pkg:PyPI/rdiffweb

85 total CVEsCRITICAL18HIGH32MEDIUM33LOW2

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2022-4724rdiffweb Improper Access Control vulnerability
    from 0, < c4a19cf67d575c4886171b8efcbf4675d51f3929 | from 0, < 2.5.5
  • CRITICAL9.8CVE-2022-4724rdiffweb Improper Access Control vulnerability
    from 0, < 2.5.5
  • CRITICAL9.8CVE-2022-4314Improper Privilege Management in rdiffweb
    from 0, < 2.5.2
  • CRITICAL9.8CVE-2022-4314Improper Privilege Management in rdiffweb
    from 0, < b2df3679564d0daa2856213bb307d3e34bd89a25 | from 0, < 2.5.2
  • CRITICAL9.8CVE-2022-3362rdiffweb vulnerable to Insufficient Session Expiration
    from 0, < 6efb995bc32c8a8e9ad755eb813dec991dffb2b8 | from 0, < 2.5.0
  • CRITICAL9.8CVE-2022-3362rdiffweb vulnerable to Insufficient Session Expiration
    from 0, < 2.5.0
  • CRITICAL9.8CVE-2022-3363Rdiffweb subject to Business Logic Errors
    from 0, < 2.5.0a7
  • CRITICAL9.8CVE-2022-3363Rdiffweb subject to Business Logic Errors
    from 0, < c27c46bac656b1da74f28eac1b52dfa5df76e6f2 | from 0, < 2.5.0
  • CRITICAL9.8CVE-2022-3327Rdiffweb is missing authentication for critical function
    from 0, < 2.5.0
  • CRITICAL9.8CVE-2022-3327Rdiffweb is missing authentication for critical function
    from 0, < f2a32f2a9f3fb8be1a9432ac3d81d3aacdb13095 | from 0, < 2.4.10
  • CRITICAL9.8CVE-2022-3439Missing rate limit on rdiffweb
    from 0, < 2.5.0
  • CRITICAL9.8CVE-2022-3439Missing rate limit on rdiffweb
    from 0, < b78ec09f4582e363f6f449df6f987127e126c311 | from 0, < 2.5.0
  • CRITICAL9.8CVE-2022-3456Missing rate limit on rdiffweb
    from 0, < b78ec09f4582e363f6f449df6f987127e126c311 | from 0, < 2.5.0
  • CRITICAL9.8CVE-2022-3457Origin Validation Error in rdiffweb
    from 0, < afc1bdfab5161c74012ff2590a6ec49cc0d8fde0 | from 0, < 2.5.0
  • CRITICAL9.8CVE-2022-3457Origin Validation Error in rdiffweb
    from 0, < 2.5.0a5
  • CRITICAL9.8CVE-2022-3456Missing rate limit on rdiffweb
    from 0, < 2.5.0
  • CRITICAL9.8CVE-2022-3269rdiffweb vulnerable to account access via session fixation
    from 0, < 2.4.7
  • CRITICAL9.8CVE-2022-3269rdiffweb vulnerable to account access via session fixation
    from 0, < 39e7dcd4a1f44d2a7bd92b79d78a800910b1b22b | from 0, < 2.4.7
  • HIGH8.8CVE-2023-5289Rdiffweb Allocation of Resources Without Limits or Throttling vulnerability
    from 0, < 06f89b43469aae70e8833e55192721523f86c5a2 | from 0, < 2.8.4
  • HIGH8.8CVE-2023-5289Rdiffweb Allocation of Resources Without Limits or Throttling vulnerability
    from 0, < 2.8.4
  • HIGH8.8CVE-2022-3221rdiffweb CSRF vulnerability in profile's SSH keys can lead to unauthorized access
    from 0, < 9125f5a2d918fed0f3fc1c86fa94cd1779ed9f73 | from 0, < 2.4.3
  • HIGH8.8CVE-2022-3221rdiffweb CSRF vulnerability in profile's SSH keys can lead to unauthorized access
    from 0, < 2.4.3
  • HIGH8.8CVE-2022-3179rdiffweb contains Weak Password Requirements
    from 0, < 233befc33bdc45d4838c773d5aed4408720504c5 | from 0, < 2.4.2
  • HIGH8.8CVE-2022-3179rdiffweb contains Weak Password Requirements
    >= 2.4.1, < 2.4.2
  • HIGH8.8CVE-2022-3167rdiffweb vulnerable to Improper Restriction of Rendered UI Layers or Frames
    from 0, < 7294bb7466532762c93d711211e5958940c1b428 | from 0, < 2.4.1
  • HIGH8.8CVE-2022-3167rdiffweb vulnerable to Improper Restriction of Rendered UI Layers or Frames
    from 0, < 2.4.1
  • HIGH8.2CVE-2022-4720rdiffweb vulnerable to Open Redirect
    from 0, < 6afaae56a29536f0118b3380d296c416aa6d078d | from 0, < 2.5.5
  • HIGH8.2CVE-2022-4720rdiffweb vulnerable to Open Redirect
    from 0, < 2.5.5
  • HIGH8.1CVE-2025-67796IKUS Rdiffweb allows an attacker with any valid or stolen access token to act as other users
    from 0, < 2.10.6
  • HIGH7.5CVE-2022-3389rdiffweb Path Traversal vulnerability
    from 0, < 2.4.10
  • HIGH7.5CVE-2022-3389rdiffweb Path Traversal vulnerability
    from 0, < 323383d1db656f1b1291be529947bd943a6b0e99 | from 0, < 2.4.10
  • HIGH7.5CVE-2022-3371rdiffweb's lack of token name length limit can result in DoS or memory corruption
    from 0, < b62c479ff6979563c7c23e7182942bc4f460a2c7 | from 0, < 2.4.10
  • HIGH7.5CVE-2022-3371rdiffweb's lack of token name length limit can result in DoS or memory corruption
    from 0, < 2.5.0a3
  • HIGH7.5CVE-2022-3295rdiffweb allows unlimited length of root directory name, which could result in DoS
    from 0, < 667657c6fe2b336c90be37f37fb92f65df4feee3 | from 0, < 2.4.8
  • HIGH7.5CVE-2022-3295rdiffweb allows unlimited length of root directory name, which could result in DoS
    from 0, < 2.4.8
  • HIGH7.5CVE-2022-3290rdiffweb's unlimited username field length can lead to DoS
    from 0, < 667657c6fe2b336c90be37f37fb92f65df4feee3 | from 0, < 2.4.8
  • HIGH7.5CVE-2022-3272rdiffweb's unlimited length email field can lead to DoS
    from 0, < 667657c6fe2b336c90be37f37fb92f65df4feee3 | from 0, < 2.4.8
  • HIGH7.5CVE-2022-3290rdiffweb's unlimited username field length can lead to DoS
  • HIGH7.5CVE-2022-3272rdiffweb's unlimited length email field can lead to DoS
    from 0, < 2.4.8
  • HIGH7.5CVE-2022-3290rdiffweb's unlimited username field length can lead to DoS
    from 0, < 2.4.8
  • HIGH7.5CVE-2022-3298rdiffweb vulnerable to potential DoS via memory consumption
    from 0, < 2.4.8
  • HIGH7.5CVE-2022-3298rdiffweb vulnerable to potential DoS via memory consumption
    from 0, < 626cca1b75b6c587afd4241a9692e8929b1921a5 | from 0, < 2.4.8
  • HIGH7.5CVE-2022-3174rdiffweb vulnerable to Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
    >= 2.4.1, < 2.4.2
  • HIGH7.5CVE-2022-3174rdiffweb vulnerable to Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
    from 0, < f2de2371c5e13ce1c6fd6f9a1ed3e5d46b93cd7e | from 0, < 2.4.2
  • HIGH7.3CVE-2022-3273rdiffweb does not have a rate limit on incorrect password attempts to prevent brute force attacks
    from 0, < 2.5.0
  • HIGH7.3CVE-2022-3273rdiffweb does not have a rate limit on incorrect password attempts to prevent brute force attacks
    from 0, < b5e3bb0a98268d18ceead36ab9b2b7eaacd659a8 | from 0, < 2.4.11a1
  • HIGH7.2CVE-2022-4722rdiffweb vulnerable to Authentication Bypass by Primary Weakness
    from 0, < d1aaa96b665a39fba9e98d6054a9de511ba0a837 | from 0, < 2.5.5
  • HIGH7.2CVE-2022-4722rdiffweb vulnerable to Authentication Bypass by Primary Weakness
    from 0, < 2.5.5
  • HIGH7.0CVE-2022-3274rdiffweb Cross-Site Request Forgery vulnerability can lead to user email ID being changed
    from 0, < 2.4.7
  • HIGH7.0CVE-2022-3274rdiffweb Cross-Site Request Forgery vulnerability can lead to user email ID being changed
    from 0, < e974df75bdbcff3996ad70bd1b4424ec1485ea3f | from 0, < 2.4.7
  • MEDIUM6.5CVE-2022-4723rdiffweb has no rate limit on resend email feature
    from 0, < 2.5.5
  • MEDIUM6.5CVE-2022-4723rdiffweb has no rate limit on resend email feature
    from 0, < 6e9ee210548f6d3210704cac302cfc7cdb239765 | from 0, < 2.5.5
  • MEDIUM6.5CVE-2022-4646rdiffweb vulnerable to Cross-Site Request Forgery
    from 0, < 2.5.4
  • MEDIUM6.5CVE-2022-4646rdiffweb vulnerable to Cross-Site Request Forgery
    from 0, < e6f0d8002129be90fe82fa3e3ea0a6942caba398 | from 0, < 2.5.4
  • MEDIUM6.1CVE-2022-4644rdiffweb Open Redirect vulnerability
    from 0, < 5f861670ef8f38ca8eea52a98672d0e0fabb5368 | from 0, < 2.5.4
  • MEDIUM6.1CVE-2022-4644rdiffweb Open Redirect vulnerability
    from 0, < 2.5.4
  • MEDIUM6.1CVE-2022-3438rdiffweb vulnerable to Open Redirect
    from 0, < 2.5.0a4
  • MEDIUM6.1CVE-2022-3438rdiffweb vulnerable to Open Redirect
    from 0, < 4d464b467f14b8eb9103d7f5f0774e49995527c7 | from 0, < 2.5.0
  • MEDIUM5.7CVE-2022-4719rdiffweb vulnerable to Business Logic Errors
    from 0, < bc4bed89affcba71251fe54ed10639da9d392c1d | from 0, < 2.5.5
  • MEDIUM5.7CVE-2022-4719rdiffweb vulnerable to Business Logic Errors
    from 0, < 2.5.5
  • MEDIUM5.4CVE-2022-4721rdiffweb vulnerable to Special Element Injection
    from 0, < 6afaae56a29536f0118b3380d296c416aa6d078d | from 0, < 2.5.5
  • MEDIUM5.4CVE-2022-4721rdiffweb vulnerable to Special Element Injection
    from 0, < 2.5.5
  • MEDIUM5.4CVE-2022-3326rdiffweb vulnerable to password complexity bypass leading to weak passwords
    from 0, < 2.4.9
  • MEDIUM5.4CVE-2022-3326rdiffweb vulnerable to password complexity bypass leading to weak passwords
    from 0, < ee98e5af78ec60db8a17fef6ea0ca250e3f31eec | from 0, < 2.4.9
  • MEDIUM5.3CVE-2022-3376rdiffweb allows a new password to be the same as the previous password
    from 0, < 2.5.0
  • MEDIUM5.3CVE-2022-3376rdiffweb allows a new password to be the same as the previous password
    from 0, < 2ffc2af65c8f8113b06e0b89929c604bcdf844b9 | from 0, < 2.4.11a1
  • MEDIUM5.3CVE-2022-3364rdiffweb's unlimited length Fullname field can lead to DoS
    from 0, < b62c479ff6979563c7c23e7182942bc4f460a2c7 | from 0, < 2.4.10
  • MEDIUM5.3CVE-2022-3364rdiffweb's unlimited length Fullname field can lead to DoS
    from 0, < 2.5.0a3
  • MEDIUM5.3CVE-2022-3250rdiffweb has insecure HTTP cookies
    from 0, < ac334dd27ceadac0661b1e2e059a8423433c3fee | from 0, < 2.4.6
  • MEDIUM5.3CVE-2022-3250rdiffweb has insecure HTTP cookies
    from 0, < 2.4.6
  • MEDIUM5.3CVE-2022-3175rdiffweb Missing Custom Error Page
    from 0, < 233befc33bdc45d4838c773d5aed4408720504c5 | from 0, < 2.4.2
  • MEDIUM5.3CVE-2022-3175rdiffweb Missing Custom Error Page
    >= 2.4.1, < 2.4.2
  • MEDIUM4.6CVE-2022-3292rdiffweb vulnerable to Use of Cache Containing Sensitive Information
    from 0, < 2.4.9
  • MEDIUM4.6CVE-2022-3292rdiffweb vulnerable to Use of Cache Containing Sensitive Information
    from 0, < 2406780831618405a13113377a784f3102465f40 | from 0, < 2.4.8
  • MEDIUM4.3CVE-2022-4018Rdiffweb vulnerable to Missing Authentication for Critical Function
    from 0, < f2a32f2a9f3fb8be1a9432ac3d81d3aacdb13095 | from 0, < 2.4.11a1
  • MEDIUM4.3CVE-2022-4018Rdiffweb vulnerable to Missing Authentication for Critical Function
    from 0, < 2.5.0a6
  • MEDIUM4.3CVE-2022-3267rdiffweb Cross-Site Request Forgery vulnerability
    from 0, < 20fc0d304412cc569b21f31e52cb8b94094d6314 | from 0, < 2.4.6
  • MEDIUM4.3CVE-2022-3267rdiffweb Cross-Site Request Forgery vulnerability
    from 0, < 2.4.6
  • MEDIUM4.3CVE-2022-3233rdiffweb CSRF could lead to disabling notifications in user profile
    from 0, < 2.4.6
  • MEDIUM4.3CVE-2022-3233rdiffweb CSRF could lead to disabling notifications in user profile
    from 0, < 18a5aabd48fa6d2d2771a25f95610c28a1a097ca | from 0, < 2.4.6
  • MEDIUM4.3CVE-2022-3232rdiffweb CSRF vulnerability in admin area can lead to deletion of repositories and users
    from 0, < 2.4.5
  • MEDIUM4.3CVE-2022-3232rdiffweb CSRF vulnerability in admin area can lead to deletion of repositories and users
    from 0, < 422791ea45713aaaa865bdca74addb9fffd93a71 | from 0, < 2.4.5
  • MEDIUM4.2CVE-2023-4138RDiffWeb vulnerable to Allocation of Resources Without Limits or Throttling
    from 0, < 2.8.1
  • LOW2.4CVE-2022-3301rdiffweb vulnerable to Improper Cleanup on Thrown Exception
    from 0, < 5ac38b2a75becbab9f948bd5e37ecbcd9f0b362e | from 0, < 2.4.8
  • LOW2.4CVE-2022-3301rdiffweb vulnerable to Improper Cleanup on Thrown Exception
    from 0, < 2.4.8