Drawio
by Jgraph
Source repositories
CVEs (28)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-1774 | 0.00 | — | 0.01 | May 18, 2022 | Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7. | |||
| CVE-2022-1767 | 0.00 | — | 0.02 | May 18, 2022 | Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.7. | |||
| CVE-2022-1727 | 0.00 | — | 0.01 | May 18, 2022 | Improper Input Validation in GitHub repository jgraph/drawio prior to 18.0.6. | |||
| CVE-2022-1711 | 0.00 | — | 0.05 | May 17, 2022 | Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.5. | |||
| CVE-2022-1723 | 0.00 | — | 0.02 | May 17, 2022 | Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6. | |||
| CVE-2022-1721 | 0.00 | — | 0.02 | May 16, 2022 | Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application. | |||
| CVE-2022-1722 | 0.00 | — | 0.01 | May 16, 2022 | SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6 addresses | |||
| CVE-2022-1575 | 0.00 | — | 0.02 | May 5, 2022 | Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. - Arbitrary (remote) code execution in the desktop app. - Stored XSS in the web app. |
- CVE-2022-1774May 18, 2022risk 0.00cvss —epss 0.01
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7.
- CVE-2022-1767May 18, 2022risk 0.00cvss —epss 0.02
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.7.
- CVE-2022-1727May 18, 2022risk 0.00cvss —epss 0.01
Improper Input Validation in GitHub repository jgraph/drawio prior to 18.0.6.
- CVE-2022-1711May 17, 2022risk 0.00cvss —epss 0.05
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.5.
- CVE-2022-1723May 17, 2022risk 0.00cvss —epss 0.02
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6.
- CVE-2022-1721May 16, 2022risk 0.00cvss —epss 0.02
Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application.
- CVE-2022-1722May 16, 2022risk 0.00cvss —epss 0.01
SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6 addresses
- CVE-2022-1575May 5, 2022risk 0.00cvss —epss 0.02
Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. - Arbitrary (remote) code execution in the desktop app. - Stored XSS in the web app.
Page 2 of 2