Drawio Security Vulnerabilities and Issues — Drawio CVE List

Lucene search

DiagramsDrawio

26 matches found

CVE•added 2023/06/26 11:15 a.m.•123 views

CVE-2023-3398

Denial of Service in GitHub repository jgraph/drawio prior to 18.1.3.

7.5CVSS6AI score0.00086EPSS

CVE•added 2023/06/01 1:15 a.m.•112 views

CVE-2023-3026

Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 21.2.8.

6.5CVSS6AI score0.00136EPSS

CVE•added 2022/05/16 3:15 p.m.•108 views

CVE-2022-1713

SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information.

7.5CVSS7.4AI score0.88778EPSS

CVE•added 2022/05/05 12:15 p.m.•78 views

CVE-2022-1575

Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. - Arbitrary (remote) code execution in the desktop app. - Stored XSS in the web app.

9.6CVSS9.4AI score0.01737EPSS

CVE•added 2022/05/17 1:15 p.m.•75 views

CVE-2022-1711

Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.5.

7.5CVSS7.6AI score0.26189EPSS

CVE•added 2023/07/27 3:15 p.m.•70 views

CVE-2023-3973

Cross-site Scripting (XSS) - Reflected in GitHub repository jgraph/drawio prior to 21.6.3.

9.6CVSS6.6AI score0.00067EPSS

CVE•added 2023/07/27 3:15 p.m.•69 views

CVE-2023-3974

OS Command Injection in GitHub repository jgraph/drawio prior to 21.4.0.

9.8CVSS9.8AI score0.00298EPSS

CVE•added 2022/09/05 1:15 p.m.•68 views

CVE-2022-3127

Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 20.2.8.

5.5CVSS5.3AI score0.0034EPSS

CVE•added 2022/05/18 4:15 p.m.•67 views

CVE-2022-1767

Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.7.

7.5CVSS7.6AI score0.00875EPSS

CVE•added 2022/05/18 9:15 p.m.•65 views

CVE-2022-1774

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7.

8.2CVSS6.6AI score0.00973EPSS

CVE•added 2022/05/19 2:15 p.m.•64 views

CVE-2022-1730

Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 18.0.4.

6.3CVSS4.8AI score0.00195EPSS

CVE•added 2022/05/16 3:15 p.m.•60 views

CVE-2022-1722

SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6 addresses

7.5CVSS4.4AI score0.00151EPSS

CVE•added 2022/05/17 9:15 a.m.•59 views

CVE-2022-1723

Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6.

7.5CVSS7.6AI score0.00875EPSS

CVE•added 2022/05/18 2:15 p.m.•58 views

CVE-2022-1727

Improper Input Validation in GitHub repository jgraph/drawio prior to 18.0.6.

8.8CVSS8.7AI score0.01EPSS

CVE•added 2022/05/20 1:15 p.m.•58 views

CVE-2022-1784

Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.8.

7.5CVSS7.6AI score0.01162EPSS

CVE•added 2022/05/25 9:15 a.m.•58 views

CVE-2022-1815

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.1.2.

7.5CVSS6.3AI score0.19906EPSS

CVE•added 2023/07/27 3:15 p.m.•57 views

CVE-2023-3975

OS Command Injection in GitHub repository jgraph/drawio prior to 21.5.0.

9.8CVSS9.2AI score0.00559EPSS

CVE•added 2022/05/16 3:15 p.m.•56 views

CVE-2022-1721

Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application.

7.5CVSS7.5AI score0.0117EPSS

CVE•added 2022/09/09 6:15 p.m.•56 views

CVE-2022-3133

OS Command Injection in GitHub repository jgraph/drawio prior to 20.3.0.

7.8CVSS7.5AI score0.00062EPSS

CVE•added 2022/09/02 7:15 p.m.•55 views

CVE-2022-3065

Improper Access Control in GitHub repository jgraph/drawio prior to 20.2.8.

7.5CVSS6.3AI score0.00105EPSS

CVE•added 2022/09/16 11:15 a.m.•47 views

CVE-2022-3223

Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 20.3.1.

6.1CVSS5.1AI score0.0023EPSS

CVE•added 2022/09/08 10:15 a.m.•39 views

CVE-2022-3148

Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawio prior to 20.3.0.

6.1CVSS5.6AI score0.0012EPSS

CVE•added 2022/11/07 11:15 a.m.•39 views

CVE-2022-3873

Cross-site Scripting (XSS) - DOM in GitHub repository jgraph/drawio prior to 20.5.2.

6.5CVSS6AI score0.00304EPSS

CVE•added 2022/06/09 5:15 p.m.•38 views

CVE-2022-2014

Code Injection in GitHub repository jgraph/drawio prior to 19.0.2.

9.6CVSS6.2AI score0.00268EPSS

CVE•added 2022/09/08 10:15 a.m.•38 views

CVE-2022-3138

Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawio prior to 20.3.0.

6.1CVSS5.2AI score0.0012EPSS

CVE•added 2022/06/09 5:15 p.m.•30 views

CVE-2022-2015

Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 19.0.2.

6.1CVSS5.5AI score0.00195EPSS