Savane
This hub aggregates every CVE we track for Savane, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
5
CVEs tracked
0
Critical
3
High
0
In CISA KEV
Severity distribution
HIGH3LOW1MEDIUM1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
2024-072026-06
Latest CVEs
The 5 most recently published vulnerabilities affecting Savane.
- CVE-2026-56355GNU Savannah Administration Savane through 3.17 uses untrusted data as part of authorization.3.7
- CVE-2024-29399An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component.7.6
- CVE-2024-27632An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the form_id in the form_header() function.8.8
- CVE-2024-27630Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackers_data_delete_file function.7.5
- CVE-2024-27631Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via siteadmin/usergroup.php6.0
Product normalization is registry-driven with AI assist and human review. How it works