Skip to main content

Dart Software Development Kit

6 CVEs product

Monthly

CVE-2026-27704 HIGH This Week

The Dart and Flutter SDKs provide software development kits for the Dart programming language. [CVSS 7.5 HIGH]

Path Traversal Flutter Dart Software Development Kit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2022-3095 CRITICAL Act Now

The implementation of backslash parsing in the Dart URI class for versions prior to 2.18 and Flutter versions prior to 3.30 differs from the WhatWG URL standards. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dart Software Development Kit Flutter
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-0451 MEDIUM PATCH This Month

Dart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Dart Software Development Kit
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-22568 HIGH PATCH This Week

When using the dart pub publish command to publish a package to a third-party package server, the request would be authenticated with an oauth2 access_token that is valid for publishing on pub.dev. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Dart Software Development Kit
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-22540 MEDIUM PATCH This Month

Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an attacker to use an XSS attack via DOM clobbering. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Dart Software Development Kit
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-8923 MEDIUM This Month

An improper HTML sanitization in Dart versions up to and including 2.7.1 and dev versions 2.8.0-dev.16.0, allows an attacker leveraging DOM Clobbering techniques to skip the sanitization and inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Dart Software Development Kit
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
EPSS 0% CVSS 7.5
HIGH This Week

The Dart and Flutter SDKs provide software development kits for the Dart programming language. [CVSS 7.5 HIGH]

Path Traversal Flutter Dart Software Development Kit
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

The implementation of backslash parsing in the Dart URI class for versions prior to 2.18 and Flutter versions prior to 3.30 differs from the WhatWG URL standards. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dart Software Development Kit Flutter
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Dart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Dart Software Development Kit
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

When using the dart pub publish command to publish a package to a third-party package server, the request would be authenticated with an oauth2 access_token that is valid for publishing on pub.dev. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Dart Software Development Kit
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an attacker to use an XSS attack via DOM clobbering. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Dart Software Development Kit
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

An improper HTML sanitization in Dart versions up to and including 2.7.1 and dev versions 2.8.0-dev.16.0, allows an attacker leveraging DOM Clobbering techniques to skip the sanitization and inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Dart Software Development Kit
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy