Every CVE whose affected-product data names Orchest, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2022-31503 — CVSS 9.3 (critical): The orchest/orchest repository before 2022.05.0 on GitHub allows absolute path traversal because the Flask send_file function is used…
CVE-2022-39268 — CVSS 8.1 (high): ### Impact In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This…