Every CVE whose affected-product data names Joinbookwyrm Bookwyrm, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2022-2651 — CVSS 9.8 (critical): Authentication Bypass by Primary Weakness in GitHub repository bookwyrm-social/bookwyrm prior to 0.4.5.
CVE-2022-23644 — CVSS 8.8 (high): BookWyrm is a decentralized social network for tracking reading habits and reviewing books. The functionality to load a cover via url is…
CVE-2022-35953 — CVSS 7.1 (high): BookWyrm is a social network for tracking your reading, talking about books, writing reviews, and discovering what to read next. Some links…
CVE-2022-31136 — CVSS 6.3 (medium): Bookwyrm is an open source social reading and reviewing program. Versions of Bookwyrm prior to 0.4.1 did not properly sanitize html being…
CVE-2022-35925 — CVSS 5.3 (medium): BookWyrm is a social network for tracking reading. Versions prior to 0.4.5 were found to lack rate limiting on authentication views which…