Keepass

Do you want an email whenever new security vulnerabilities are reported in Keepass?

By the Year

In 2024 there have been 0 vulnerabilities in Keepass . Last year Keepass had 2 security vulnerabilities published. Right now, Keepass is on track to have less security vulnerabilities in 2024 than it did last year.

Year	Vulnerabilities	Average Score
2024	0	0.00
2023	2	6.50
2022	1	7.50
2021	0	0.00
2020	1	7.80
2019	0	0.00
2018	0	0.00

It may take a day or so for new Keepass vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Keepass Security Vulnerabilities

In KeePass 2.x before 2.54, it is possible to recover the cleartext master password

CVE-2023-32784 7.5 - High - May 15, 2023

In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.

Cleartext Transmission of Sensitive Information

KeePass through 2.53 (in a default installation)

CVE-2023-24055 5.5 - Medium - January 22, 2023

KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. NOTE: the vendor's position is that the password database is not intended to be secure against an attacker who has that level of access to the local PC.

Cleartext Storage of Sensitive Information

A flaw was found in keepass

CVE-2022-0725 7.5 - High - March 10, 2022

A flaw was found in keepass. The vulnerability occurs due to logging the plain text passwords in system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to interact and read sensitive passwords and logs.

Insertion of Sensitive Information into Log File

KeePass 2.4.1 allows CSV injection in the title field of a CSV export.

CVE-2019-20184 7.8 - High - January 09, 2020

KeePass 2.4.1 allows CSV injection in the title field of a CSV export.

CSV Injection

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Keepass or by Keepass? Click the Watch button to subscribe.

Keepass
Vendor

Keepass
Product

Keepass

By the Year

Recent Keepass Security Vulnerabilities

In KeePass 2.x before 2.54, it is possible to recover the cleartext master password CVE-2023-32784 7.5 - High - May 15, 2023

KeePass through 2.53 (in a default installation) CVE-2023-24055 5.5 - Medium - January 22, 2023

A flaw was found in keepass CVE-2022-0725 7.5 - High - March 10, 2022

KeePass 2.4.1 allows CSV injection in the title field of a CSV export. CVE-2019-20184 7.8 - High - January 09, 2020