Browse all 21 CVE security advisories affecting Canva. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Canva operates as a cloud-based graphic design platform, enabling users to create visual content through a browser interface. With twenty-one recorded Common Vulnerabilities and Exposures, the application has historically been susceptible to cross-site scripting and server-side request forgery, reflecting typical risks associated with complex web applications handling user-generated content. While no catastrophic data breaches have publicly defined its security history, the platform’s reliance on third-party libraries and extensive API integrations presents ongoing attack surfaces for privilege escalation and injection attacks. Security audits indicate that most disclosed issues stem from input validation failures rather than fundamental architectural flaws. Consequently, enterprise users must carefully manage access controls and monitor for updates to mitigate risks associated with these persistent vulnerability classes, ensuring that the convenience of collaborative design does not compromise organizational data integrity.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-12792 | Canva 安全漏洞 — CanvaCWE-276 | 3.2 | Low | 2025-11-18 |
This page lists every published CVE security advisory associated with Canva. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.