Every CVE whose affected-product data names Gollum Project Gollum, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2014-9489 — CVSS 8.8 (high): The gollum-grit_adapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency in gollum-lib before 4.0.1 when the…
CVE-2020-35305 — CVSS 6.1 (medium): Cross site scripting (XSS) in gollum 5.0 to 5.1.2 via the filename parameter to the 'New Page' dialog.
CVE-2015-7314 — CVSS 4.3 (medium): The Precious module in gollum before 4.0.1 allows remote attackers to read arbitrary files by leveraging the lack of a certain…