PrivateBin - 6 CVEs (Page 1/1)

About “PrivateBin”

A curated feed of “PrivateBin”-related CVEs appears below. We currently track 6 CVEs for this tag (all time). In the last 365 days, 3 were published. Average CVSS is 5.9 (all time; 5.2 over 365d), and 17% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-23 - Relative Path Traversal.

In our taxonomy this topic maps to a LOW impact class. CMS and plugins expand attack surface. Patch core, themes, and plugins, remove abandoned extensions, restrict admin access, enable WAF, and keep backups. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: privatebin

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

Cycle	Release	Latest	EOL
2.0	2025-07-28	2.0.4	-
1.7	2024-02-11	1.7.9	2025-07-28 Expired
1.6	2023-09-11	1.6.2	2024-02-12 Expired
1.5	2022-12-11	1.5.2	2023-09-12 Expired
1.4	2022-04-09	1.4.0	2022-12-11 Expired
1.3	2019-07-09	1.3.5	2022-04-09 Expired
1.2	2018-07-22	1.2.3	2019-07-10 Expired
1.1	2016-12-26	1.1.1	2018-07-22 Expired
1.0	2016-08-25	1.0	2016-12-26 Expired

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS (expired) · ICS

Subscribe CVEs: RSS for “PrivateBin” · RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0

2025-11-13

Medium

CVE-2025-64714

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Starting in version 1.7.7 and prior to version 2.0.3, an unauthenticated Local File Inclusion exists in the templa…

CVSS: 5.8 CWE: CWE-23 - Relative Path Traversal View on NVD

Low

CVE-2025-64711

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Starting in version 1.7.7 and prior to version 2.0.3, dragging a file whose filename contains HTML is reflected ve…

CVSS: 3.9 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2025-10-28

Medium

CVE-2025-62796

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Versions 1.7.7 through 2.0.1 allow persistent HTML injection via the unsanitized attachment filename (attachment_n…

CVSS: 5.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2024-07-09

Medium

CVE-2024-39899

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. In v1.5, PrivateBin introduced the YOURLS server-side proxy. The idea was to allow using the YOURLs URL shortener…

CVSS: 5.3 CWE: CWE-305 - Authentication Bypass by Primary Weakness View on NVD

2022-04-11

High

CVE-2022-24833

PrivateBin is minimalist, open source online pastebin clone where the server has zero knowledge of pasted data. In PrivateBin < v1.4.0 a cross-site scripting (XSS) vulnerability was found. The vulner…

CVSS: 8.2 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2020-01-23

Medium

CVE-2020-5223

In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a persistent XSS attack is possible. Under certain conditions, a user provided attachment file name can inject HTML leading to a per…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD