CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

30 matches found

Lightdash v0.1024.6 - Server-Side Request Forgery

Server-Side Request Forgery “SSRF” in the export dashboard functionality of Lightdash version 0.1024.6 allows remote authenticated threat actors to obtain the session cookie of any user who exports a crafted dashboard. When they are exported, dashboards containing HTML elements can trigger HTTP...

7.3CVSS5.9AI score0.01786EPSS

Exploits0References2

Github Security Blog•added 2026/04/02 6:36 p.m.•5 views

Axios supply chain attack - dependency in @lightdash/cli may resolve to compromised axios versions

Impact A supply chain attack on the axios npm package versions 1.14.1 and 0.30.4 introduced a malicious transitive dependency [email protected] that deploys a cross-platform remote access trojan RAT on macOS, Windows, and Linux. The attacker compromised the primary axios maintainer's npm...

6.1AI score

Exploits0References9Affected Software1

OSV•added 2026/04/02 6:36 p.m.•3 views

GHSA-3HFP-GQGH-XC5G Axios supply chain attack - dependency in @lightdash/cli may resolve to compromised axios versions

9.6CVSS6.2AI score

Exploits0References9

RedhatCVE•added 2025/05/23 10:31 a.m.•2 views

CVE-2024-6585

Multiple stored cross-site scripting “XSS” vulnerabilities in the markdown dashboard and dashboard comment functionality of Lightdash version 0.1024.6 allows remote authenticated threat actors to inject malicious scripts into vulnerable web pages. A threat actor could potentially exploit this...

5.4CVSS5.9AI score0.00542EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 8:1 a.m.•8 views

CVE-2024-6586

Lightdash version 0.1024.6 allows users with the necessary permissions, such as Administrator or Editor, to create and share dashboards. A dashboard that contains HTML elements which point to a threat actor controlled source can trigger an SSRF request when exported, via a POST request to...

7.3CVSS7AI score0.01786EPSS

Exploits0References1

NVD•added 2024/08/30 11:15 p.m.•37 views

CVE-2024-6586

7.3CVSS0.01786EPSS

Exploits0References6

NVD•added 2024/08/30 11:15 p.m.•15 views

CVE-2024-6585

5.4CVSS0.00542EPSS

Exploits0References8

OSV•added 2024/08/30 11:15 p.m.•4 views

CVE-2024-6586

7.3CVSS6.8AI score0.01786EPSS

Exploits0References6

OSV•added 2024/08/30 11:15 p.m.•2 views

CVE-2024-6585

5.4CVSS6AI score0.00542EPSS

Exploits0References8

Vulnrichment•added 2024/08/30 10:25 p.m.•7 views

CVE-2024-6586

7.1AI score0.01786EPSS

Exploits0References6

Cvelist•added 2024/08/30 10:25 p.m.•265 views

CVE-2024-6586

0.01786EPSS

Exploits0References6

CVE•added 2024/08/30 10:25 p.m.•100 views

CVE-2024-6586

Lightdash v0.1024.6 is affected by a Server-Side Request Forgery (SSRF) in the dashboard export function. A dashboard containing HTML elements that reference an attacker-controlled source can trigger an HTTP request to an external domain when exported, potentially exposing the exporting user’s se...

7.3CVSS6.7AI score0.01786EPSS

Exploits0References6

Vulnrichment•added 2024/08/30 10:17 p.m.•9 views

CVE-2024-6585

5.2AI score0.00542EPSS

Exploits0References8

Cvelist•added 2024/08/30 10:17 p.m.•15 views

CVE-2024-6585

0.00542EPSS

Exploits0References8

Positive Technologies•added 2024/08/30 12:0 a.m.•2 views

PT-2024-37737 · Lightdash · Lightdash

Name of the Vulnerable Software and Affected Versions: Lightdash version 0.1024.6 Description: Multiple stored cross-site scripting XSS vulnerabilities in the markdown dashboard and dashboard comment functionality allow remote authenticated threat actors to inject malicious scripts into vulnerabl...

5.4CVSS5.6AI score0.00542EPSS

Exploits0References15

CNNVD•added 2024/08/30 12:0 a.m.•3 views

Lightdash 跨站脚本漏洞

Lightdash is a visual data analysis tool from Lightdash open source. A cross-site scripting vulnerability exists in Lightdash version 0.1024.6, which stems from a vulnerability in its markdown dashboard and dashboard commenting functionality that is susceptible to stored cross-site scripting XSS...

5.4CVSS5.6AI score0.00542EPSS

Exploits0References10

CNNVD•added 2024/08/30 12:0 a.m.•3 views

Lightdash 安全漏洞

Lightdash is a visual data analysis tool from Lightdash open source. A security vulnerability exists in Lightdash version 0.1024.6, which stems from a server-side request forgery SSRF issue that could allow a threat participant to obtain a user's session token when the user exports a dashboard th...

7.3CVSS6.6AI score0.01786EPSS

Exploits0References8

VulnCheck KEV•added 2023/12/04 12:0 a.m.•4 views

VulnCheck KEV: CVE-2023-35844

packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension .csv or .png is used...

7.5CVSS7.1AI score0.06344EPSS

Exploits2References1

BDU FSTEC•added 2023/10/28 12:0 a.m.•4 views

The vulnerability of the Lightdash data visualization and analysis tool lies in the improper restriction of the path name to the restricted access catalog, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the Lightdash data visualization and analysis tool is related to an incorrect restriction on the path name to the restricted catalog. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

7.8CVSS7.2AI score0.06344EPSS

Exploits2References5Affected Software1