CVE-2026-43914

< 1.35.4

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.4, there is a security vulnerability in Vaultwarden th

7.3HIGH

CVE-2026-43913

< 1.35.5

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden allows an unconfirmed organization owne

8.1HIGH

CVE-2026-43912

< 1.35.5

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden does not enforce that a groups_users.us

8.7HIGH

CVE-2026-43911

< 1.35.5

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, refresh tokens are not invalidated when the user's

6.8MEDIUM

CVE-2026-33420

< 1.35.5

Vaultwarden is a Bitwarden-compatible server written in Rust. In version 1.35.4 and earlier, the get_org_collections_details endpo

5.3MEDIUM

CVE-2026-31835

< 1.35.5

Vaultwarden is a Bitwarden-compatible server written in Rust. In versions 1.35.4 and earlier, the WebAuthn authentication flow in

5.4MEDIUM

CVE-2026-27898

< 1.35.4

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to version 1.35.4,

5.4MEDIUM

CVE-2026-27803

< 1.35.4

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to version 1.35.4,

8.3HIGH

CVE-2026-27802

< 1.35.4

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to version 1.35.4,

8.3HIGH

CVE-2026-27801

< 1.35.0

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Vaultwarden versions 1.3

5.9MEDIUM

CVE-2026-26012

< 1.35.3

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to 1.35.3, a regul

6.5MEDIUM

CVE-2025-24365

< 1.33.0

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Attacker can obtain owne

8.1HIGH

CVE-2025-24364

< 1.33.0

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Attacker with authentica

7.2HIGH

CVE-2024-55226

all versions

Vaultwarden v1.32.5 was discovered to contain an authenticated reflected cross-site scripting (XSS) vulnerability via the componen

5.4MEDIUM

CVE-2024-55225

< 1.32.5

An issue in the component src/api/identity.rs of Vaultwarden prior to v1.32.5 allows attackers to impersonate users, including Adm

9.8CRITICAL

CVE-2024-55224

< 1.32.5

An HTML injection vulnerability in Vaultwarden prior to v1.32.5 allows attackers to execute arbitrary code via injecting a crafted

9.6CRITICAL

CVE-2024-56335

< 1.32.7

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. In affected versions an

7.6HIGH

CVE-2024-39926

all versions

An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A stored cross-site scripting (XSS) or, due to the default

5.4MEDIUM

CVE-2024-39925

all versions

An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. It lacks an offboarding process for members who leave an or

6.5MEDIUM

CVE-2024-39924

all versions

An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A vulnerability has been identified in the authentication a

8.8HIGH