VYPR
Vendor

Tauri Apps

Products
2
CVEs
9
Across products
9
Status
Private

Products

2

Recent CVEs

9
  • CVE-2026-42184HigMay 27, 2026
    risk 0.50cvss 8.8epss 0.00

    Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a flaw in Tauri's is_local_url() function causes it to incorrectly classify remote URLs as trusted local origins on Windows and Android. On these systems, Tauri maps custom URI scheme…

  • CVE-2023-46115HigOct 20, 2023
    risk 0.48cvss 8.4epss 0.00

    Tauri is a framework for building binaries for all major desktop platforms. This advisory is not describing a vulnerability in the Tauri code base itself but a commonly used misconfiguration which could lead to leaking of the private key and updater key password into bundled…

  • CVE-2022-39215HigSep 15, 2022
    risk 0.47cvss 8.3epss 0.01

    Tauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when `readDir` is called recursively, it was possible to display directory listings outside of the defined `fs` scope. This required a crafted symbolic link or junction…

  • CVE-2022-46171MedDec 23, 2022
    risk 0.37cvss 6.8epss 0.01

    Tauri is a framework for building binaries for all major desktop platforms. The filesystem glob pattern wildcards `*`, `?`, and `[...]` match file path literals and leading dots by default, which unintentionally exposes sub folder content of allowed paths. Scopes without the…

  • CVE-2024-35222MedMay 23, 2024
    risk 0.31cvss 5.9epss 0.00

    Tauri is a framework for building binaries for all major desktop platforms. Remote origin iFrames in Tauri applications can access the Tauri IPC endpoints without being explicitly allowed in the `dangerousRemoteDomainIpcAccess` in v1 and in the `capabilities` in v2. Valid…

  • CVE-2023-34460MedJun 23, 2023
    risk 0.24cvss 4.8epss 0.01

    Tauri is a framework for building binaries for all major desktop platforms. The 1.4.0 release includes a regression on the Filesystem scope check for dotfiles on Unix. Previously dotfiles were not implicitly allowed by the glob wildcard scopes (eg. `$HOME/*`), but a regression…

  • CVE-2023-31134MedMay 9, 2023
    risk 0.24cvss 4.8epss 0.01

    Tauri is software for building applications for multi-platform deployment. The Tauri IPC is usually strictly isolated from external websites, but in versions 1.0.0 until 1.0.9, 1.1.0 until 1.1.4, and 1.2.0 until 1.2.5, the isolation can be bypassed by redirecting an existing…

  • CVE-2022-41874LowNov 10, 2022
    risk 0.10cvss 2.6epss 0.00

    Tauri is a framework for building binaries for all major desktop platforms. In versions prior to 1.0.7 and 1.1.2, Tauri is vulnerable to an Incorrectly-Resolved Name. Due to incorrect escaping of special characters in paths selected via the file dialog and drag and drop…

  • CVE-2025-31477Apr 2, 2025
    risk 0.00cvss epss 0.01

    The Tauri shell plugin allows access to the system shell. Prior to 2.2.1, the Tauri shell plugin exposes functionality to execute code and open programs on the system. The open endpoint of this plugin is designed to allow open functionality with the system opener (e.g. xdg-open…