VYPR

Open OnDemand

by Open OnDemand

Source repositories

CVEs (5)

  • CVE-2020-36247HigFeb 19, 2021
    risk 0.50cvss 8.8epss 0.00

    Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF.

  • CVE-2026-44371MedMay 14, 2026
    risk 0.34cvss epss 0.00

    Open OnDemand is an open-source high-performance computing portal. Prior to 4.0.11, 4.1.5, and 4.2.2, specially crafted filenames can execute javascript in the file browser This vulnerability is fixed in 4.0.11, 4.1.5, and 4.2.2.

  • CVE-2025-53636MedJul 11, 2025
    risk 0.28cvss 5.4epss 0.00

    Open OnDemand is an open-source HPC portal. Users can flood logs by interacting with the shell app and generating many errors. Users who flood logs can create very large log files causing a Denial of Service (DoS) to the ondemand system. This vulnerability is fixed in 3.1.14 and…

  • CVE-2026-26002Mar 4, 2026
    risk 0.00cvss epss 0.01

    Open OnDemand is an open-source high-performance computing portal. The Files application in OnDemand versions prior to 4.0.9 and 4.1.3 is susceptible to malicious input when navigating to a directory. This has been patched in versions 4.0.9 and 4.1.3. Versions below this remain…

  • CVE-2025-66029Dec 17, 2025
    risk 0.00cvss epss 0.00

    Open OnDemand provides remote web access to supercomputers. In versions 4.0.8 and prior, the Apache proxy allows sensitive headers to be passed to origin servers. This means malicious users can create an origin server on a compute node that record these headers when unsuspecting…