Vulnerability	Vulnerable Version
M Insecure Encryption qutebrowser is a keyboard-driven, vim-like browser based on PyQt5. Affected versions of this package are vulnerable to Insecure Encryption due to usage of insecure SSL ciphers. Note: This issue affects only users of Ubuntu Trusty. How to fix Insecure Encryption? Upgrade `qutebrowser` to version 0.1.4 or higher.	[,0.1.4)
H Cross-site Request Forgery (CSRF) qutebrowser is a keyboard-driven, vim-like browser based on PyQt5. Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). This may be exploited to cause websites to access `qute://*` URLS. Furthermore, a malicious actor could exploit this to load a `qute://settings/set` URL, which sets `editor.command` to a bash script, resulting in arbitrary code execution. How to fix Cross-site Request Forgery (CSRF)? Upgrade `qutebrowser` to version 1.4.1 or higher.	[,1.4.1)
L Detection of Error Condition Without Action qutebrowser is a keyboard-driven, vim-like browser based on PyQt5. Affected versions of this package are vulnerable to Detection of Error Condition Without Action. Eeloading a page with certificate errors shows a green URL. After a certificate error was overridden by the user, qutebrowser displays the URL as yellow (`colors.statusbar.url.warn.fg`). However, when the affected website is subsequently loaded again, the URL is mistakenly displayed as green (`colors.statusbar.url.success_https`). How to fix Detection of Error Condition Without Action? Upgrade `qutebrowser` to version 1.11.1 or higher.	[,1.11.1)

Go back to all versions of this package