craws CVE Vulnerabilities & Metrics

Focus on craws vulnerabilities and metrics.

Last updated: 16 Jan 2026, 23:25 UTC

About craws Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with craws. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total craws CVEs: 16
Earliest CVE date: 04 Aug 2025, 15:15 UTC
Latest CVE date: 24 Nov 2025, 16:15 UTC

Latest CVE reference: CVE-2025-60917

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 16

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): -100.0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): -100.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical craws CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.0

Max CVSS: 0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range Count
0.0-3.9 16
4.0-6.9 0
7.0-8.9 0
9.0-10.0 0

CVSS Distribution Chart

Top 5 Highest CVSS craws CVEs

These are the five CVEs with the highest CVSS scores for craws, sorted by severity first and recency.

All CVEs for craws

CVE-2025-60917 craws vulnerability CVSS: 0 24 Nov 2025, 16:15 UTC

A reflected cross-site scripting (XSS) vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the color parameter.

CVE-2025-60916 craws vulnerability CVSS: 0 24 Nov 2025, 16:15 UTC

A reflected cross-site scripting (XSS) vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the charge parameter.

CVE-2025-60915 craws vulnerability CVSS: 0 24 Nov 2025, 16:15 UTC

An issue in the size query parameter (/views/file.py) of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute a path traversal via a crafted request.

CVE-2025-60914 craws vulnerability CVSS: 0 24 Nov 2025, 16:15 UTC

Incorrect access control in Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to access sensitive information via sending a crafted GET request to the /display_logo endpoint.

CVE-2025-56423 craws vulnerability CVSS: 0 24 Nov 2025, 16:15 UTC

An issue in Austrian Academy of Sciences (AW) Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages

CVE-2025-40709 craws vulnerability CVSS: 0 29 Aug 2025, 12:15 UTC

Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via  the "/insert/person/<ID>” petition, "name" and "alias-0” parameters.

CVE-2025-40708 craws vulnerability CVSS: 0 29 Aug 2025, 12:15 UTC

Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via  the "/insert/event" petition, "name" parameter.

CVE-2025-40707 craws vulnerability CVSS: 0 29 Aug 2025, 12:15 UTC

Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via  the "/insert/place" petition, "name" and "alias-0” parameters.

CVE-2025-40706 craws vulnerability CVSS: 0 29 Aug 2025, 12:15 UTC

Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via  the "/insert/source" petition, "name" parameter.

CVE-2025-40705 craws vulnerability CVSS: 0 29 Aug 2025, 12:15 UTC

Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via  the "/insert/acquisition" petition, "name" parameter.

CVE-2025-40704 craws vulnerability CVSS: 0 29 Aug 2025, 12:15 UTC

Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via  the "/insert/edition" petition, "name" parameter.

CVE-2025-40703 craws vulnerability CVSS: 0 29 Aug 2025, 12:15 UTC

Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via  the "/insert/group" petition, "name" and "alias-0” parameters.

CVE-2025-40702 craws vulnerability CVSS: 0 29 Aug 2025, 12:15 UTC

Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via  the "/insert/file" petition, "creator" and "license_holder" parameters.

CVE-2025-51535 craws vulnerability CVSS: 0 04 Aug 2025, 17:15 UTC

Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a SQL injection vulnerability.

CVE-2025-51534 craws vulnerability CVSS: 0 04 Aug 2025, 17:15 UTC

A cross-site scripting (XSS) vulnerability in Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field.

CVE-2025-51536 craws vulnerability CVSS: 0 04 Aug 2025, 15:15 UTC

Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a hardcoded Administrator password.