Dart Dart Software Development Kit — known CVE vulnerabilities
Every CVE whose affected-product data names Dart Dart Software Development Kit, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2022-3095 — CVSS 9.8 (critical): The implementation of backslash parsing in the Dart URI class for versions prior to 2.18 and Flutter versions prior to 3.30 differs from…
CVE-2021-22568 — CVSS 8.8 (high): When using the dart pub publish command to publish a package to a third-party package server, the request would be authenticated with an…
CVE-2026-27704 — CVSS 7.5 (high): The Dart and Flutter SDKs provide software development kits for the Dart programming language. In versions of the Dart SDK prior to 3.11.0…
CVE-2022-0451 — CVSS 6.5 (medium): Dart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects. These…
CVE-2021-22540 — CVSS 6.1 (medium): Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an attacker to use an XSS attack via DOM clobbering. The validation…
CVE-2020-8923 — CVSS 5.4 (medium): An improper HTML sanitization in Dart versions up to and including 2.7.1 and dev versions 2.8.0-dev.16.0, allows an attacker leveraging DOM…
CVE-2021-22567 — CVSS 4.6 (medium): Bidirectional Unicode text can be interpreted and compiled differently than how it appears in editors which can be exploited to get…