📦 Mealie

CVE-2025-56795 is a stored cross-site scripting vulnerability in Mealie recipe management software. Attackers can inject malicious scripts into recipe notes and text fields that execute when other use...

A Broken Object Level Authorization vulnerability in Mealie v2.2.0 allows authenticated users to modify their own profile to escalate privileges or change household assignments. This affects all Meali...

A stored HTML injection vulnerability in Mealie 3.3.1 allows authenticated users to inject arbitrary HTML into recipe notes, which can lead to user interface redressing attacks. This affects all users...

A stored cross-site scripting (XSS) vulnerability in Mealie 3.3.1 allows authenticated users to upload malicious SVG files that execute arbitrary JavaScript when viewed by other users. This affects al...