edp963/davinci

Releases14

Frequency2 months 3 weeks

Last Release over 5 years ago

Stars5.01K

Davinci is a DVsaaS (Data Visualization as a Service) Platform

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-31847 ↗	May 17, 2023Wednesday, 17 May 2023, 01:15	6.5 MEDIUM	—
In davinci 0.3.0-rc after logging in, the user can connect to the mysql malicious server by controlling the data source to read arbitrary files on the client side.
CVE-2023-31848 ↗	May 17, 2023Wednesday, 17 May 2023, 00:15	8.8 HIGH	—
davinci 0.3.0-rc is vulnerable to Server-side request forgery (SSRF).
CVE-2023-24206 ↗	Feb 27, 2023Monday, 27 February 2023, 13:15	9.8 CRITICAL	—
Davinci v0.3.0-rc was discovered to contain a SQL injection vulnerability via the copyDisplay function.