Skip to main content

Plantuml

5 CVEs product

Monthly

CVE-2026-0858 Maven LOW PATCH Monitor

PlantUML versions before 1.2026.0 fail to properly sanitize interactive attributes in GraphViz diagrams, allowing attackers to inject malicious JavaScript into SVG output through crafted diagram files. Applications that render these SVGs are vulnerable to arbitrary script execution within the user's browser context. A patch is available to address this stored XSS vulnerability.

XSS Plantuml
NVD GitHub
CVSS 4.0
2.0
EPSS
0.0%
CVE-2023-3432 Maven CRITICAL POC PATCH Act Now

Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Plantuml Fedora
NVD GitHub
CVSS 3.1
10.0
EPSS
0.9%
CVE-2023-3431 Maven MEDIUM POC PATCH This Month

Improper Access Control in GitHub repository plantuml/plantuml prior to 1.2023.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Plantuml Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2022-1379 CRITICAL POC PATCH Act Now

URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Plantuml Fedora
NVD GitHub
CVSS 3.1
9.1
EPSS
1.5%
CVE-2022-1231 MEDIUM POC PATCH This Month

XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE XSS Atlassian Plantuml Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
1.8%
EPSS 0% CVSS 2.0
LOW PATCH Monitor

PlantUML versions before 1.2026.0 fail to properly sanitize interactive attributes in GraphViz diagrams, allowing attackers to inject malicious JavaScript into SVG output through crafted diagram files. Applications that render these SVGs are vulnerable to arbitrary script execution within the user's browser context. A patch is available to address this stored XSS vulnerability.

XSS Plantuml
NVD GitHub
EPSS 1% CVSS 10.0
CRITICAL POC PATCH Act Now

Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Plantuml Fedora
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

Improper Access Control in GitHub repository plantuml/plantuml prior to 1.2023.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Plantuml Fedora
NVD GitHub
EPSS 2% CVSS 9.1
CRITICAL POC PATCH Act Now

URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Plantuml Fedora
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM POC PATCH This Month

XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE XSS Atlassian +2
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy