jgraph/drawio — Vulnerabilities & Security Advisories 26

All 26 CVE vulnerabilities found in jgraph/drawio, with AI-generated Chinese analysis, references, and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2023-3975	OS Command Injection in jgraph/drawio CWE-78	8.8	-	2023-07-27
CVE-2023-3974	OS Command Injection in jgraph/drawio CWE-78	8.8	-	2023-07-27
CVE-2023-3973	Cross-site Scripting (XSS) - Reflected in jgraph/drawio CWE-79	6.1	-	2023-07-27
CVE-2023-3398	Denial of Service in jgraph/drawio CWE-400	6.5	-	2023-06-26
CVE-2023-3026	Cross-site Scripting (XSS) - Stored in jgraph/drawio CWE-79	5.4	-	2023-06-01
CVE-2022-3873	Cross-site Scripting (XSS) - DOM in jgraph/drawio CWE-79	6.1	-	2022-11-07
CVE-2022-3223	Cross-site Scripting (XSS) - Stored in jgraph/drawio CWE-79	5.4	-	2022-09-16
CVE-2022-3133	OS Command Injection in jgraph/drawio CWE-78	8.8	-	2022-09-09
CVE-2022-3138	Cross-site Scripting (XSS) - Generic in jgraph/drawio CWE-79	6.1	-	2022-09-08
CVE-2022-3148	Cross-site Scripting (XSS) - Generic in jgraph/drawio CWE-79	6.1	-	2022-09-08
CVE-2022-3127	Cross-site Scripting (XSS) - Stored in jgraph/drawio CWE-79	5.4	-	2022-09-05
CVE-2022-3065	Improper Access Control in jgraph/drawio CWE-284	5.7	-	2022-09-02
CVE-2022-2015	Cross-site Scripting (XSS) - Stored in jgraph/drawio CWE-79	5.4	-	2022-06-08
CVE-2022-2014	Code Injection in jgraph/drawio CWE-94	6.1	-	2022-06-08
CVE-2022-1815	Exposure of Sensitive Information to an Unauthorized Actor in jgraph/drawio CWE-200	6.5	-	2022-05-25
CVE-2022-1784	Server-Side Request Forgery (SSRF) in jgraph/drawio CWE-918	7.5	-	2022-05-20
CVE-2022-1730	Cross-site Scripting (XSS) - Stored in jgraph/drawio CWE-79	5.4	-	2022-05-19
CVE-2022-1774	Exposure of Sensitive Information to an Unauthorized Actor in jgraph/drawio CWE-200	6.5	-	2022-05-18
CVE-2022-1767	Server-Side Request Forgery (SSRF) in jgraph/drawio CWE-918	7.5	-	2022-05-18
CVE-2022-1727	Improper Input Validation in jgraph/drawio CWE-20	8.8	-	2022-05-18
CVE-2022-1711	Server-Side Request Forgery (SSRF) in jgraph/drawio CWE-918	7.5	-	2022-05-17
CVE-2022-1723	Server-Side Request Forgery (SSRF) in jgraph/drawio CWE-918	7.5	-	2022-05-17
CVE-2022-1713	SSRF on /proxy in jgraph/drawio CWE-918	7.5	-	2022-05-16
CVE-2022-1721	Path Traversal in WellKnownServlet in jgraph/drawio CWE-22	7.5	-	2022-05-16
CVE-2022-1722	SSRF in editor's proxy via IPv6 link-local address in jgraph/drawio CWE-918	6.2	-	2022-05-16
CVE-2022-1575	Arbitrary Code Execution through Sanitizer Bypass in jgraph/drawio CWE-94	9.6	-	2022-05-05

All 26 known CVE vulnerabilities affecting jgraph/drawio with full Chinese analysis, references, and POCs where available.

Goal Reached Thanks to every supporter — we hit 100%!

jgraph/drawio — Vulnerabilities & Security Advisories 26