Dani-garcia Vaultwarden
14 CVEs affecting Dani-garcia Vaultwarden. Latest disclosed: 2026-05-11. Critical: 0, High: 8.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-43912 | High | 8.7 | 2026-05-11 | Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden does not enforce that a groups_users.users_organizations_uuid entry… |
CVE-2026-27803 | High | 8.3 | 2026-03-04 | Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to version 1.35.4, when a Manager has manage=fa… |
CVE-2026-27802 | High | 8.3 | 2026-03-04 | Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to version 1.35.4, there is a privilege escalat… |
CVE-2026-43913 | High | 8.1 | 2026-05-11 | Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden allows an unconfirmed organization owner to purge the entire organiz… |
CVE-2025-24365 | High | 8.1 | 2025-01-27 | vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Attacker can obtain owner rights of other organizatio… |
CVE-2024-56335 | High | 7.6 | 2024-12-20 | vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. In affected versions an attacker is capable of updati… |
CVE-2026-43914 | High | 7.3 | 2026-05-11 | Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.4, there is a security vulnerability in Vaultwarden that allows bypassing the login… |
CVE-2025-24364 | High | 7.2 | 2025-01-27 | vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Attacker with authenticated access to the vaultwarden… |
CVE-2026-43911 | Medium | 6.8 | 2026-05-11 | Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, refresh tokens are not invalidated when the user's security_stamp is rotated by… |
CVE-2026-26012 | Medium | 6.5 | 2026-02-11 | vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to 1.35.3, a regular organization member can re… |
CVE-2026-31835 | Medium | 5.4 | 2026-05-05 | Vaultwarden is a Bitwarden-compatible server written in Rust. In versions 1.35.4 and earlier, the WebAuthn authentication flow in `validate_webauthn_login()` u… |
CVE-2026-27898 | Medium | 5.4 | 2026-03-04 | Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to version 1.35.4, an authenticated regular use… |
CVE-2026-33420 | Medium | 5.3 | 2026-05-05 | Vaultwarden is a Bitwarden-compatible server written in Rust. In version 1.35.4 and earlier, the get_org_collections_details endpoint (GET /api/organizations/{… |
CVE-2026-27801 | | 2026-03-04 | Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Vaultwarden versions 1.34.3 and prior are susceptible… |