Highcharts
By the Year
In 2024 there have been 0 vulnerabilities in Highcharts . Highcharts did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 5.40 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 7.50 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Highcharts vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Highcharts Security Vulnerabilities
Highcharts JS is a JavaScript charting library based on SVG
CVE-2021-29489
5.4 - Medium
- May 05, 2021
Highcharts JS is a JavaScript charting library based on SVG. In Highcharts versions 8 and earlier, the chart options structure was not systematically filtered for XSS vectors. The potential impact was that content from untrusted sources could execute code in the end user's browser. The vulnerability is patched in version 9. As a workaround, implementers who are not able to upgrade may apply DOMPurify recursively to the options structure to filter out malicious markup.
XSS
In js/parts/SvgRenderer.js in Highcharts JS before 6.1.0
CVE-2018-20801
7.5 - High
- March 14, 2019
In js/parts/SvgRenderer.js in Highcharts JS before 6.1.0, the use of backtracking regular expressions permitted an attacker to conduct a denial of service attack against the SVGRenderer component, aka ReDoS.
Incorrect Regular Expression
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Highcharts or by Highcharts? Click the Watch button to subscribe.
