Hoppscotch Hoppscotch
12 CVEs affecting Hoppscotch Hoppscotch. Latest disclosed: 2026-05-13. Critical: 1, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-28215 | Critical | 9.1 | 2026-02-26 | hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, an unauthenticated attacker can overwrite the entire infrastructure configur… |
CVE-2024-34347 | High | 8.4 | 2024-05-08 | @hoppscotch/cli is a CLI to run Hoppscotch Test Scripts in CI environments. Prior to 0.8.0, the @hoppscotch/js-sandbox package provides a Javascript sandbox th… |
CVE-2026-28216 | High | 8.3 | 2026-02-26 | hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, any logged-in user can read, modify or delete another user's personal enviro… |
CVE-2023-34097 | High | 7.8 | 2023-06-05 | hoppscotch is an open source API development ecosystem. In versions prior to 2023.4.5 the database password is exposed in the logs when showing the database co… |
CVE-2026-44478 | High | 7.5 | 2026-05-13 | hoppscotch is an open source API development ecosystem. The fix for CVE-2026-28215 in version 2026.2.0 addresses the unauthenticated POST /v1/onboarding/config… |
CVE-2026-28217 | Medium | 6.5 | 2026-02-26 | hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, the `userCollection` GraphQL query accepts an arbitrary collection ID and re… |
CVE-2026-34848 | Medium | 5.4 | 2026-04-02 | hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is a stored XSS vulnerability in the team member overflow tooltip via… |
CVE-2024-27092 | Medium | 5.4 | 2024-02-26 | Hoppscotch is an API development ecosystem. Due to lack of validation for fields like Label (Edit Team) - TeamName, bad actors can send emails with Spoofed Co… |
CVE-2026-34847 | Medium | 4.7 | 2026-04-02 | hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, the /enter page contains a DOM-based open redirect vulnerability. The redire… |
CVE-2026-34931 | | 2026-04-02 | hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is an open redirect vulnerability that leads to token exfiltration. Wi… | |
CVE-2026-34932 | | 2026-04-02 | hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is a stored XSS vulnerability that can lead to CSRF. This issue has be… | |
CVE-2026-30825 | Unrated | | 2026-03-07 | hoppscotch is an open source API development ecosystem. Prior to version 2026.2.1, the DELETE /v1/access-tokens/revoke endpoint allows any authenticated user t… |