Version 4.27.1
selenium
Official Python bindings for Selenium WebDriver
Install Instructions
pip install selenium
Current Version Release Date November 26, 2024
Language Python
Package URL (purl) pkg:pip/selenium@4.27.1
Find selenium vulnerabilities in your supply chain.
selenium Vulnerabilities
Sort by
CVE (Latest)
CVE (Latest)
-
CVE (Latest)
-
CVE (Oldest)
-
CVSS Score (Highest)
-
CVSS Score (Lowest)
CVE  |
CVSS Score |
CWE(s) |
EPSS Score |
EPSS % |
Impacted Versions |
|---|---|---|---|---|---|
| CVE-2020-23452 | Medium 6.1 | CWE-79 | 0.00063 | 0.29557 |
|
| CVE-2023-5590 | High 7.5 | CWE-476 | 0.00066 | 0.31211 |
|
| CVE-2022-28108 | High 8.8 | CWE-352 | 0.00299 | 0.69102 |
|
selenium Vulnerability Remediation Guidance
| CVE | Description | Full list of Impacted Versions | Fix |
|---|---|---|---|
| CVE-2023-5590 | NULL Pointer Dereference in GitHub repository seleniumhq/selenium prior to 4.14.0. | 4.7.2, 4.4.0, 4.1.5, 4.0.0.b2.post1, 4.1.2, 4.10.0, 4.0.0a6.post1, 4.0.0rc3 (Show all) | Patch → NO_SAFE_VERSION |
| CVE-2022-28108 | Selenium Server (Grid) before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain. | 4.0.0.b2.post1, 4.0.0a6.post1, 4.0.0rc3, 4.0.0rc2, 4.0.0.rc1, 4.0.0.b4, 4.0.0.b3, 4.0.0.b2 (Show all) | Patch → NO_SAFE_VERSION |
| CVE-2020-23452 | A cross-site scripting (XSS) vulnerability in Selenium Grid v3.141.59 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the hub parameter under the /grid/console page. | 4.27.1, 4.7.2, 4.26.0, 4.27.0, 4.26.1, 4.17.1, 4.17.0, 4.4.0 (Show all) | Patch → NO_SAFE_VERSION |
Instantly see if these selenium vulnerabilities affect your code.
Dependencies
Packages using versions of selenium affected by its vulnerabilities
| Dependent Packages |
|---|
| urllib3[socks]<3,>=1.26 |
| trio~=0.17 |
| trio-websocket~=0.9 |
| certifi>=2021.10.8 |
| typing_extensions~=4.9 |
| websocket-client~=1.8 |