Vulnerabilities > Arangodb > Arangodb > 3.7.2.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-09 | CVE-2021-25939 | Server-Side Request Forgery (SSRF) vulnerability in Arangodb In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature which allows downloading a Foxx service from a publicly available URL. | 2.7 |
| 2021-05-24 | CVE-2021-25938 | Cross-site Scripting vulnerability in Arangodb In ArangoDB, versions v2.2.6.2 through v3.7.10 are vulnerable to Cross-Site Scripting (XSS), since there is no validation of the .zip file name and filtering of potential abusive characters which zip files can be named to. | 6.1 |