Csaf Provider Project Csaf Provider — known CVE vulnerabilities
Every CVE whose affected-product data names Csaf Provider Project Csaf Provider, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (1)
CVE-2022-43996 — CVSS 5.4 (medium): The csaf_provider package before 0.8.2 allows XSS via a crafted CSAF document uploaded as text/html. The endpoint upload allows valid CSAF…