Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A keyboard-driven, vim-like browser based on Python and Qt
Version 3.1.0-2 [extra]


Group Affected Fixed Severity Status Ticket
AVG-2491 2.3.1-1 High Not affected
AVG-1152 1.11.0-1 1.11.1-1 Low Fixed
AVG-735 1.4.0-1 1.4.1-1 Critical Fixed
AVG-724 1.3.2-1 1.3.3-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2021-41146 AVG-2491 High Yes Arbitrary code execution
Starting with qutebrowser v1.7.0, the Windows installer for qutebrowser registers it as a handler for certain URL schemes. With some applications such as...
CVE-2020-11054 AVG-1152 Low Yes Certificate verification bypass
In qutebrowser before version 1.11.1 there is an issue where after a certificate error was overridden by the user, qutebrowser displays the URL as yellow...
CVE-2018-1000559 AVG-724 Medium Yes Cross-site scripting
qutebrowser before 1.3.3 contains a Cross Site Scripting (XSS) vulnerability that can result in a website stealing the user's browsing history. This attack...
CVE-2018-10895 AVG-735 Critical Yes Arbitrary code execution
Due to a CSRF vulnerability affecting the qute://settings page, it was possible for websites to modify qutebrowser settings. Via settings like...


Date Advisory Group Severity Type
07 May 2020 ASA-202005-5 AVG-1152 Low certificate verification bypass
11 Jul 2018 ASA-201807-3 AVG-735 Critical arbitrary code execution
26 Jun 2018 ASA-201806-13 AVG-724 Medium cross-site scripting