Keepass Keepass

  1. Vendors
  2. Keepass

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Keepass product.

RSS Feeds for Keepass security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Keepass products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Keepass Sorted by Most Security Vulnerabilities since 2018

Keepass4 vulnerabilities

Keepass Password Safe1 vulnerability

By the Year

In 2026 there have been 1 vulnerability in Keepass with an average score of 7.5 out of ten. Keepass did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2026 as compared to last year.




Year Vulnerabilities Average Score
2026 1 7.50
2025 0 0.00
2024 0 0.00
2023 2 6.50
2022 1 7.50
2021 0 0.00
2020 1 0.00

It may take a day or so for new Keepass vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Keepass Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2020-37178 Feb 11, 2026
KeePass Password Safe <2.44 DOS via Help System HTML Drag-Drop KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling. Attackers can trigger the vulnerability by dragging and dropping malicious HTML files into the help area, potentially causing application instability or crash.
Password Safe
CVE-2023-32784 May 15, 2023
KeePass 2.x < 2.54: Master Password Recoverable from Memory Dump In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.
Keepass
CVE-2023-24055 Jan 22, 2023
KeePass <2.53: XML Config Write Cleartext Password Leak via Export Trigger KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. NOTE: the vendor's position is that the password database is not intended to be secure against an attacker who has that level of access to the local PC.
Keepass
CVE-2022-0725 Mar 10, 2022
A flaw was found in keepass A flaw was found in keepass. The vulnerability occurs due to logging the plain text passwords in system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to interact and read sensitive passwords and logs.
Keepass
CVE-2019-20184 Jan 09, 2020
KeePass 2.4.1 allows CSV injection in the title field of a CSV export. KeePass 2.4.1 allows CSV injection in the title field of a CSV export.
Keepass
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.