Security: nvaccess/nvda
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Secure-screen add-on selection bypass when add-ons directory casing is not exactly "addons"GHSA-669f-7gpr-5vqm published
Jun 9, 2026 by seanbuddLow -
Remote Access doesn't check trusted certificates on reconnectGHSA-m268-mc77-j2cr published
Jun 9, 2026 by seanbuddCritical -
Invalid certificates can be used to block access to the built-in server or Secure Desktop over remote for another user.GHSA-42v6-wjv6-h3jj published
Dec 4, 2025 by seanbuddLow -
Remote: IPC file can be hijacked to cause a denial of service on secure screensGHSA-vr27-g5ph-xvq2 published
Dec 4, 2025 by seanbuddLow -
NVDA may launch with administrative privileges after installationGHSA-cq78-fjp7-3rp5 published
Mar 10, 2026 by seanbuddModerate -
Last braille text of currently opened session remains visible on the braille device when on secure screenGHSA-8f8q-2jc3-6rf4 published
Jun 29, 2025 by seanbuddLow -
The installer can load unwanted DLLs from its directoryGHSA-qf5h-qw92-rx2f published
Jun 29, 2025 by seanbuddHigh -
Reflected XSS through browseableMessageGHSA-xg6w-23rw-39r8 published
Feb 4, 2024 by seanbuddHigh -
Privilege escalation and unauthenticated system access via clipboard error dialogGHSA-h7pp-6jqw-g3pj published
Jan 29, 2024 by seanbuddHigh -
Python console access via "forgot my PIN" reset screenGHSA-fpwc-2gxx-j9v7 published
Jan 3, 2023 by seanbuddModerate