Jgraph Drawio vulnerabilities
26 known vulnerabilities affecting jgraph/jgraph_drawio.
Total CVEs
26
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH11MEDIUM11LOW1
Vulnerabilities
Page 2 of 2
CVE-2022-3148P4MEDIUMCVSS 6.1≥ unspecified, < 20.3.02022-09-08
CVE-2022-3148 [MEDIUM] CWE-79 CVE-2022-3148: Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawio prior to 20.3.0.
Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawio prior to 20.3.0.
nvd
CVE-2023-3973P4MEDIUMCVSS 6.1≥ unspecified, < 21.6.32023-07-27
CVE-2023-3973 [MEDIUM] CWE-79 CVE-2023-3973: Cross-site Scripting (XSS) - Reflected in GitHub repository jgraph/drawio prior to 21.6.3.
Cross-site Scripting (XSS) - Reflected in GitHub repository jgraph/drawio prior to 21.6.3.
nvd
CVE-2022-2015P4MEDIUMCVSS 5.4≥ unspecified, < 19.0.22022-06-09
CVE-2022-2015 [MEDIUM] CWE-79 CVE-2022-2015: Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 19.0.2.
Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 19.0.2.
nvd
CVE-2022-3127P4MEDIUMCVSS 5.4≥ unspecified, < 20.2.82022-09-05
CVE-2022-3127 [MEDIUM] CWE-79 CVE-2022-3127: Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 20.2.8.
Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 20.2.8.
nvd
CVE-2022-1730P4MEDIUMCVSS 4.6≥ unspecified, < 18.0.42022-05-19
CVE-2022-1730 [MEDIUM] CWE-79 CVE-2022-1730: Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 18.0.4.
Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 18.0.4.
nvd
CVE-2022-1722P4LOWCVSS 3.3≥ unspecified, < 18.0.52022-05-16
CVE-2022-1722 [LOW] CWE-918 CVE-2022-1722: SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.
SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6 addresses
nvd
← Previous2 / 2