This page lists publicly disclosed CVE vulnerabilities affecting gnu savane (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-56355 | GNU Savannah Administration Savane through 3.17 uses untrusted data as part of authorization. | [email protected] | 3.7 | 0.35% | 2026-06-20 | 2026-06-22 |
| CVE-2024-29399 | An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component. | [email protected] | 7.6 | 0.95% | 2024-04-11 | 2026-06-17 |
| CVE-2024-27632 | An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the form_id in the form_header() function. | [email protected] | 8.8 | 1.27% | 2024-04-08 | 2026-06-17 |
| CVE-2024-27631 | Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via siteadmin/usergroup.php | [email protected] | 6.0 | 0.45% | 2024-04-08 | 2026-06-17 |
| CVE-2024-27630 | Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackers_data_delete_file function. | [email protected] | 7.5 | 0.82% | 2024-04-08 | 2026-06-17 |