📦 Drawio

CVE-2022-1575 is a critical vulnerability in draw.io diagramming software that allows attackers to bypass input sanitization and execute arbitrary code. In the desktop application, this leads to remot...

This CVE describes a Denial of Service vulnerability in the draw.io diagramming software. Attackers can cause the application to crash or become unresponsive by exploiting resource exhaustion. All use...

CVE-2022-1815 is an information disclosure vulnerability in draw.io diagramming software that exposes sensitive information to unauthorized actors. The vulnerability allows attackers to access sensiti...

This Server-Side Request Forgery (SSRF) vulnerability in draw.io allows attackers to make unauthorized requests from the server to internal systems. It affects users running draw.io versions prior to ...

CVE-2022-1727 is an improper input validation vulnerability in draw.io diagramming software that allows attackers to execute arbitrary code by tricking users into opening malicious diagram files. This...

This Server-Side Request Forgery (SSRF) vulnerability in draw.io allows attackers to make unauthorized requests from the server to internal systems. It affects users of draw.io versions prior to 18.0....

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in the /proxy endpoint of draw.io diagramming software. Attackers can exploit this to make requests from the server's perspective,...