Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

kovidgoyal — Vulnerabilities & Security Advisories 18

Browse all 18 CVE security advisories affecting kovidgoyal. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Kovidgoyal develops open-source software primarily used for web scraping and automation, with applications in data extraction and process automation. Historically, their code has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and insecure deserialization. The researcher has disclosed multiple critical flaws affecting various projects, including some that allowed attackers to execute arbitrary code or bypass security controls. While no major public security incidents have been directly attributed to kovidgoyal's work, their CVE history indicates a pattern of security weaknesses that require careful mitigation when implementing their tools in production environments.

Top products by kovidgoyal: calibre kitty
CVE IDTitleCVSSSeverityPublished
CVE-2026-54057 Kitty vulnerable to command injection via unsanitized OSC 21 query reply — kittyCWE-94--2026-06-12
CVE-2026-54056 Kitty has an arbitrary file overwrite via symlink following in `kitten dnd` remote drop staging — kittyCWE-59 7.6 High2026-06-12
CVE-2026-54055 Kitty has an Arbitrary File Write via Symlink Race Condition in File Transmission Protocol — kittyCWE-59 5.0 Medium2026-06-12
CVE-2026-42851 @kitty-edit DCS + --color=geninclude vulnerable to Unauthenticated in-process RCE — kittyCWE-94 7.8 High2026-06-12
CVE-2026-42850 Kitty has a shell command injection — kittyCWE-77--2026-06-12
CVE-2026-33642 Kitty has a Heap Buffer Over-Read/Write via Integer Overflow in compose_rectangles Bounds Check — kittyCWE-190 9.9 Critical2026-05-19
CVE-2026-33633 Kitty has a Heap Buffer Overflow in its Graphics Protocol Handler — kittyCWE-122 7.5 High2026-05-19
CVE-2026-33206 calibre has a path traversal vulnerability — calibreCWE-23 9.8 -2026-03-27
CVE-2026-33205 calibre has Server-Side Request Forgery in ebook viewer backend — calibreCWE-918 8.6 -2026-03-27
CVE-2026-30853 calibre has a Path Traversal Leading to Arbitrary File Write — calibreCWE-22 5.0 Medium2026-03-13
CVE-2026-27824 calibre has IP Ban Bypass via X-Forwarded-For Header Spoofing — calibreCWE-307 5.3 Medium2026-02-27
CVE-2026-27810 calibre Vulnerable to HTTP Response Header Injection — calibreCWE-113 6.4 Medium2026-02-27
CVE-2026-26065 calibre: Path Traversal can Lead to Arbitrary File Write and Potential Code Execution — calibreCWE-22 8.8 -2026-02-20
CVE-2026-26064 calibre: Path Traversal Vulnerability Enables Arbitrary File Write and Remote Code Execution — calibreCWE-22 8.8 -2026-02-20
CVE-2026-25731 Calibre Affected by Arbitrary Code Execution via Server-Side Template Injection in Calibre HTML Export — calibreCWE-1336 7.8 High2026-02-06
CVE-2026-25635 calibre has a Path Traversal Leading to Arbitrary File Write and Potential Code Execution — calibreCWE-22 8.6 High2026-02-06
CVE-2026-25636 calibre has a Path Traversal Leading to Arbitrary File Corruption and Code Execution — calibreCWE-22 8.2 High2026-02-06
CVE-2025-64486 calibre is vulnerable to arbitrary code execution when opening FB2 files — calibreCWE-73 7.8 -2025-11-07

This page lists every published CVE security advisory associated with kovidgoyal. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.