Product
hoppscotch
11 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-34932
CVE-2026-34931
CVE-2026-34848
CVE-2026-34847
CVE-2026-30825
CVE-2026-28217
CVE-2026-28216
CVE-2026-28215
CVE-2024-27092
CVE-2023-34097
CVE-2022-0121
< 2026.3.0
hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is a stored XSS vulnerability that can le
< 2026.3.0
hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is an open redirect vulnerability that le
< 2026.3.0
hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is a stored XSS vulnerability in the team
< 2026.3.0
hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, the /enter page contains a DOM-based open redir
< 2026.2.1
hoppscotch is an open source API development ecosystem. Prior to version 2026.2.1, the DELETE /v1/access-tokens/revoke endpoint al
< 2026.2.0
hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, the
userCollection GraphQL query accepts an a< 2026.2.0
hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, any logged-in user can read, modify or delete a
< 2026.2.0
hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, an unauthenticated attacker can overwrite the e
< 2023.12.6
Hoppscotch is an API development ecosystem. Due to lack of validation for fields like Label (Edit Team) - TeamName, bad actors ca
< 2023.4.5
hoppscotch is an open source API development ecosystem. In versions prior to 2023.4.5 the database password is exposed in the logs
<= 2.1.0
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hoppscotch hoppscotch/hoppsc