CVE security advisories and vulnerability history for bookstack by bookstackapp.
23
Total CVEs
Published
0
In CISA KEV
Exploited in the wild
2
Public exploits
With known exploit
6.0
Avg CVSS
2018–2026
Last updated
Overview
bookstackapp bookstack has 23 published CVE records since 2018, of which 0 are in CISA's Known Exploited Vulnerabilities catalog and 2 have a known public exploit. The average CVSS base score across scored CVEs is 6.0.
This page aggregates every publicly disclosed vulnerability (CVE) affecting bookstackapp bookstack, with a severity breakdown, the affected and patched versions, the most common weakness types, and the full CVE list.
Severity and exploitation
How the CVSS severity of bookstackapp bookstack's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.
Critical0
High6
Medium14
Low2
1 additional CVE has no CVSS severity score.
In CISA’s Known Exploited Vulnerabilities catalog
0
None of bookstackapp bookstack's CVEs are currently listed in CISA's KEV catalog.
Public exploits
2
2 of bookstackapp bookstack's CVEs have a known public exploit available.
Affected versions and CVEs
Browse every bookstackapp bookstack version named in a CVE, then pick one to see only the CVEs that affect it.
Common questions about bookstackapp bookstack vulnerabilities.
How many CVEs does bookstackapp bookstack have?
bookstackapp bookstack has 23 published CVE records since 2018.
How many bookstackapp bookstack CVEs are in CISA KEV?
None of bookstackapp bookstack's CVEs are currently listed in CISA's Known Exploited Vulnerabilities catalog.
Are there public exploits for bookstackapp bookstack vulnerabilities?
Yes — 2 of bookstackapp bookstack's CVEs have a known public exploit.
Which versions of bookstackapp bookstack are affected?
241 distinct bookstackapp bookstack versions are named across its CVEs. Use the version filter above to see the CVEs affecting a specific version.
What are the most common weakness types in bookstackapp bookstack CVEs?
bookstackapp bookstack's CVEs most often map to these CWE weakness types: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-918 (Server-Side Request Forgery (SSRF)), CWE-284 (Improper Access Control), CWE-22 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')).
What is the average severity of bookstackapp bookstack CVEs?
The average CVSS base score across bookstackapp bookstack's scored CVEs is 6.0.
