Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

answerdev/answer — Vulnerabilities & Security Advisories 34

All 34 CVE vulnerabilities found in answerdev/answer, with AI-generated Chinese analysis, references, and POCs.

This page documents security vulnerabilities associated with the answerdev/answer open-source Q&A platform, categorized under software weakness classifications. It aggregates publicly reported flaws and security advisories affecting this specific product line. The content collected here spans from the initial public release of the software up to the most recently disclosed incidents, ensuring a comprehensive historical view of its security landscape. This includes critical bugs, privilege escalation risks, cross-site scripting issues, and other common application security defects found within the codebase or its deployment configurations. By reviewing this aggregation, you can effectively track the vendor's vulnerability response timeline and see how quickly patches are issued for reported issues. You can also gain a deeper understanding of common weakness classes that frequently impact this type of web application, helping to identify patterns in coding errors or architectural oversights. Furthermore, users can look up the complete vulnerability history of answerdev/answer to assess long-term risk exposure and evaluate the overall stability and maturity of the project's security posture. This resource serves as a neutral reference point for developers, security auditors, and system administrators who need factual data regarding known defects in the system. The information is presented without judgment, focusing purely on the technical details and chronological progression of each reported security incident. This allows for informed decision-making regarding upgrades, mitigation strategies, or the selection of alternative solutions based on rigorous historical security data.

Vendor: answerdev

CVE IDTitleCVSSSeverityPublished
CVE-2023-4815 Missing Authentication for Critical Function in answerdev/answer CWE-306 6.5 -2023-09-07
CVE-2023-4127 Race Condition within a Thread in answerdev/answer CWE-366 7.5 -2023-08-03
CVE-2023-4126 Insufficient Session Expiration in answerdev/answer CWE-613 8.3 -2023-08-03
CVE-2023-4125 Weak Password Requirements in answerdev/answer CWE-521 7.5 -2023-08-03
CVE-2023-4124 Missing Authorization in answerdev/answer CWE-862--2023-08-03
CVE-2023-2590 Missing Authorization in answerdev/answer CWE-862 8.6 -2023-05-09
CVE-2023-1975 Insertion of Sensitive Information Into Sent Data in answerdev/answer CWE-201 6.5 -2023-04-11
CVE-2023-1974 Exposure of Sensitive Information Through Metadata in answerdev/answer CWE-1230 6.5 -2023-04-11
CVE-2023-1976 Password Aging with Long Expiration in answerdev/answer CWE-263 8.8 -2023-04-11
CVE-2023-1535 Cross-site Scripting (XSS) - Stored in answerdev/answer CWE-79 5.4 -2023-03-21
CVE-2023-1543 Insufficient Session Expiration in answerdev/answer CWE-613 9.8 -2023-03-21
CVE-2023-1542 Business Logic Errors in answerdev/answer CWE-840 7.1 -2023-03-21
CVE-2023-1541 Business Logic Errors in answerdev/answer CWE-840 7.1 -2023-03-21
CVE-2023-1540 Observable Response Discrepancy in answerdev/answer CWE-204 8.2 -2023-03-21
CVE-2023-1538 Observable Timing Discrepancy in answerdev/answer CWE-208 8.2 -2023-03-21
CVE-2023-1537 Authentication Bypass by Capture-replay in answerdev/answer CWE-294 9.8 -2023-03-21
CVE-2023-1536 Cross-site Scripting (XSS) - Stored in answerdev/answer CWE-79 5.4 -2023-03-21
CVE-2023-1539 Improper Restriction of Excessive Authentication Attempts in answerdev/answer CWE-307 8.2 -2023-03-21
CVE-2023-1245 Cross-site Scripting (XSS) - Stored in answerdev/answer CWE-79 5.4 -2023-03-07
CVE-2023-1237 Cross-site Scripting (XSS) - Stored in answerdev/answer CWE-79 5.4 -2023-03-07
CVE-2023-1238 Cross-site Scripting (XSS) - Stored in answerdev/answer CWE-79 5.4 -2023-03-07
CVE-2023-1239 Cross-site Scripting (XSS) - Reflected in answerdev/answer CWE-79 6.1 -2023-03-07
CVE-2023-1240 Cross-site Scripting (XSS) - Stored in answerdev/answer CWE-79 5.4 -2023-03-07
CVE-2023-1241 Cross-site Scripting (XSS) - Stored in answerdev/answer CWE-79 5.4 -2023-03-07
CVE-2023-1242 Cross-site Scripting (XSS) - Stored in answerdev/answer CWE-79 5.4 -2023-03-07
CVE-2023-1243 Cross-site Scripting (XSS) - Stored in answerdev/answer CWE-79 5.4 -2023-03-07
CVE-2023-1244 Cross-site Scripting (XSS) - Stored in answerdev/answer CWE-79 5.4 -2023-03-07
CVE-2023-0934 Cross-site Scripting (XSS) - Stored in answerdev/answer CWE-79 5.4 -2023-02-21
CVE-2023-0744 Improper Access Control in answerdev/answer CWE-284 7.6 -2023-02-08
CVE-2023-0743 Cross-site Scripting (XSS) - Generic in answerdev/answer CWE-79 5.4 -2023-02-08

All 34 known CVE vulnerabilities affecting answerdev/answer with full Chinese analysis, references, and POCs where available.