threat
engine
.sh
Back
·
··:··
Home
/
Product
/
brave
Product
brave
26 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2024-43337
< 0.7.1
Cross-Site Request Forgery (CSRF) vulnerability in Brave Popup Builder.This issue affects Brave Popup Builder: from n/a thro
4.3
MEDIUM
CVE-2024-35655
<= 0.6.9
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brave brave-popup-buil
5.9
MEDIUM
CVE-2023-51534
<= 0.6.2
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brave - Create Popup,
5.9
MEDIUM
CVE-2023-52263
< 1.59.40
Brave Browser before 1.59.40 does not properly restrict the schema for WebUI factory and redirect. This is related to browser/brav
6.1
MEDIUM
CVE-2023-28364
< 1.52.117
An Open Redirect vulnerability exists prior to version 1.52.117, where the built-in QR scanner in Brave Browser Android navigated
6.1
MEDIUM
CVE-2023-28360
< 1.48.171
An omission of security-relevant information vulnerability exists in Brave desktop prior to version 1.48.171 when a user was savin
4.3
MEDIUM
CVE-2023-22798
< 2022-05-25
Prior to commit 51867e0d15a6d7f80d5b714fd0e9976b9c160bb0, https://github.com/brave/adblock-lists removed redirect interceptors on
6.1
MEDIUM
CVE-2022-47934
< 1.43.88
Brave Browser before 1.43.88 allowed a remote attacker to cause a denial of service in private and guest windows via a crafted HTM
6.5
MEDIUM
CVE-2022-47933
< 1.42.51
Brave Browser before 1.42.51 allowed a remote attacker to cause a denial of service via a crafted HTML file that references the IP
6.5
MEDIUM
CVE-2022-47932
< 1.42.51
Brave Browser before 1.43.34 allowed a remote attacker to cause a denial of service via a crafted HTML file that mentions an ipfs:
6.5
MEDIUM
CVE-2022-30334
< 1.34
Brave before 1.34, when a Private Window with Tor Connectivity is used, leaks .onion URLs in Referer and Origin headers. NOTE: alt
5.3
MEDIUM
CVE-2021-45884
>= 1.17.1 and <= 1.33.106
In Brave Desktop 1.17 through 1.33 before 1.33.106, when CNAME-based adblocking and a proxying extension with a SOCKS fallback are
7.5
HIGH
CVE-2021-22929
< 1.28.62
An information disclosure exists in Brave Browser Desktop prior to version 1.28.62, where logged warning messages that included ti
6.1
MEDIUM
CVE-2021-22917
> 1.17 and < 1.20
Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to information disclosure by way of DNS requests in Tor windows
6.5
MEDIUM
CVE-2021-22916
>= 1.17.0 and <= 1.26.60
In Brave Desktop between versions 1.17 and 1.26.60, when adblocking is enabled and a proxy browser extension is installed, the CNA
5.9
MEDIUM
CVE-2021-21323
>= 1.17.73 and <= 1.20.103
Brave is an open source web browser with a focus on privacy and security. In Brave versions 1.17.73-1.20.103, the CNAME adblocking
4.3
MEDIUM
CVE-2020-8276
>= 1.1 and <= 1.18.35
The implementation of Brave Desktop's privacy-preserving analytics system (P3A) between 1.1 and 1.18.35 logged the timestamp of wh
5.5
MEDIUM
CVE-2018-1000815
>= 0.22.810 and <= 0.24.0
Brave Software Inc. Brave version 0.22.810 to 0.24.0 contains a Other/Unknown vulnerability in function ContentSettingsObs
4.3
MEDIUM
CVE-2018-10799
< 0.14.0
A hang issue was discovered in Brave before 0.14.0 (on, for example, Linux). This vulnerability is caused by the mishandling of a
6.5
MEDIUM
CVE-2018-10798
< 0.14.0
A hang issue was discovered in Brave before 0.14.0 (on, for example, Linux). The vulnerability is caused by mishandling of JavaScr
6.5
MEDIUM
CVE-2017-18256
< 0.13.0
Brave Browser before 0.13.0 allows remote attackers to cause a denial of service (resource consumption) via a long alert() argumen
6.5
MEDIUM
CVE-2016-10718
< 0.13.0
Brave Browser before 0.13.0 allows a tab to close itself even if the tab was not opened by a script, resulting in denial of servic
7.5
HIGH
CVE-2017-1000461
<= 0.19.73
Brave Software's Brave Browser, version 0.19.73 (and earlier) is vulnerable to an incorrect access control issue in the "JS finger
4.7
MEDIUM
CVE-2017-8459
all versions
Brave 0.12.4 has a Status Bar Obfuscation issue in which a redirection target is shown in a possibly unexpected way. NOTE: third p
5.3
MEDIUM
CVE-2017-8458
all versions
Brave 0.12.4 has a URI Obfuscation issue in which a string such as https://safe.example.com@unsafe.example.com/ is displayed witho
6.5
MEDIUM
CVE-2016-9473
< 1.9.56
Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allowing attac
4.7
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin