Tandoorrecipes Recipes
16 CVEs affecting Tandoorrecipes Recipes. Latest disclosed: 2026-04-10. Critical: 2, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-23211 | Critical | 10.0 | 2025-01-28 | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute com… |
CVE-2026-33152 | Critical | 9.1 | 2026-03-26 | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, Tandoor Recipes configures Dja… |
CVE-2025-23213 | High | 8.7 | 2025-01-28 | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The file upload feature allows to upload arbitrary files… |
CVE-2026-35488 | High | 8.1 | 2026-04-07 | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, RecipeBookViewSet and RecipeBookEntryViewS… |
CVE-2026-35045 | High | 8.1 | 2026-04-06 | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the PUT /api/recipe/batch_update/ endpoint… |
CVE-2026-33149 | High | 8.1 | 2026-03-26 | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Versions up to and including 2.5.3 set ALLOWED_HOSTS = '*'… |
CVE-2026-25991 | High | 7.7 | 2026-02-13 | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, there is a Blind Server-Side Request Forge… |
CVE-2025-23212 | High | 7.7 | 2025-01-28 | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The external storage feature allows any user to enumerate… |
CVE-2026-35489 | High | 7.3 | 2026-04-07 | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the POST /api/food/{id}/shopping/ endpoint… |
CVE-2026-27460 | Medium | 6.5 | 2026-04-10 | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.5, a critical Denial of Service (DoS) vulnera… |
CVE-2026-33148 | Medium | 6.5 | 2026-03-26 | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the FDC (USDA FoodData Central… |
CVE-2026-35046 | Medium | 5.4 | 2026-04-06 | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, Tandoor Recipes allows authenticated users… |
CVE-2026-29055 | Medium | 5.3 | 2026-03-26 | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the image processing pipeline… |
CVE-2026-25964 | Medium | 4.9 | 2026-02-13 | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, a Path Traversal vulnerability in the Reci… |
CVE-2026-33153 | | 2026-03-26 | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the Recipe API endpoint expose… | |
CVE-2026-28503 | | 2026-03-26 | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the `SyncViewSet.query_synced_… |