CVE-2026-1858

<= 2.2.1

wget2 accepts a server certificate with incorrect Key Usage (KU) or Extended Key Usage (EKU). If the attackers compromise a certif

4.8MEDIUM

CVE-2025-69195

>= 2.1.0 and < 2.2.1

A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when p

7.6HIGH

CVE-2025-69194

< 2.2.1

A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file pat

8.8HIGH

CVE-2024-38428

<= 1.24.5

url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behav

9.1CRITICAL

CVE-2021-31879

<= 1.21.1

GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-

6.1MEDIUM

CVE-2019-5953

<= 1.20.1

Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitr

9.8CRITICAL

CVE-2018-20483

< 1.20.1

set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of

7.8HIGH

CVE-2018-0494

< 1.19.5

GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a co

6.5MEDIUM

CVE-2017-13090

<= 1.19.1

The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2

8.8HIGH

CVE-2017-13089

<= 1.19.1

The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sen

8.8HIGH

CVE-2017-6508

<= 1.19.1

CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary

6.1MEDIUM

CVE-2016-7098

<= 1.17

Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote se

8.1HIGH

CVE-2016-4971

< 1.18

GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resourc

8.8HIGH

CVE-2014-4877

<= 1.15

Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to ar

CVE-2010-2252

<= 1.12

GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a d

CVE-2009-3490

<= 1.11.4

GNU Wget before 1.12 does not properly handle a '\0' character in a domain name in the Common Name field of an X.509 certificate,

CVE-2006-6719

all versions

The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial o

CVE-2005-3185

all versions

Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2,

CVE-2004-1488

all versions

wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow r

CVE-2004-1487

all versions

wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a ".." that

CVE-2004-2014

all versions

Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded.

CVE-2002-1344

all versions

Directory traversal vulnerability in wget before 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user

CVE-1999-0402

all versions

wget 1.5.3 follows symlinks to change permissions of the target file instead of the symlink itself.