Lucene search

Jgraph Security Vulnerabilities

cve

CVE-2023-3974

OS Command Injection in GitHub repository jgraph/drawio prior to...

9.8CVSS

9.7AI Score

0.001EPSS

2023-07-27 03:15 PM

cve

CVE-2023-3973

Cross-site Scripting (XSS) - Reflected in GitHub repository jgraph/drawio prior to...

6.1CVSS

6.2AI Score

0.001EPSS

2023-07-27 03:15 PM

cve

CVE-2023-3975

OS Command Injection in GitHub repository jgraph/drawio prior to...

9.8CVSS

9.4AI Score

0.001EPSS

2023-07-27 03:15 PM

cve

CVE-2023-3398

Denial of Service in GitHub repository jgraph/drawio prior to...

7.5CVSS

6.2AI Score

0.001EPSS

2023-06-26 11:15 AM

103

cve

CVE-2023-3026

Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to...

6.1CVSS

6AI Score

0.001EPSS

2023-06-01 01:15 AM

cve

CVE-2022-1722

SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6...

3.3CVSS

4.1AI Score

0.0004EPSS

2022-05-16 03:15 PM

cve

CVE-2022-1727

Improper Input Validation in GitHub repository jgraph/drawio prior to...

8.8CVSS

8.7AI Score

0.002EPSS

2022-05-18 02:15 PM

cve

CVE-2022-1713

SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive...

7.5CVSS

7.4AI Score

0.025EPSS

2022-05-16 03:15 PM

cve

CVE-2022-1767

Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to...

7.5CVSS

7.6AI Score

0.001EPSS

2022-05-18 04:15 PM

cve

CVE-2022-1721

Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web...

7.5CVSS

7.5AI Score

0.001EPSS

2022-05-16 03:15 PM

cve

CVE-2022-1774

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to...

6.1CVSS

6.2AI Score

0.001EPSS

2022-05-18 09:15 PM

cve

CVE-2022-1730

Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to...

4.6CVSS

4.6AI Score

0.001EPSS

2022-05-19 02:15 PM

cve

CVE-2022-3873

Cross-site Scripting (XSS) - DOM in GitHub repository jgraph/drawio prior to...

6.1CVSS

6AI Score

0.001EPSS

2022-11-07 11:15 AM

cve

CVE-2022-40440

mxGraph v4.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the setTooltips()...

6.1CVSS

6AI Score

0.001EPSS

2022-10-12 12:15 AM

cve

CVE-2022-3223

Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to...

6.1CVSS

6AI Score

0.001EPSS

2022-09-16 11:15 AM

cve

CVE-2022-3133

OS Command Injection in GitHub repository jgraph/drawio prior to...

7.8CVSS

7.9AI Score

0.001EPSS

2022-09-09 06:15 PM

cve

CVE-2022-3148

Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawio prior to...

6.1CVSS

6AI Score

0.001EPSS

2022-09-08 10:15 AM

cve

CVE-2022-3138

Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawio prior to...

6.1CVSS

6AI Score

0.001EPSS

2022-09-08 10:15 AM

cve

CVE-2022-3127

Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to...

5.4CVSS

5.3AI Score

0.001EPSS

2022-09-05 01:15 PM

cve

CVE-2022-3065

Improper Access Control in GitHub repository jgraph/drawio prior to...

7.5CVSS

7.5AI Score

0.001EPSS

2022-09-02 07:15 PM

cve

CVE-2022-2015

Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to...

5.4CVSS

5.3AI Score

0.001EPSS

2022-06-09 05:15 PM

cve

CVE-2022-2014

Code Injection in GitHub repository jgraph/drawio prior to...

5.4CVSS

5.8AI Score

0.001EPSS

2022-06-09 05:15 PM

cve

CVE-2022-1815

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to...

7.5CVSS

7.5AI Score

0.022EPSS

2022-05-25 09:15 AM

cve

CVE-2022-1784

Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to...

7.5CVSS

7.6AI Score

0.001EPSS

2022-05-20 01:15 PM

cve

CVE-2022-1711

Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to...

7.5CVSS

7.6AI Score

0.001EPSS

2022-05-17 01:15 PM

cve

CVE-2022-1723

Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to...

7.5CVSS

7.6AI Score

0.001EPSS

2022-05-17 09:15 AM

cve

CVE-2022-1575

Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. - Arbitrary (remote) code execution in the desktop app. - Stored XSS in the web...

9.6CVSS

9.3AI Score

0.002EPSS

2022-05-05 12:15 PM

cve

CVE-2019-13127

An issue was discovered in mxGraph through 4.0.0, related to the "draw.io Diagrams" plugin before 8.3.14 for Confluence and other products. Improper input validation/sanitization of a color field leads to XSS. This is associated with...

6.1CVSS

6.1AI Score

0.001EPSS

2019-07-01 03:15 PM

cve

CVE-2017-18197

In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert() is missing flags to prevent XML External Entity (XXE) attacks, as demonstrated by...

9.8CVSS

9.2AI Score

0.007EPSS

2018-02-24 02:29 AM