CVE-2025-45663
An issue in NetSurf v3.11 causes the application to read uninitialized heap memory when creating a dom_event structure.
CVE-2025-29699
NetSurf 3.11 is vulnerable to Use After Free in dom_node_set_text_content function.
CVE-2024-51317
An issue in NetSurf v.3.11 allows a remote attacker to execute arbitrary code via the dom_node_normalize function