Vulnerabilities > Orchest
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-30 | CVE-2022-39268 | Cross-Site Request Forgery (CSRF) vulnerability in Orchest ### Impact In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. | 8.1 |
| 2022-07-11 | CVE-2022-31503 | Path Traversal vulnerability in Orchest The orchest/orchest repository before 2022.05.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |