This page aggregates publicly disclosed CVE and security risk information related to stepmania, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2022-25010 | The component /rootfs in RageFile of Stepmania v5.1b2 and below allows attackers access to the entire file system. | [email protected] | 9.1 | 0.96% | 2022-03-01 | 2026-06-17 |
| CVE-2020-20412 | lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file. NOTE: this may overlap CVE-2018-5146. | [email protected] | 6.5 | 1.03% | 2020-12-25 | 2026-06-16 |