Dojo
This hub aggregates every CVE we track for Dojo, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
16
CVEs tracked
3
Critical
5
High
0
In CISA KEV
Severity distribution
MEDIUM8HIGH5CRITICAL3
Monthly trend
0
0
0
0
0
0
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Dojo.
- CVE-2025-24885pwn.college has a XSS on dojo pages7.6
- CVE-2025-24886pwn.college has Symlink LFI in Dojo repos7.7
- CVE-2021-23450Prototype Pollution7.5
- CVE-2020-5258Prototype pollution in dojo7.7
- CVE-2020-5259Prototype Pollution in Dojox7.7
- CVE-2018-1000665Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contains a Cross Site Scripting (XSS) vulnerability in unit.html and testsDOH/_base/loader/i18n-exhaustive/i18n-test/unit.html and te...6.1
- CVE-2018-15494In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.9.8
- CVE-2018-6561dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element.6.1
- CVE-2015-5654Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.4.3
- CVE-2010-2276The default configuration of the build process in Dojo 0.4.x before 0.4.4, 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 has the copyTests=t...10.0
- CVE-2010-2275Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon.js in Dojo Toolkit SDK before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the theme parameter, as de...4.3
- CVE-2010-2274Multiple open redirect vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to redirect users to arb...4.3
- CVE-2010-2273Multiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to inject a...4.3
- CVE-2010-2272Unspecified vulnerability in iframe_history.html in Dojo 0.4.x before 0.4.4 has unknown impact and remote attack vectors.10.0
- CVE-2008-6681Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo before 1.1 allows remote attackers to inject arbitrary web script or HTML via XML entities in a TEXTAREA element.4.3
Product normalization is registry-driven with AI assist and human review. How it works