GCVE - cpe:2.3:a:ag-grid:ag-grid:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:ag-grid:ag-grid:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Ag Grid (`005215b2-607a-51b3-bfdd-d992f3731cbd`)
Product	Ag Grid (`682c7ae4-9ad0-5eaf-82b6-2e04a724714a`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/ag-grid/ag-grid`	purl2cpe	2026-06-01 10:15:40.936484
`pkg:maven/org.webjars.npm/ag-grid`	purl2cpe	2026-06-01 10:15:40.936488
`pkg:npm/%40ag-grid-community/core`	purl2cpe	2026-06-01 10:15:40.936490

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-39001`	vulnerable	2026-06-08 06:41:48.676385	Details available ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component _ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. Published: 2024-07-01T00:00:00.000Z Updated: 2024-08-02T04:19:20.486Z Open on db.gcve.eu Reference links https://gist.github.com/mestrtee/c1590660750744f25e86ba1bf240844b https://gist.github.com/mestrtee/f8037d492dab0d77bca719e05d31c08b https://gist.github.com/mestrtee/18e8c27f3a6376e7cf082cfe1ca766fa	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-38996`	vulnerable	2026-06-08 06:41:48.670194	Details available ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the _.mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. Published: 2024-07-01T00:00:00.000Z Updated: 2024-08-02T04:19:20.621Z Open on db.gcve.eu Reference links https://gist.github.com/mestrtee/c1590660750744f25e86ba1bf240844b https://gist.github.com/mestrtee/f8037d492dab0d77bca719e05d31c08b https://gist.github.com/mestrtee/18e8c27f3a6376e7cf082cfe1ca766fa	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-16009`	vulnerable	2026-06-08 05:08:59.864939	Details available ag-grid is an advanced data grid that is library agnostic. ag-grid is vulnerable to Cross-site Scripting (XSS) via Angular Expressions, if AngularJS is used in combination with ag-grid. Published: 2018-06-04T19:00:00.000Z Updated: 2024-09-17T02:41:23.964Z Open on db.gcve.eu Reference links https://spring.io/blog/2016/01/28/angularjs-escaping-the-expression-sandbox-for-xss https://nodesecurity.io/advisories/327 https://github.com/ceolter/ag-grid/issues/1287	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.