Vulnerabilities > Dart > Dart Software Development KIT
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-27 | CVE-2022-3095 | The implementation of backslash parsing in the Dart URI class for versions prior to 2.18 and Flutter versions prior to 3.30 differs from the WhatWG URL standards. | 9.8 |
| 2022-02-18 | CVE-2022-0451 | Incorrect Authorization vulnerability in Dart Software Development KIT Dart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects. | 4.0 |
| 2022-01-05 | CVE-2021-22567 | Unspecified vulnerability in Dart Software Development KIT Bidirectional Unicode text can be interpreted and compiled differently than how it appears in editors which can be exploited to get nefarious code passed a code review by appearing benign. network dart | 3.5 |
| 2021-12-09 | CVE-2021-22568 | Exposure of Resource to Wrong Sphere vulnerability in Dart Software Development KIT When using the dart pub publish command to publish a package to a third-party package server, the request would be authenticated with an oauth2 access_token that is valid for publishing on pub.dev. | 6.0 |
| 2021-04-22 | CVE-2021-22540 | Cross-site Scripting vulnerability in Dart Software Development KIT Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an attacker to use an XSS attack via DOM clobbering. | 4.3 |
| 2020-03-26 | CVE-2020-8923 | Cross-site Scripting vulnerability in Dart Software Development KIT An improper HTML sanitization in Dart versions up to and including 2.7.1 and dev versions 2.8.0-dev.16.0, allows an attacker leveraging DOM Clobbering techniques to skip the sanitization and inject custom html/javascript (XSS). | 4.3 |