Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

recipes — Vulnerabilities & Security Advisories 21

All 21 CVE vulnerabilities found in recipes, with AI-generated Chinese analysis, references, and POCs.

Vendor: recipes

CVE IDTitleCVSSSeverityPublished
CVE-2026-27460 Tandoor Recipes Affected by Denial of Service via Recipe Import CWE-409 6.5 Medium2026-04-10
CVE-2026-35489 Tandoor Recipes — `amount`/`unit` bypass serializer in `food/{id}/shopping/` CWE-639 7.3 High2026-04-07
CVE-2026-35488 Tandoor Recipes — CustomIsShared permits DELETE/PUT on RecipeBook by shared (read-only) users CWE-749 8.1 High2026-04-07
CVE-2026-35046 Tandoor has a Stored CSS Injection via <style> Tag in Recipe Instructions (API-Level) CWE-79 5.4 Medium2026-04-06
CVE-2026-35045 Tandoor Recipes Affected by Private Recipe Exposure and Unauthorized Modification CWE-639 8.1 High2026-04-06
CVE-2026-33152 Tandoor Recipes Vulnerable to Unrestricted Brute-Force via BasicAuthentication CWE-307 9.1 Critical2026-03-26
CVE-2026-33153 Tandoor Recipes's Unauthenticated Debug Parameter Leaks Full Raw SQL Queries Including Schema, Table Names, and Access Control Logic CWE-89 6.5 -2026-03-26
CVE-2026-33148 URL Parameter Injection in FDC Food Search API Causes Server Crash and Exposes Internal API Key CWE-74 6.5 Medium2026-03-26
CVE-2026-29055 Tandoor Recipes: WebP and GIF Image Uploads Bypass EXIF/Metadata Stripping, Leaking GPS Coordinates and PII CWE-1230 5.3 Medium2026-03-26
CVE-2026-28503 Tandoor Recipes has Cross-Space IDOR in SyncViewSet.query_synced_folder: missing space scoping on get_object_or_404 CWE-639 6.5 -2026-03-26
CVE-2026-33149 Tandoor Recipes Vulnerable to Host Header Injection CWE-644 8.1 High2026-03-26
CVE-2026-25991 Tandoor Recipes affected by Blind SSRF with Internal Network Access via Recipe Import CWE-918 7.7 High2026-02-13
CVE-2026-25964 Tandoor Recipes Affected by Authenticated Local File Disclosure (LFD) via Recipe Import leads to Arbitrary File Read CWE-22 4.9 Medium2026-02-13
CVE-2025-23213 Tandoor Recipes - Stored XSS through Unrestricted File Upload CWE-434 8.7 High2025-01-28
CVE-2025-23212 Tandoor Recipes - Local file disclosure - Users can read the content of any file on the server CWE-200 7.7 High2025-01-28
CVE-2025-23211 Tandoor Recipes - SSTI - Remote Code Execution CWE-1336 10.0 Critical2025-01-28
CVE-2024-0403 Recipes 1.5.10 - Blind SSRF CWE-918 6.5 Medium2024-02-29
CVE-2022-23074 Recipes - Stored XSS in Name Parameter CWE-79 5.4 -2022-06-21
CVE-2022-23073 Recipes - Stored XSS in Clipboard CWE-79 5.4 -2022-06-21
CVE-2022-23072 Recipes - Stored XSS in Add to Cart CWE-79 5.4 -2022-06-21
CVE-2022-23071 Recipes - SSRF on Import CWE-918 6.5 -2022-06-19

All 21 known CVE vulnerabilities affecting recipes with full Chinese analysis, references, and POCs where available.