Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

jgraph — Vulnerabilities & Security Advisories 27

Browse all 27 CVE security advisories affecting jgraph. AI-powered Chinese analysis, POCs, and references for each vulnerability.

JGraph is a software development toolkit primarily utilized for creating interactive diagrams and flowcharts within Java-based applications. Its widespread adoption in enterprise environments has made it a frequent target for security researchers, resulting in twenty-six recorded Common Vulnerabilities and Exposures (CVEs). Historically, the most prevalent vulnerability classes affecting this library include Remote Code Execution (RCE) and Cross-Site Scripting (XSS), often stemming from insufficient input validation in XML parsing routines. These flaws typically allow attackers to execute arbitrary commands or inject malicious scripts when processing untrusted diagram files. While no single catastrophic incident has defined its security history, the cumulative impact of these CVEs highlights significant risks in legacy versions. Organizations relying on JGraph must prioritize regular updates to mitigate exposure to these well-documented exploitation vectors, ensuring that diagram processing components remain patched against known injection techniques.

Top products by jgraph: jgraph/drawio drawio
CVE IDTitleCVSSSeverityPublished
CVE-2026-42195 Unvalidated gitlab URL parameter redirects OAuth authorize step to attacker-controlled host — drawioCWE-601 3.4 Low2026-05-08
CVE-2023-3975 OS Command Injection in jgraph/drawio — jgraph/drawioCWE-78 8.8 -2023-07-27
CVE-2023-3974 OS Command Injection in jgraph/drawio — jgraph/drawioCWE-78 8.8 -2023-07-27
CVE-2023-3973 Cross-site Scripting (XSS) - Reflected in jgraph/drawio — jgraph/drawioCWE-79 6.1 -2023-07-27
CVE-2023-3398 Denial of Service in jgraph/drawio — jgraph/drawioCWE-400 6.5 -2023-06-26
CVE-2023-3026 Cross-site Scripting (XSS) - Stored in jgraph/drawio — jgraph/drawioCWE-79 5.4 -2023-06-01
CVE-2022-3873 Cross-site Scripting (XSS) - DOM in jgraph/drawio — jgraph/drawioCWE-79 6.1 -2022-11-07
CVE-2022-3223 Cross-site Scripting (XSS) - Stored in jgraph/drawio — jgraph/drawioCWE-79 5.4 -2022-09-16
CVE-2022-3133 OS Command Injection in jgraph/drawio — jgraph/drawioCWE-78 8.8 -2022-09-09
CVE-2022-3138 Cross-site Scripting (XSS) - Generic in jgraph/drawio — jgraph/drawioCWE-79 6.1 -2022-09-08
CVE-2022-3148 Cross-site Scripting (XSS) - Generic in jgraph/drawio — jgraph/drawioCWE-79 6.1 -2022-09-08
CVE-2022-3127 Cross-site Scripting (XSS) - Stored in jgraph/drawio — jgraph/drawioCWE-79 5.4 -2022-09-05
CVE-2022-3065 Improper Access Control in jgraph/drawio — jgraph/drawioCWE-284 5.7 -2022-09-02
CVE-2022-2015 Cross-site Scripting (XSS) - Stored in jgraph/drawio — jgraph/drawioCWE-79 5.4 -2022-06-08
CVE-2022-2014 Code Injection in jgraph/drawio — jgraph/drawioCWE-94 6.1 -2022-06-08
CVE-2022-1815 Exposure of Sensitive Information to an Unauthorized Actor in jgraph/drawio — jgraph/drawioCWE-200 6.5 -2022-05-25
CVE-2022-1784 Server-Side Request Forgery (SSRF) in jgraph/drawio — jgraph/drawioCWE-918 7.5 -2022-05-20
CVE-2022-1730 Cross-site Scripting (XSS) - Stored in jgraph/drawio — jgraph/drawioCWE-79 5.4 -2022-05-19
CVE-2022-1774 Exposure of Sensitive Information to an Unauthorized Actor in jgraph/drawio — jgraph/drawioCWE-200 6.5 -2022-05-18
CVE-2022-1767 Server-Side Request Forgery (SSRF) in jgraph/drawio — jgraph/drawioCWE-918 7.5 -2022-05-18
CVE-2022-1727 Improper Input Validation in jgraph/drawio — jgraph/drawioCWE-20 8.8 -2022-05-18
CVE-2022-1711 Server-Side Request Forgery (SSRF) in jgraph/drawio — jgraph/drawioCWE-918 7.5 -2022-05-17
CVE-2022-1723 Server-Side Request Forgery (SSRF) in jgraph/drawio — jgraph/drawioCWE-918 7.5 -2022-05-17
CVE-2022-1713 SSRF on /proxy in jgraph/drawio — jgraph/drawioCWE-918 7.5 -2022-05-16
CVE-2022-1721 Path Traversal in WellKnownServlet in jgraph/drawio — jgraph/drawioCWE-22 7.5 -2022-05-16
CVE-2022-1722 SSRF in editor's proxy via IPv6 link-local address in jgraph/drawio — jgraph/drawioCWE-918 6.2 -2022-05-16
CVE-2022-1575 Arbitrary Code Execution through Sanitizer Bypass in jgraph/drawio — jgraph/drawioCWE-94 9.6 -2022-05-05

This page lists every published CVE security advisory associated with jgraph. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.