VYPR

Drawio

by Jgraph

Source repositories

CVEs (28)

  • CVE-2022-1774May 18, 2022
    risk 0.00cvss epss 0.01

    Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7.

  • CVE-2022-1767May 18, 2022
    risk 0.00cvss epss 0.02

    Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.7.

  • CVE-2022-1727May 18, 2022
    risk 0.00cvss epss 0.01

    Improper Input Validation in GitHub repository jgraph/drawio prior to 18.0.6.

  • CVE-2022-1711May 17, 2022
    risk 0.00cvss epss 0.05

    Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.5.

  • CVE-2022-1723May 17, 2022
    risk 0.00cvss epss 0.02

    Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6.

  • CVE-2022-1721May 16, 2022
    risk 0.00cvss epss 0.02

    Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application.

  • CVE-2022-1722May 16, 2022
    risk 0.00cvss epss 0.01

    SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6 addresses

  • CVE-2022-1575May 5, 2022
    risk 0.00cvss epss 0.02

    Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. - Arbitrary (remote) code execution in the desktop app. - Stored XSS in the web app.

Page 2 of 2