Vulnerability	Vulnerable Version
H Cross-site Request Forgery (CSRF) qutebrowser is a keyboard-driven, vim-like browser based on PyQt5. Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). This may be exploited to cause websites to access `qute://*` URLS. Furthermore, a malicious actor could exploit this to load a `qute://settings/set` URL, which sets `editor.command` to a bash script, resulting in arbitrary code execution. How to fix Cross-site Request Forgery (CSRF)? Upgrade `qutebrowser` to version 1.4.1 or higher.	[,1.4.1)
L Detection of Error Condition Without Action qutebrowser is a keyboard-driven, vim-like browser based on PyQt5. Affected versions of this package are vulnerable to Detection of Error Condition Without Action. Eeloading a page with certificate errors shows a green URL. After a certificate error was overridden by the user, qutebrowser displays the URL as yellow (`colors.statusbar.url.warn.fg`). However, when the affected website is subsequently loaded again, the URL is mistakenly displayed as green (`colors.statusbar.url.success_https`). How to fix Detection of Error Condition Without Action? Upgrade `qutebrowser` to version 1.11.1 or higher.	[,1.11.1)
M Cross-site Scripting (XSS) qutebrowser is a keyboard-driven, vim-like browser based on PyQt5. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the history command. A malicious user could inject a javascript code and might steal a user's browsing history when the user visits a page with an html input element as it's title. How to fix Cross-site Scripting (XSS)? Upgrade `qutebrowser` to version 1.3.3 or higher.	[0.1.1,1.3.3)

Go back to all versions of this package