All 3 CVE vulnerabilities found in monkeytype, with AI-generated Chinese analysis, references, and POCs.
Vendor: monkeytypegame
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-66563 | Monkeytype vulnerable to stored XSS in approve quotes page CWE-79 | 6.1AI | MediumAI | 2025-12-04 |
| CVE-2025-59838 | Monkeytype Vulnerable to Self-XSS on loading saved custom text CWE-79 | 6.1AI | MediumAI | 2025-09-25 |
| CVE-2024-41127 | Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its `ci-failure-comment.yml` GitHub Workflow, enabling attackers to gain `pull-requests` write access. CWE-74 | 8.4 | High | 2024-08-02 |
All 3 known CVE vulnerabilities affecting monkeytype with full Chinese analysis, references, and POCs where available.