Vulnerabilities > Diagrams
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-19 | CVE-2022-1730 | Cross-site Scripting vulnerability in Diagrams Drawio Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 18.0.4. | 4.6 |
| 2022-05-18 | CVE-2022-1774 | Open Redirect vulnerability in Diagrams Drawio Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7. | 6.1 |
| 2022-05-18 | CVE-2022-1767 | Server-Side Request Forgery (SSRF) vulnerability in Diagrams Drawio Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.7. | 7.5 |
| 2022-05-18 | CVE-2022-1727 | Improper Input Validation vulnerability in Diagrams Drawio Improper Input Validation in GitHub repository jgraph/drawio prior to 18.0.6. | 8.8 |
| 2022-05-17 | CVE-2022-1711 | Server-Side Request Forgery (SSRF) vulnerability in Diagrams Drawio Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.5. | 5.0 |
| 2022-05-17 | CVE-2022-1723 | Server-Side Request Forgery (SSRF) vulnerability in Diagrams Drawio Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6. | 5.0 |
| 2022-05-16 | CVE-2022-1713 | Server-Side Request Forgery (SSRF) vulnerability in Diagrams Drawio SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. | 7.5 |
| 2022-05-16 | CVE-2022-1721 | Path Traversal vulnerability in Diagrams Drawio Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. | 7.5 |
| 2022-05-16 | CVE-2022-1722 | Server-Side Request Forgery (SSRF) vulnerability in Diagrams Drawio SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. | 3.3 |
| 2022-05-05 | CVE-2022-1575 | Cross-site Scripting vulnerability in Diagrams Drawio Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. | 6.8 |