thelibrarian CVE Vulnerabilities & Metrics

Focus on thelibrarian vulnerabilities and metrics.

Last updated: 15 Feb 2026, 23:25 UTC

About thelibrarian Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with thelibrarian. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total thelibrarian CVEs: 4
Earliest CVE date: 16 Jan 2026, 13:16 UTC
Latest CVE date: 16 Jan 2026, 13:16 UTC

Latest CVE reference: CVE-2026-0616

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 4

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): -100.0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): -100.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical thelibrarian CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.0

Max CVSS: 0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	4
4.0-6.9	0
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS thelibrarian CVEs

These are the five CVEs with the highest CVSS scores for thelibrarian, sorted by severity first and recency.

CVE-2026-0616 thelibrarian Published on 16 Jan 2026, 13:16 UTC (CVSS: 0)
TheLibrarians web_fetch tool can be used to retrieve the Adminer interface content, which can then be used to log into the internal TheLibrarian backend system. The vendor has fixed the vulnerability in all affected versions.
CVE-2026-0615 thelibrarian Published on 16 Jan 2026, 13:16 UTC (CVSS: 0)
The Librarian `supervisord` status page can be retrieved by the `web_fetch` tool, which can be used to retrieve running processes within TheLibrarian backend. The vendor has fixed the vulnerability in all affected versions.
CVE-2026-0613 thelibrarian Published on 16 Jan 2026, 13:16 UTC (CVSS: 0)
The Librarian contains an internal port scanning vulnerability, facilitated by the `web_fetch` tool, which can be used with SSRF-style behavior to perform GET requests to internal IP addresses and services, enabling scanning of the Hertzner cloud environment that TheLibrarian uses. The vendor has fixed the vulnerability in all affected versions.
CVE-2026-0612 thelibrarian Published on 16 Jan 2026, 13:16 UTC (CVSS: 0)
The Librarian contains a information leakage vulnerability through the `web_fetch` tool, which can be used to retrieve arbitrary external content provided by an attacker, which can be used to proxy requests through The Librarian infrastructure. The vendor has fixed the vulnerability in all versions of TheLibrarian.

All CVEs for thelibrarian

CVE-2026-0616 thelibrarian vulnerability CVSS: 0 16 Jan 2026, 13:16 UTC

TheLibrarians web_fetch tool can be used to retrieve the Adminer interface content, which can then be used to log into the internal TheLibrarian backend system. The vendor has fixed the vulnerability in all affected versions.

CVE-2026-0615 thelibrarian vulnerability CVSS: 0 16 Jan 2026, 13:16 UTC

The Librarian `supervisord` status page can be retrieved by the `web_fetch` tool, which can be used to retrieve running processes within TheLibrarian backend. The vendor has fixed the vulnerability in all affected versions.

CVE-2026-0613 thelibrarian vulnerability CVSS: 0 16 Jan 2026, 13:16 UTC

The Librarian contains an internal port scanning vulnerability, facilitated by the `web_fetch` tool, which can be used with SSRF-style behavior to perform GET requests to internal IP addresses and services, enabling scanning of the Hertzner cloud environment that TheLibrarian uses. The vendor has fixed the vulnerability in all affected versions.

CVE-2026-0612 thelibrarian vulnerability CVSS: 0 16 Jan 2026, 13:16 UTC

The Librarian contains a information leakage vulnerability through the `web_fetch` tool, which can be used to retrieve arbitrary external content provided by an attacker, which can be used to proxy requests through The Librarian infrastructure. The vendor has fixed the vulnerability in all versions of TheLibrarian.