CVE-2022-1713 — CVSS 7.5 (high): SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This…
CVE-2022-1721 — CVSS 7.5 (high): Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application.
CVE-2026-46642 — CVSS 6.1 (medium): draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.12, a crafted .drawio file can execute arbitrary…
CVE-2022-1774 — CVSS 6.1 (medium): Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7.
CVE-2022-1722 — CVSS 3.3 (low): SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6…