Kovidgoyal: >> Kitty >> 0.17.0 Security Vulnerabilities
open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document (e.g., a document opened in KDE ghostwriter).
CVSS Score
4.1
EPSS Score
0.0
Published
2025-04-20
The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message.
CVSS Score
9.8
EPSS Score
0.05
Published
2020-12-21