Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Diagrams Subscribe

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-1815 1 Diagrams 1 Drawio 2022-06-07 5.0 MEDIUM 7.5 HIGH
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.1.2.
CVE-2022-1784 1 Diagrams 1 Drawio 2022-06-07 5.0 MEDIUM 7.5 HIGH
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.8.
CVE-2022-1723 1 Diagrams 1 Drawio 2022-06-07 5.0 MEDIUM 7.5 HIGH
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6.
CVE-2022-1711 1 Diagrams 1 Drawio 2022-06-07 5.0 MEDIUM 7.5 HIGH
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.5.
CVE-2022-1727 1 Diagrams 1 Draw.io 2022-05-26 6.8 MEDIUM 8.8 HIGH
Improper Input Validation in GitHub repository jgraph/drawio prior to 18.0.6.
CVE-2022-1767 1 Diagrams 1 Draw.io 2022-05-26 5.0 MEDIUM 7.5 HIGH
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.7.
CVE-2022-1721 1 Diagrams 1 Draw.io 2022-05-25 5.0 MEDIUM 7.5 HIGH
Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application.
CVE-2022-1713 1 Diagrams 1 Draw.io 2022-05-25 5.0 MEDIUM 7.5 HIGH
SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information.