Open OnDemand
Products
1- 5 CVEs
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-36247 | Hig | 0.50 | 8.8 | 0.00 | Feb 19, 2021 | Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF. | ||
| CVE-2026-44371 | Med | 0.34 | — | 0.00 | May 14, 2026 | Open OnDemand is an open-source high-performance computing portal. Prior to 4.0.11, 4.1.5, and 4.2.2, specially crafted filenames can execute javascript in the file browser This vulnerability is fixed in 4.0.11, 4.1.5, and 4.2.2. | ||
| CVE-2025-53636 | Med | 0.28 | 5.4 | 0.00 | Jul 11, 2025 | Open OnDemand is an open-source HPC portal. Users can flood logs by interacting with the shell app and generating many errors. Users who flood logs can create very large log files causing a Denial of Service (DoS) to the ondemand system. This vulnerability is fixed in 3.1.14 and… | ||
| CVE-2026-26002 | 0.00 | — | 0.01 | Mar 4, 2026 | Open OnDemand is an open-source high-performance computing portal. The Files application in OnDemand versions prior to 4.0.9 and 4.1.3 is susceptible to malicious input when navigating to a directory. This has been patched in versions 4.0.9 and 4.1.3. Versions below this remain… | |||
| CVE-2025-66029 | 0.00 | — | 0.00 | Dec 17, 2025 | Open OnDemand provides remote web access to supercomputers. In versions 4.0.8 and prior, the Apache proxy allows sensitive headers to be passed to origin servers. This means malicious users can create an origin server on a compute node that record these headers when unsuspecting… |
- risk 0.50cvss 8.8epss 0.00
Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF.
- risk 0.34cvss —epss 0.00
Open OnDemand is an open-source high-performance computing portal. Prior to 4.0.11, 4.1.5, and 4.2.2, specially crafted filenames can execute javascript in the file browser This vulnerability is fixed in 4.0.11, 4.1.5, and 4.2.2.
- risk 0.28cvss 5.4epss 0.00
Open OnDemand is an open-source HPC portal. Users can flood logs by interacting with the shell app and generating many errors. Users who flood logs can create very large log files causing a Denial of Service (DoS) to the ondemand system. This vulnerability is fixed in 3.1.14 and…
- CVE-2026-26002Mar 4, 2026risk 0.00cvss —epss 0.01
Open OnDemand is an open-source high-performance computing portal. The Files application in OnDemand versions prior to 4.0.9 and 4.1.3 is susceptible to malicious input when navigating to a directory. This has been patched in versions 4.0.9 and 4.1.3. Versions below this remain…
- CVE-2025-66029Dec 17, 2025risk 0.00cvss —epss 0.00
Open OnDemand provides remote web access to supercomputers. In versions 4.0.8 and prior, the Apache proxy allows sensitive headers to be passed to origin servers. This means malicious users can create an origin server on a compute node that record these headers when unsuspecting…