CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28423
https://notcve.org/view.php?id=CVE-2024-28423
14 Mar 2024 — Airflow-Diagrams v2.1.0 was discovered to contain an arbitrary file upload vulnerability in the unsafe_load function at cli.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted YML file. Se descubrió que Airflow-Diagrams v2.1.0 contenía una vulnerabilidad de carga de archivos arbitraria en la función unsafe_load en cli.py. Esta vulnerabilidad permite a los atacantes ejecutar código arbitrario cargando un archivo YML manipulado. • https://github.com/bayuncao/vul-cve-15 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3975 – OS Command Injection in jgraph/drawio
https://notcve.org/view.php?id=CVE-2023-3975
27 Jul 2023 — OS Command Injection in GitHub repository jgraph/drawio prior to 21.5.0. • https://github.com/jgraph/drawio/commit/8ec95cb03e0a80cf908a282522ac1651306db340 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3974 – OS Command Injection in jgraph/drawio
https://notcve.org/view.php?id=CVE-2023-3974
27 Jul 2023 — OS Command Injection in GitHub repository jgraph/drawio prior to 21.4.0. • https://github.com/jgraph/drawio/commit/9d6532de36496e77d872d91b1947bb696607d623 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3973 – Cross-site Scripting (XSS) - Reflected in jgraph/drawio
https://notcve.org/view.php?id=CVE-2023-3973
27 Jul 2023 — Cross-site Scripting (XSS) - Reflected in GitHub repository jgraph/drawio prior to 21.6.3. • https://github.com/jgraph/drawio/commit/1db2c2c653aa245d175d30c210239e3946bfcb95 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3398 – Denial of Service in jgraph/drawio
https://notcve.org/view.php?id=CVE-2023-3398
26 Jun 2023 — Denial of Service in GitHub repository jgraph/drawio prior to 18.1.3. • https://github.com/jgraph/drawio/commit/064729fec4262f9373d9fdcafda0be47cd18dd50 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3026 – Cross-site Scripting (XSS) - Stored in jgraph/drawio
https://notcve.org/view.php?id=CVE-2023-3026
01 Jun 2023 — Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 21.2.8. • https://github.com/jgraph/drawio/commit/c7ac634055c3edfabc7729fc4298a5ab7bfbf384 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3873 – Cross-site Scripting (XSS) - DOM in jgraph/drawio
https://notcve.org/view.php?id=CVE-2022-3873
07 Nov 2022 — Cross-site Scripting (XSS) - DOM in GitHub repository jgraph/drawio prior to 20.5.2. Cross-site Scripting (XSS)- DOM en el repositorio de GitHub jgraph/drawio antes de 20.5.2. • https://github.com/jgraph/drawio/commit/d37894baf125430e85840c2635563b10d1a6523d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3223 – Cross-site Scripting (XSS) - Stored in jgraph/drawio
https://notcve.org/view.php?id=CVE-2022-3223
16 Sep 2022 — Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 20.3.1. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Almacenado en el repositorio de GitHub jgraph/drawio versiones anteriores a 20.3.1 • https://github.com/jgraph/drawio/commit/ea012baba6fb2e903797fa6306833ca4f31ab361 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3133 – OS Command Injection in jgraph/drawio
https://notcve.org/view.php?id=CVE-2022-3133
09 Sep 2022 — OS Command Injection in GitHub repository jgraph/drawio prior to 20.3.0. Una Inyección de Comandos de Sistema Operativo en el repositorio de GitHub jgraph/drawio versiones anteriores a 20.3.0 • https://github.com/jgraph/drawio/commit/8f3f95a05b701175b639ba9572dc4e0fb7c46b02 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3138 – Cross-site Scripting (XSS) - Generic in jgraph/drawio
https://notcve.org/view.php?id=CVE-2022-3138
08 Sep 2022 — Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawio prior to 20.3.0. Una vulnerabilidad de tipo Cross-site Scripting (XSS): Generic en el repositorio de GitHub jgraph/drawio versiones anteriores a 20.3.0 • https://github.com/jgraph/drawio/commit/b5dfeb238369d664fb06a95e2179236b0e75f366 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •