Drawio Security Vulnerabilities and Issues — Drawio CVE List

Lucene search

DiagramsDrawio

5 matches found

CVE•added 2022/05/05 12:15 p.m.•78 views

CVE-2022-1575

Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. - Arbitrary (remote) code execution in the desktop app. - Stored XSS in the web app.

9.6CVSS9.4AI score0.01737EPSS

CVE•added 2023/07/27 3:15 p.m.•70 views

CVE-2023-3973

Cross-site Scripting (XSS) - Reflected in GitHub repository jgraph/drawio prior to 21.6.3.

9.6CVSS6.6AI score0.00067EPSS

CVE•added 2023/07/27 3:15 p.m.•69 views

CVE-2023-3974

OS Command Injection in GitHub repository jgraph/drawio prior to 21.4.0.

9.8CVSS9.8AI score0.00298EPSS

CVE•added 2023/07/27 3:15 p.m.•58 views

CVE-2023-3975

OS Command Injection in GitHub repository jgraph/drawio prior to 21.5.0.

9.8CVSS9.2AI score0.00559EPSS

CVE•added 2022/06/09 5:15 p.m.•38 views

CVE-2022-2014

Code Injection in GitHub repository jgraph/drawio prior to 19.0.2.

9.6CVSS6.2AI score0.00268EPSS