Home/Product/diagrams drawio
Product

diagrams drawio

26 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2023-3975
< 21.5.0
OS Command Injection in GitHub repository jgraph/drawio prior to 21.5.0.
9.8CRITICAL
 CVE-2023-3974
< 21.4.0
OS Command Injection in GitHub repository jgraph/drawio prior to 21.4.0.
9.8CRITICAL
 CVE-2023-3973
< 21.6.3
Cross-site Scripting (XSS) - Reflected in GitHub repository jgraph/drawio prior to 21.6.3.
6.1MEDIUM
 CVE-2023-3398
< 18.1.3
Denial of Service in GitHub repository jgraph/drawio prior to 18.1.3.
7.5HIGH
 CVE-2023-3026
< 21.2.8
Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 21.2.8.
6.1MEDIUM
 CVE-2022-3873
< 20.5.2
Cross-site Scripting (XSS) - DOM in GitHub repository jgraph/drawio prior to 20.5.2.
6.1MEDIUM
 CVE-2022-3223
< 20.3.1
Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 20.3.1.
6.1MEDIUM
 CVE-2022-3133
< 20.3.0
OS Command Injection in GitHub repository jgraph/drawio prior to 20.3.0.
7.8HIGH
 CVE-2022-3148
< 20.3.0
Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawio prior to 20.3.0.
6.1MEDIUM
 CVE-2022-3138
< 20.3.0
Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawio prior to 20.3.0.
6.1MEDIUM
 CVE-2022-3127
< 20.2.8
Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 20.2.8.
5.4MEDIUM
 CVE-2022-3065
< 20.2.8
Improper Access Control in GitHub repository jgraph/drawio prior to 20.2.8.
7.5HIGH
 CVE-2022-2015
< 19.0.2
Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 19.0.2.
5.4MEDIUM
 CVE-2022-2014
< 19.0.2
Code Injection in GitHub repository jgraph/drawio prior to 19.0.2.
5.4MEDIUM
 CVE-2022-1815
< 18.1.2
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.1.2.
7.5HIGH
 CVE-2022-1784
< 18.0.8
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.8.
7.5HIGH
 CVE-2022-1730
< 18.0.4
Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 18.0.4.
4.6MEDIUM
 CVE-2022-1774
< 18.0.7
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7.
6.1MEDIUM
 CVE-2022-1767
< 18.0.7
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.7.
7.5HIGH
 CVE-2022-1727
< 18.0.6
Improper Input Validation in GitHub repository jgraph/drawio prior to 18.0.6.
8.8HIGH
 CVE-2022-1711
< 18.0.5
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.5.
7.5HIGH
 CVE-2022-1723
< 18.0.6
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6.
7.5HIGH
 CVE-2022-1722
< 18.0.5
SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local
3.3LOW
 CVE-2022-1721
< 18.0.5
Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application.
7.5HIGH
 CVE-2022-1713
< 18.0.4
SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its conte
7.5HIGH
 CVE-2022-1575
< 18.0.0
Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. - Arbitrary (remote) code ex
9.6CRITICAL
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh