Every CVE whose affected-product data names Mozilla Geckodriver, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2020-15660 — CVSS 8.8 (high): Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerability, that might, when paired with a…
CVE-2021-4138 — CVSS 5.3 (medium): Improved Host header checks to reject requests not sent to a well-known local hostname or IP, or the server-specified hostname.