Calibreweb
This hub aggregates every CVE we track for Calibreweb, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
19
CVEs tracked
8
Critical
2
High
0
In CISA KEV
Severity distribution
MEDIUM8CRITICAL8HIGH2LOW1
Monthly trend
1
0
0
0
3
0
0
0
0
0
0
0
1
0
0
0
0
1
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Calibreweb.
- CVE-2025-65858A Stored Cross-Site Scripting (XSS) vulnerability in Calibre-Web v0.6.25 allows attackers to inject malicious JavaScript into the 'username' field during user creation. The payload is stored unsani...3.5
- CVE-2025-7404Calibre Web 0.6.24 & Autocaliweb 0.7.0 - Blind C9.8
- CVE-2021-3988Cross-site Scripting (XSS) in janeczku/calibre-web6.1
- CVE-2021-3987Improper Access Control in janeczku/calibre-web4.3
- CVE-2021-3986Information Disclosure in janeczku/calibre-web4.3
- CVE-2024-39123In janeczku Calibre-Web 0.6.0 to 0.6.21, the edit_book_comments function is vulnerable to Cross Site Scripting (XSS) due to improper sanitization performed by the clean_string function. The vulnera...5.4
- CVE-2023-2106Weak Password Requirements in janeczku/calibre-web9.8
- CVE-2022-2525Improper Restriction of Excessive Authentication Attempts in janeczku/calibre-web9.8
- CVE-2022-30765Calibre-Web before 0.6.18 allows user table SQL Injection.9.8
- CVE-2022-0766Server-Side Request Forgery (SSRF) in janeczku/calibre-web9.8
- CVE-2022-0767Server-Side Request Forgery (SSRF) in janeczku/calibre-web9.9
- CVE-2022-0273Improper Access Control in janeczku/calibre-web6.5
- CVE-2022-0339Server-Side Request Forgery (SSRF) in janeczku/calibre-web9.8
- CVE-2022-0352Cross-site Scripting (XSS) - Reflected in janeczku/calibre-web6.1
- CVE-2021-4164Cross-Site Request Forgery (CSRF) in janeczku/calibre-web8.8
Product normalization is registry-driven with AI assist and human review. How it works