pkg:Packagist/wallabag/wallabag

All known vulnerabilities

• MEDIUM6.5CVE-2023-0737CSRF leading to delete account in wallabag/wallabag
  from 0, < 2.5.4
• MEDIUM6.5CVE-2023-4455Wallabag user can delete own API client unintentionally
  >= 2.0.0-alpha.1, < 2.6.3
• MEDIUM6.5CVE-2023-3566Wallabag vulnerable to Allocation of Resources Without Limits or Throttling
  from 0, <= 2.5.4
• MEDIUM6.5CVE-2023-0735Cross-Site Request Forgery (CSRF) in wallabag/wallabag
  from 0, < 2.5.4
• MEDIUM6.5CVE-2023-0609wallabag contains Improper Authorization via export feature
  >= 2.0.0-alpha.1, < 2.5.3
• MEDIUM5.7CVE-2023-4454Wallabag user can reset data unintentionally
  >= 2.0.0-alpha.1, < 2.6.3
• MEDIUM5.4CVE-2023-0736Cross-site Scripting (XSS) in wallabag/wallabag
  from 0, < 2.5.4
• MEDIUM5.4CVE-2023-0610wallabag subject to Improper Authorization via annotations
  >= 2.0.0-beta.1, < 2.5.3
• MEDIUM5.3CVE-2023-0734Wallabag Improper Authorization vulnerability
  from 0, < 2.5.4
• MEDIUM4.0CVE-2018-11352Wallabag cross-site scripting (XSS) vulnerability
  >= 2.2.3, < 2.3.3