_name}" endpoint is rendered in the frontend without proper escaping leading to…

  • CVE-2024-31994MedApr 19, 2024
    risk 0.00cvss 6.5epss 0.00

    Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, an attacker can point the image request to an arbitrarily large file. Mealie will attempt to retrieve this file in whole. If it can be retrieved, it may be stored on the file system in whole (leading to…

  • CVE-2024-31993MedApr 19, 2024
    risk 0.00cvss 6.2epss 0.00

    Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the scrape_image function will retrieve an image based on a user-provided URL, however the provided URL is not validated to point to an external location and does not have any enforced rate limiting. The…

  • CVE-2024-31992MedApr 19, 2024
    risk 0.00cvss 6.5epss 0.01

    Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the safe_scrape_html function utilizes a user-controlled URL to issue a request to a remote server, however these requests are not rate-limited. While there are efforts to prevent DDoS by implementing a…