privatebin/privatebin Security Advisories (6)
-
[LOW] PrivateBin vulnerable to malicious filename use for self-XSS / HTML injection locally for users
PKSA-xp1b-f5r4-zfxh CVE-2025-64711 GHSA-r9x7-7ggj-fx9f
Affected version: >=1.7.7,<2.0.3
Reported by:
GitHub -
[MEDIUM] PrivateBin's template-switching feature allows arbitrary local file inclusion through path traversal
PKSA-fq4v-3kvp-3kj2 CVE-2025-64714 GHSA-g2j9-g8r5-rg82
Affected version: >=1.7.7,<2.0.3
Reported by:
GitHub -
[MEDIUM] PrivateBin is missing HTML sanitization of attached filename in file size hint
PKSA-rcyz-b3kf-16mn CVE-2025-62796 GHSA-867c-p784-5q6g
Affected version: >=1.7.7,<2.0.2
Reported by:
GitHub -
[MEDIUM] PrivateBin allows shortening of URLs for other domains
PKSA-fj49-qny2-dzp5 CVE-2024-39899 GHSA-mqqj-fx8h-437j
Affected version: >=1.5.0,<1.7.4
Reported by:
GitHub -
[HIGH] Persistent Cross-site Scripting vulnerability in PrivateBin
PKSA-9rh7-c5st-fpfb CVE-2022-24833 GHSA-cqcc-mm6x-vmvw
Affected version: >=0.21,<1.4.0
Reported by:
GitHub -
[MEDIUM] Persistent XSS vulnerability in filename of attached file in PrivateBin
PKSA-bqnp-z3jb-jmqd CVE-2020-5223 GHSA-8j72-p2wm-6738
Affected version: >=1.3.0,<1.3.2|<1.2.2
Reported by:
GitHub