calibre-ebook CVE Vulnerabilities & Metrics

Focus on calibre-ebook vulnerabilities and metrics.

Last updated: 08 May 2025, 22:25 UTC

About calibre-ebook Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with calibre-ebook. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total calibre-ebook CVEs: 10
Earliest CVE date: 16 Mar 2017, 15:59 UTC
Latest CVE date: 06 Aug 2024, 04:16 UTC

Latest CVE reference: CVE-2024-7009

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 3

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 200.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 200.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical calibre-ebook CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 4.54

Max CVSS: 10.0

Critical CVEs (≥9): 3

CVSS Range vs. Count

Range Count
0.0-3.9 4
4.0-6.9 3
7.0-8.9 0
9.0-10.0 3

CVSS Distribution Chart

Top 5 Highest CVSS calibre-ebook CVEs

These are the five CVEs with the highest CVSS scores for calibre-ebook, sorted by severity first and recency.

All CVEs for calibre-ebook

CVE-2024-7009 calibre-ebook vulnerability CVSS: 0 06 Aug 2024, 04:16 UTC

Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database.

CVE-2024-7008 calibre-ebook vulnerability CVSS: 0 06 Aug 2024, 04:16 UTC

Unsanitized user-input in Calibre <= 7.15.0 allow attackers to perform reflected cross-site scripting.

CVE-2024-6781 calibre-ebook vulnerability CVSS: 0 06 Aug 2024, 04:16 UTC

Path traversal in Calibre <= 7.14.0 allow unauthenticated attackers to achieve arbitrary file read.

CVE-2023-46303 calibre-ebook vulnerability CVSS: 0 22 Oct 2023, 18:15 UTC

link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root.

CVE-2021-44686 calibre-ebook vulnerability CVSS: 5.0 07 Dec 2021, 00:15 UTC

calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py.

CVE-2011-4126 calibre-ebook vulnerability CVSS: 9.3 27 Oct 2021, 01:15 UTC

Race condition issues were found in Calibre at devices/linux_mount_helper.c allowing unprivileged users the ability to mount any device to anywhere.

CVE-2011-4125 calibre-ebook vulnerability CVSS: 10.0 27 Oct 2021, 01:15 UTC

A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root.

CVE-2011-4124 calibre-ebook vulnerability CVSS: 10.0 27 Oct 2021, 01:15 UTC

Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to argument injection and elevation of privileges.

CVE-2018-7889 calibre-ebook vulnerability CVSS: 6.8 08 Mar 2018, 21:29 UTC

gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call.

CVE-2016-10187 calibre-ebook vulnerability CVSS: 4.3 16 Mar 2017, 15:59 UTC

The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript.