Every CVE whose affected-product data names Tandoor Recipes, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (22)
CVE-2025-23211 — CVSS 9.9 (critical): Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any…
CVE-2026-33152 — CVSS 9.1 (critical): Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, Tandoor…
CVE-2025-23213 — CVSS 8.7 (high): Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The file upload feature allows to…
CVE-2026-35488 — CVSS 8.1 (high): Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, RecipeBookViewSet and…
CVE-2026-35045 — CVSS 8.1 (high): Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the PUT…
CVE-2026-33149 — CVSS 8.1 (high): Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Versions up to and including 2.5.3 set…
CVE-2025-23212 — CVSS 7.7 (high): Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The external storage feature allows…
CVE-2026-25991 — CVSS 7.7 (high): Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, there is a Blind…
CVE-2026-35489 — CVSS 7.3 (high): Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the POST…
CVE-2026-27460 — CVSS 6.5 (medium): Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.5, a critical Denial of…
CVE-2024-0403 — CVSS 6.5 (medium): Recipes version 1.5.10 allows arbitrary HTTP requests to be made through the server. This is possible because the application is vulnerable…
CVE-2025-57396 — CVSS 6.5 (medium): Tandoor Recipes 2.0.0-alpha-1, fixed in 2.0.0-alpha-2, is vulnerable to privilege escalation. This is due to the rework of the API, which…
CVE-2022-23071 — CVSS 6.5 (medium): In Recipes, versions 0.9.1 through 1.2.5 are vulnerable to Server Side Request Forgery (SSRF), in the “Import Recipe” functionality…
CVE-2026-28503 — CVSS 6.5 (medium): Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the…
CVE-2026-33148 — CVSS 6.5 (medium): Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the FDC…
CVE-2026-33153 — CVSS 6.5 (medium): Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the Recipe…
CVE-2026-35046 — CVSS 5.4 (medium): Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, Tandoor Recipes allows…
CVE-2026-29055 — CVSS 5.3 (medium): Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the image…
CVE-2026-25964 — CVSS 4.9 (medium): Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, a Path Traversal…
CVE-2022-23072 — CVSS 3.5 (low): In Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in “Add to Cart” functionality. When a…
CVE-2022-23074 — CVSS 3.5 (low): In Recipes, versions 0.17.0 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in the ‘Name’ field of Keyword, Food and…
CVE-2022-23073 — CVSS 3.5 (low): In Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in copy to clipboard functionality. When a…