Vulnerabilities > Graphite Project

DATE CVE VULNERABILITY TITLE RISK
2022-12-27 CVE-2022-4728 Cross-site Scripting vulnerability in Graphite Project Graphite
A vulnerability has been found in Graphite Web and classified as problematic.
network
low complexity
graphite-project CWE-79
5.4
2022-12-27 CVE-2022-4729 Cross-site Scripting vulnerability in Graphite Project Graphite
A vulnerability was found in Graphite Web and classified as problematic.
network
low complexity
graphite-project CWE-79
5.4
2022-12-27 CVE-2022-4730 Cross-site Scripting vulnerability in Graphite Project Graphite
A vulnerability was found in Graphite Web.
network
low complexity
graphite-project CWE-79
5.4
2019-10-11 CVE-2017-18638 Server-Side Request Forgery (SSRF) vulnerability in Graphite Project Graphite
send_email in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF.
network
low complexity
graphite-project CWE-918
5.0
2013-09-27 CVE-2013-5943 Cross-Site Scripting vulnerability in Graphite Project Graphite
Multiple cross-site scripting (XSS) vulnerabilities in Graphite before 0.9.11 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4.3
2013-09-27 CVE-2013-5942 Code Injection vulnerability in Graphite Project Graphite
Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to (1) remote_storage.py, (2) storage.py, (3) render/datalib.py, and (4) whitelist/views.py, a different vulnerability than CVE-2013-5093.
6.8
2013-09-27 CVE-2013-5093 Code Injection vulnerability in Graphite Project Graphite
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object.
6.8