Approved changes feed: RSS · Atom

cpe:2.3:a:ankiweb:anki:24.04:*:*:*:*:*:*:*

part: a version: 24.04 update: *

VendorAnkiweb (37cb533b-640e-5ad9-a745-67641ea6740e)
ProductAnki (be435a3b-3e38-547b-8831-f9d79d221ee0)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:cargo/anki purl2cpe 2026-06-01 10:14:50.075949
pkg:deb/debian/anki purl2cpe 2026-06-01 10:14:50.075952
pkg:deb/ubuntu/anki purl2cpe 2026-06-01 10:14:50.075956
pkg:github/ankitects/anki purl2cpe 2026-06-01 10:14:50.075960
pkg:pypi/anki purl2cpe 2026-06-01 10:14:50.075963

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-29073 vulnerable 2026-06-08 06:33:28.649980 Details available
MEDIUM (5.3)
An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many Latex distributions, has been overlooked. A specially crafted flashcard can lead to an arbitrary file read. An attacker can share a flashcard to trigger this vulnerability.
Published: 2024-07-22T14:20:27.250Z
Updated: 2025-11-04T17:19:51.639Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-26020 vulnerable 2026-06-08 06:31:24.661728 Details available
CRITICAL (9.6)
An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary code execution. An attacker can send malicious flashcard to trigger this vulnerability.
Published: 2024-07-22T14:20:26.617Z
Updated: 2025-11-04T17:14:34.137Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.