Lynx

This hub aggregates every CVE we track for Lynx, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

OSS Libraries

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

MEDIUM13HIGH7CRITICAL3LOW1

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 15 most recently published vulnerabilities affecting Lynx.

CVE-2023-40143Westermo Lynx 5.4Feb 6, 2024
CVE-2023-45735Westermo Lynx Code Injection8.0Feb 6, 2024
CVE-2023-45222Westermo Lynx Cross-site Scripting5.4Feb 6, 2024
CVE-2023-45213 Westermo Lynx Permissive Cross-domain Policy with Untrusted Domains6.6Feb 6, 2024
CVE-2023-42765Westermo Lynx Cross-site Scripting5.4Feb 6, 2024
CVE-2023-40544Westermo Lynx Cleartext Transmission of Sensitive Information5.7Feb 6, 2024
CVE-2023-45227Westermo Lynx Cross-site Scripting5.4Feb 6, 2024
CVE-2023-38579Westermo Lynx 206-F2G Cross-Site Request Forgery8.0Feb 6, 2024
CVE-2021-38165Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data.5.3Aug 7, 2021
CVE-2014-5002The lynx gem before 1.0.0 for Ruby places the configured password on command lines, which allows local users to obtain sensitive information by listing processes.7.8Jan 10, 2018
CVE-2017-1000211Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTML_put_string() can append a chunk onto itself.5.3Nov 17, 2017
CVE-2016-9179lynx: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host.7.5Dec 22, 2016
CVE-2012-5821Lynx does not verify that the server's certificate is signed by a trusted certification authority, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate, related t...5.9Nov 4, 2012
CVE-2010-2810Heap-based buffer overflow in the convert_to_idna function in WWW/Library/Implementation/HTParse.c in Lynx 2.8.8dev.1 through 2.8.8dev.4 allows remote attackers to cause a denial of service (applic...6.8Aug 20, 2010
CVE-2006-7234Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory.4.6Oct 27, 2008

Product normalization is registry-driven with AI assist and human review. How it works