← Back

Gridea

gridea

Vendor: Gridea • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-40274
1Gridea
1Gridea
May 20, 2025
Sep 30, 2022
N/A· v4
7.8 HIGH· v3
N/A· v2
Gridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Gridea. This is possible because the application has the 'nodeIntegra...Show more
Gridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Gridea. This is possible because the application has the 'nodeIntegration' option enabled.Show less
CVE-2019-12047
1Gridea
1Gridea
Jun 17, 2026
May 13, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Gridea v0.8.0 has an XSS vulnerability through which the Nodejs module can be called to achieve arbitrary code execution, as demonstrated by child_process.exec and the "<img src=# onerror='eval(new Buffer(" substring.