Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

hoppscotch — Vulnerabilities & Security Advisories 13

Browse all 13 CVE security advisories affecting hoppscotch. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by hoppscotch:hoppscotchhoppscotch/hoppscotchhoppscotch-extension
CVE IDTitleCVSSSeverityPublished
CVE-2026-34931 hoppscotch: Improper loopback redirect_uri validation in device-login flow — hoppscotchCWE-601 6.1AIMediumAI2026-04-02
CVE-2026-34848 hoppscotch: Stored XSS in team member overflow tooltip via display name — hoppscotchCWE-79 5.4 Medium2026-04-02
CVE-2026-34932 hoppscotch: Stored XSS via mock server responses on backend origin — hoppscotchCWE-79 8.1AIHighAI2026-04-02
CVE-2026-34847 hoppscotch: Open redirect via `/enter?redirect=` — hoppscotchCWE-601 4.7 Medium2026-04-02
CVE-2026-30825 hoppscotch: IDOR - Any authenticated user can revoke any other user's Personal Access Token — hoppscotchCWE-639--2026-03-07
CVE-2026-28217 IDOR in GraphQL userCollection Query Exposes Other Users' Private Collections — hoppscotchCWE-862 6.5 Medium2026-02-26
CVE-2026-28216 hoppscotch has IDOR in updateUserEnvironment / deleteUserEnvironment — hoppscotchCWE-639 8.3 High2026-02-26
CVE-2026-28215 hoppscotch Vulnerable to Unauthenticated Onboarding Config Takeover — hoppscotchCWE-284 9.1 Critical2026-02-26
CVE-2024-34714 Hoppscotch Extension responds to calls made by origins not in the domain list — hoppscotch-extensionCWE-354 7.6 High2024-05-14
CVE-2024-34347 @hoppscotch/cli affected by Sandbox Escape in @hoppscotch/js-sandbox leads to RCE — hoppscotchCWE-77 8.4 High2024-05-08
CVE-2024-27092 Content spoofing - real Hoppscotch emails — hoppscotchCWE-20 5.4 Medium2024-02-26
CVE-2023-34097 Database password exposed in logs in hoppscotch — hoppscotchCWE-532 7.8 High2023-06-05
CVE-2022-0121 Cross-site Scripting in hoppscotch/hoppscotch — hoppscotch/hoppscotchCWE-79 8.0 High2022-01-06

This page lists every published CVE security advisory associated with hoppscotch. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.