Apache Hop Security Vulnerability Scans

Last Updated: 15 May 2026 00:44:15

Quick Navigation

↑Development

Severity Breakdown

Severity	Count
CRITICAL	3
HIGH	13
MEDIUM	24
LOW	3

Details for version: Development

CVE Details for Version: Development

Severity	Score	CVE ID	Description
CRITICAL	9.8	CVE-2026-42027	CVE-2026-42027: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
CRITICAL	9.2	CVE-2026-8178	CVE-2026-8178: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
CRITICAL	9.1	CVE-2026-40682	CVE-2026-40682: Improper Restriction of XML External Entity Reference
HIGH	8.8	CVE-2025-69194	CVE-2025-69194
HIGH	8.7	CVE-2026-33871	CVE-2026-33871: Allocation of Resources Without Limits or Throttling
HIGH	8.2	CVE-2026-26740	CVE-2026-26740
HIGH	7.5	CVE-2022-41404	CVE-2022-41404: Uncontrolled Resource Consumption
HIGH	7.5	CVE-2026-33870	CVE-2026-33870: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
HIGH	7.5	CVE-2026-3805	CVE-2026-3805
HIGH	7.5	CVE-2026-42440	CVE-2026-42440: Memory Allocation with Excessive Size Value
HIGH	7.5	CVE-2026-42577	CVE-2026-42577: Missing Release of Resource after Effective Lifetime
HIGH	7.5	CVE-2026-42579	CVE-2026-42579: Improper Input Validation
HIGH	7.5	CVE-2026-42582	CVE-2026-42582: Allocation of Resources Without Limits or Throttling
HIGH	7.5	CVE-2026-42583	CVE-2026-42583: Uncontrolled Resource Consumption
HIGH	7.5	CVE-2026-42587	CVE-2026-42587: Uncontrolled Resource Consumption
HIGH	7.3	CVE-2026-42584	CVE-2026-42584: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
MEDIUM	6.9	GHSA-72hv-8253-57qq	GHSA-72hv-8253-57qq: Allocation of Resources Without Limits or Throttling
MEDIUM	6.8	CVE-2026-42586	CVE-2026-42586: Improper Neutralization of CRLF Sequences ('CRLF Injection')
MEDIUM	6.5	CVE-2024-45993	CVE-2024-45993
MEDIUM	6.5	CVE-2025-60876	CVE-2025-60876
MEDIUM	6.5	CVE-2026-1965	CVE-2026-1965
MEDIUM	6.5	CVE-2026-3784	CVE-2026-3784
MEDIUM	6.5	CVE-2026-42580	CVE-2026-42580: Integer Overflow or Wraparound
MEDIUM	6.5	CVE-2026-42585	CVE-2026-42585: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
MEDIUM	6.3	CVE-2025-14017	CVE-2025-14017
MEDIUM	5.9	CVE-2025-13034	CVE-2025-13034
MEDIUM	5.9	CVE-2026-28208	CVE-2026-28208: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
MEDIUM	5.9	CVE-2026-41245	CVE-2026-41245: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
MEDIUM	5.8	CVE-2024-58103	CVE-2024-58103: Uncontrolled Recursion
MEDIUM	5.8	CVE-2026-42581	CVE-2026-42581: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
MEDIUM	5.5	CVE-2023-50570	CVE-2023-50570: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM	5.3	CVE-2025-14524	CVE-2025-14524
MEDIUM	5.3	CVE-2025-14819	CVE-2025-14819
MEDIUM	5.3	CVE-2025-15079	CVE-2025-15079
MEDIUM	5.3	CVE-2026-23865	CVE-2026-23865
MEDIUM	5.3	CVE-2026-3783	CVE-2026-3783
MEDIUM	5.3	CVE-2026-41417	CVE-2026-41417: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
MEDIUM	5.3	CVE-2026-44248	CVE-2026-44248: Uncontrolled Resource Consumption
MEDIUM	5.3	CVE-2026-45292	CVE-2026-45292: Allocation of Resources Without Limits or Throttling
MEDIUM	5.1	CVE-2026-23868	CVE-2026-23868
LOW	3.1	CVE-2025-15224	CVE-2025-15224
LOW	2.9	CVE-2026-42578	CVE-2026-42578: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
LOW	1.9	CVE-2026-3293	CVE-2026-3293: Uncontrolled Resource Consumption

↑2.17.0

Severity Breakdown

Severity	Count
CRITICAL	9
HIGH	31
MEDIUM	36
LOW	7

Details for version: 2.17.0

CVE Details for Version: 2.17.0

Severity	Score	CVE ID	Description
CRITICAL	9.8	CVE-2026-31789	CVE-2026-31789
CRITICAL	9.8	CVE-2026-32767	CVE-2026-32767
CRITICAL	9.8	CVE-2026-41409	CVE-2026-41409: Deserialization of Untrusted Data
CRITICAL	9.8	CVE-2026-41635	CVE-2026-41635: Deserialization of Untrusted Data
CRITICAL	9.8	CVE-2026-42027	CVE-2026-42027: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
CRITICAL	9.8	CVE-2026-42778	CVE-2026-42778: Deserialization of Untrusted Data
CRITICAL	9.8	CVE-2026-42779	CVE-2026-42779: Deserialization of Untrusted Data
CRITICAL	9.2	CVE-2026-8178	CVE-2026-8178: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
CRITICAL	9.1	CVE-2026-40682	CVE-2026-40682: Improper Restriction of XML External Entity Reference
HIGH	8.9	CVE-2026-5598	CVE-2026-5598: Covert Timing Channel
HIGH	8.8	CVE-2025-69194	CVE-2025-69194
HIGH	8.7	CVE-2026-33871	CVE-2026-33871: Allocation of Resources Without Limits or Throttling
HIGH	8.7	CVE-2026-35554	CVE-2026-35554: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
HIGH	8.3	CVE-2026-25646	CVE-2026-25646
HIGH	8.2	CVE-2025-55163	CVE-2025-55163: Allocation of Resources Without Limits or Throttling
HIGH	8.2	CVE-2025-66566	CVE-2025-66566: Insertion of Sensitive Information Into Sent Data
HIGH	8.2	CVE-2026-26740	CVE-2026-26740
HIGH	8.1	CVE-2026-28387	CVE-2026-28387
HIGH	8.1	CVE-2026-40200	CVE-2026-40200
HIGH	7.6	CVE-2026-33636	CVE-2026-33636
HIGH	7.5	CVE-2022-41404	CVE-2022-41404: Uncontrolled Resource Consumption
HIGH	7.5	CVE-2026-1605	CVE-2026-1605: Uncontrolled Resource Consumption
HIGH	7.5	CVE-2026-27135	CVE-2026-27135
HIGH	7.5	CVE-2026-28388	CVE-2026-28388
HIGH	7.5	CVE-2026-28389	CVE-2026-28389
HIGH	7.5	CVE-2026-28390	CVE-2026-28390
HIGH	7.5	CVE-2026-31790	CVE-2026-31790
HIGH	7.5	CVE-2026-33416	CVE-2026-33416
HIGH	7.5	CVE-2026-33870	CVE-2026-33870: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
HIGH	7.5	CVE-2026-3805	CVE-2026-3805
HIGH	7.5	CVE-2026-42198	CVE-2026-42198: Allocation of Resources Without Limits or Throttling
HIGH	7.5	CVE-2026-42440	CVE-2026-42440: Memory Allocation with Excessive Size Value
HIGH	7.5	CVE-2026-42577	CVE-2026-42577: Missing Release of Resource after Effective Lifetime
HIGH	7.5	CVE-2026-42579	CVE-2026-42579: Improper Input Validation
HIGH	7.5	CVE-2026-42582	CVE-2026-42582: Allocation of Resources Without Limits or Throttling
HIGH	7.5	CVE-2026-42583	CVE-2026-42583: Uncontrolled Resource Consumption
HIGH	7.5	CVE-2026-42587	CVE-2026-42587: Uncontrolled Resource Consumption
HIGH	7.4	CVE-2026-2332	CVE-2026-2332: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
HIGH	7.3	CVE-2026-2673	CVE-2026-2673
HIGH	7.3	CVE-2026-42584	CVE-2026-42584: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
MEDIUM	6.9	CVE-2026-34478	CVE-2026-34478: Improper Output Neutralization for Logs
MEDIUM	6.9	CVE-2026-34480	CVE-2026-34480: Improper Encoding or Escaping of Output
MEDIUM	6.9	GHSA-72hv-8253-57qq	GHSA-72hv-8253-57qq: Allocation of Resources Without Limits or Throttling
MEDIUM	6.8	CVE-2026-42586	CVE-2026-42586: Improper Neutralization of CRLF Sequences ('CRLF Injection')
MEDIUM	6.5	CVE-2024-45993	CVE-2024-45993
MEDIUM	6.5	CVE-2025-48924	CVE-2025-48924: Uncontrolled Recursion
MEDIUM	6.5	CVE-2025-60876	CVE-2025-60876
MEDIUM	6.5	CVE-2026-1965	CVE-2026-1965
MEDIUM	6.5	CVE-2026-3784	CVE-2026-3784
MEDIUM	6.5	CVE-2026-42580	CVE-2026-42580: Integer Overflow or Wraparound
MEDIUM	6.5	CVE-2026-42585	CVE-2026-42585: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
MEDIUM	6.3	CVE-2025-14017	CVE-2025-14017
MEDIUM	6.3	CVE-2026-34477	CVE-2026-34477: Improper Validation of Certificate with Host Mismatch
MEDIUM	5.9	CVE-2025-13034	CVE-2025-13034
MEDIUM	5.9	CVE-2026-28208	CVE-2026-28208: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
MEDIUM	5.9	CVE-2026-41245	CVE-2026-41245: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
MEDIUM	5.8	CVE-2024-58103	CVE-2024-58103: Uncontrolled Recursion
MEDIUM	5.8	CVE-2026-42581	CVE-2026-42581: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
MEDIUM	5.5	CVE-2023-50570	CVE-2023-50570: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM	5.5	CVE-2026-0636	CVE-2026-0636: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
MEDIUM	5.3	CVE-2025-14524	CVE-2025-14524
MEDIUM	5.3	CVE-2025-14819	CVE-2025-14819
MEDIUM	5.3	CVE-2025-15079	CVE-2025-15079
MEDIUM	5.3	CVE-2026-23865	CVE-2026-23865
MEDIUM	5.3	CVE-2026-33558	CVE-2026-33558: Insertion of Sensitive Information into Log File
MEDIUM	5.3	CVE-2026-3783	CVE-2026-3783
MEDIUM	5.3	CVE-2026-41417	CVE-2026-41417: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
MEDIUM	5.3	CVE-2026-44248	CVE-2026-44248: Uncontrolled Resource Consumption
MEDIUM	5.3	CVE-2026-45292	CVE-2026-45292: Allocation of Resources Without Limits or Throttling
MEDIUM	5.1	CVE-2026-23868	CVE-2026-23868
MEDIUM	5.1	CVE-2026-34757	CVE-2026-34757
MEDIUM	4.8	CVE-2026-6042	CVE-2026-6042
MEDIUM	4.6	CVE-2026-22184	CVE-2026-22184
MEDIUM	4.0	CVE-2026-32776	CVE-2026-32776
MEDIUM	4.0	CVE-2026-32777	CVE-2026-32777
MEDIUM	4.0	CVE-2026-41254	CVE-2026-41254
LOW	3.7	CVE-2025-11143	CVE-2025-11143: Improper Input Validation
LOW	3.1	CVE-2025-15224	CVE-2025-15224
LOW	2.9	CVE-2026-27171	CVE-2026-27171
LOW	2.9	CVE-2026-32778	CVE-2026-32778
LOW	2.9	CVE-2026-42578	CVE-2026-42578: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
LOW	2.3	CVE-2026-32588	CVE-2026-32588: Uncontrolled Resource Consumption
LOW	1.9	CVE-2026-3293	CVE-2026-3293: Uncontrolled Resource Consumption

↑2.16.0

Severity Breakdown

Severity	Count
CRITICAL	9
HIGH	51
MEDIUM	61
LOW	11

Details for version: 2.16.0

CVE Details for Version: 2.16.0

Severity	Score	CVE ID	Description
CRITICAL	9.8	CVE-2026-31789	CVE-2026-31789
CRITICAL	9.8	CVE-2026-32767	CVE-2026-32767
CRITICAL	9.8	CVE-2026-41409	CVE-2026-41409: Deserialization of Untrusted Data
CRITICAL	9.8	CVE-2026-41635	CVE-2026-41635: Deserialization of Untrusted Data
CRITICAL	9.8	CVE-2026-42027	CVE-2026-42027: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
CRITICAL	9.8	CVE-2026-42778	CVE-2026-42778: Deserialization of Untrusted Data
CRITICAL	9.8	CVE-2026-42779	CVE-2026-42779: Deserialization of Untrusted Data
CRITICAL	9.2	CVE-2026-8178	CVE-2026-8178: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
CRITICAL	9.1	CVE-2026-40682	CVE-2026-40682: Improper Restriction of XML External Entity Reference
HIGH	8.9	CVE-2026-5598	CVE-2026-5598: Covert Timing Channel
HIGH	8.8	CVE-2020-9492	CVE-2020-9492: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
HIGH	8.8	CVE-2025-12183	CVE-2025-12183: Out-of-bounds Read
HIGH	8.8	CVE-2025-15467	CVE-2025-15467
HIGH	8.8	CVE-2025-69194	CVE-2025-69194
HIGH	8.7	CVE-2023-52428	CVE-2023-52428: Uncontrolled Resource Consumption
HIGH	8.7	CVE-2026-33871	CVE-2026-33871: Allocation of Resources Without Limits or Throttling
HIGH	8.7	CVE-2026-35554	CVE-2026-35554: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
HIGH	8.3	CVE-2026-25646	CVE-2026-25646
HIGH	8.2	CVE-2025-55163	CVE-2025-55163: Allocation of Resources Without Limits or Throttling
HIGH	8.2	CVE-2025-66566	CVE-2025-66566: Insertion of Sensitive Information Into Sent Data
HIGH	8.2	CVE-2026-26740	CVE-2026-26740
HIGH	8.1	CVE-2025-59250	CVE-2025-59250: Improper Input Validation
HIGH	8.1	CVE-2026-28387	CVE-2026-28387
HIGH	8.1	CVE-2026-40200	CVE-2026-40200
HIGH	7.7	CVE-2024-47072	CVE-2024-47072: Stack-based Buffer Overflow
HIGH	7.6	CVE-2026-33636	CVE-2026-33636
HIGH	7.5	CVE-2021-31684	CVE-2021-31684: Out-of-bounds Read
HIGH	7.5	CVE-2022-41404	CVE-2022-41404: Uncontrolled Resource Consumption
HIGH	7.5	CVE-2023-1370	CVE-2023-1370: Uncontrolled Recursion
HIGH	7.5	CVE-2023-28118	CVE-2023-28118: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
HIGH	7.5	CVE-2024-21634	CVE-2024-21634: Allocation of Resources Without Limits or Throttling
HIGH	7.5	CVE-2025-13151	CVE-2025-13151
HIGH	7.5	CVE-2025-41249	CVE-2025-41249: Improper Authorization
HIGH	7.5	CVE-2025-69420	CVE-2025-69420
HIGH	7.5	CVE-2025-69421	CVE-2025-69421
HIGH	7.5	CVE-2026-1605	CVE-2026-1605: Uncontrolled Resource Consumption
HIGH	7.5	CVE-2026-21945	CVE-2026-21945
HIGH	7.5	CVE-2026-27135	CVE-2026-27135
HIGH	7.5	CVE-2026-28388	CVE-2026-28388
HIGH	7.5	CVE-2026-28389	CVE-2026-28389
HIGH	7.5	CVE-2026-28390	CVE-2026-28390
HIGH	7.5	CVE-2026-31790	CVE-2026-31790
HIGH	7.5	CVE-2026-33416	CVE-2026-33416
HIGH	7.5	CVE-2026-33870	CVE-2026-33870: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
HIGH	7.5	CVE-2026-3805	CVE-2026-3805
HIGH	7.5	CVE-2026-42198	CVE-2026-42198: Allocation of Resources Without Limits or Throttling
HIGH	7.5	CVE-2026-42440	CVE-2026-42440: Memory Allocation with Excessive Size Value
HIGH	7.5	CVE-2026-42577	CVE-2026-42577: Missing Release of Resource after Effective Lifetime
HIGH	7.5	CVE-2026-42579	CVE-2026-42579: Improper Input Validation
HIGH	7.5	CVE-2026-42582	CVE-2026-42582: Allocation of Resources Without Limits or Throttling
HIGH	7.5	CVE-2026-42583	CVE-2026-42583: Uncontrolled Resource Consumption
HIGH	7.5	CVE-2026-42587	CVE-2026-42587: Uncontrolled Resource Consumption
HIGH	7.4	CVE-2025-69419	CVE-2025-69419
HIGH	7.4	CVE-2026-21932	CVE-2026-21932
HIGH	7.4	CVE-2026-2332	CVE-2026-2332: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
HIGH	7.3	CVE-2026-2673	CVE-2026-2673
HIGH	7.3	CVE-2026-42584	CVE-2026-42584: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
HIGH	7.1	CVE-2025-64720	CVE-2025-64720
HIGH	7.1	CVE-2025-65018	CVE-2025-65018
HIGH	7.1	CVE-2025-66293	CVE-2025-66293
MEDIUM	6.9	CVE-2026-25210	CVE-2026-25210
MEDIUM	6.9	CVE-2026-34478	CVE-2026-34478: Improper Output Neutralization for Logs
MEDIUM	6.9	CVE-2026-34480	CVE-2026-34480: Improper Encoding or Escaping of Output
MEDIUM	6.9	GHSA-72hv-8253-57qq	GHSA-72hv-8253-57qq: Allocation of Resources Without Limits or Throttling
MEDIUM	6.8	CVE-2026-22801	CVE-2026-22801
MEDIUM	6.8	CVE-2026-42586	CVE-2026-42586: Improper Neutralization of CRLF Sequences ('CRLF Injection')
MEDIUM	6.5	CVE-2024-45993	CVE-2024-45993
MEDIUM	6.5	CVE-2025-48924	CVE-2025-48924: Uncontrolled Recursion
MEDIUM	6.5	CVE-2025-60876	CVE-2025-60876
MEDIUM	6.5	CVE-2025-67735	CVE-2025-67735: Improper Neutralization of CRLF Sequences ('CRLF Injection')
MEDIUM	6.5	CVE-2026-1965	CVE-2026-1965
MEDIUM	6.5	CVE-2026-3784	CVE-2026-3784
MEDIUM	6.5	CVE-2026-42580	CVE-2026-42580: Integer Overflow or Wraparound
MEDIUM	6.5	CVE-2026-42585	CVE-2026-42585: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
MEDIUM	6.3	CVE-2025-14017	CVE-2025-14017
MEDIUM	6.3	CVE-2025-68161	CVE-2025-68161: Improper Validation of Certificate with Host Mismatch
MEDIUM	6.3	CVE-2026-34477	CVE-2026-34477: Improper Validation of Certificate with Host Mismatch
MEDIUM	6.1	CVE-2025-11187	CVE-2025-11187
MEDIUM	6.1	CVE-2025-64505	CVE-2025-64505
MEDIUM	6.1	CVE-2025-64506	CVE-2025-64506
MEDIUM	6.1	CVE-2026-21933	CVE-2026-21933
MEDIUM	6.1	CVE-2026-22695	CVE-2026-22695
MEDIUM	5.9	CVE-2025-13034	CVE-2025-13034
MEDIUM	5.9	CVE-2025-15468	CVE-2025-15468
MEDIUM	5.9	CVE-2025-62408	CVE-2025-62408
MEDIUM	5.9	CVE-2025-66199	CVE-2025-66199
MEDIUM	5.9	CVE-2026-28208	CVE-2026-28208: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
MEDIUM	5.9	CVE-2026-34085	CVE-2026-34085
MEDIUM	5.9	CVE-2026-41245	CVE-2026-41245: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
MEDIUM	5.8	CVE-2024-58103	CVE-2024-58103: Uncontrolled Recursion
MEDIUM	5.8	CVE-2025-53864	CVE-2025-53864: Uncontrolled Recursion
MEDIUM	5.8	CVE-2026-42581	CVE-2026-42581: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
MEDIUM	5.5	CVE-2023-50570	CVE-2023-50570: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM	5.5	CVE-2024-35255	CVE-2024-35255: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
MEDIUM	5.5	CVE-2025-15469	CVE-2025-15469
MEDIUM	5.5	CVE-2026-0636	CVE-2026-0636: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
MEDIUM	5.5	CVE-2026-22795	CVE-2026-22795
MEDIUM	5.3	CVE-2025-14524	CVE-2025-14524
MEDIUM	5.3	CVE-2025-14819	CVE-2025-14819
MEDIUM	5.3	CVE-2025-15079	CVE-2025-15079
MEDIUM	5.3	CVE-2026-22796	CVE-2026-22796
MEDIUM	5.3	CVE-2026-23865	CVE-2026-23865
MEDIUM	5.3	CVE-2026-33558	CVE-2026-33558: Insertion of Sensitive Information into Log File
MEDIUM	5.3	CVE-2026-3783	CVE-2026-3783
MEDIUM	5.3	CVE-2026-41417	CVE-2026-41417: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
MEDIUM	5.3	CVE-2026-44248	CVE-2026-44248: Uncontrolled Resource Consumption
MEDIUM	5.3	CVE-2026-45292	CVE-2026-45292: Allocation of Resources Without Limits or Throttling
MEDIUM	5.1	CVE-2024-38808	CVE-2024-38808: Allocation of Resources Without Limits or Throttling
MEDIUM	5.1	CVE-2026-23868	CVE-2026-23868
MEDIUM	5.1	CVE-2026-34757	CVE-2026-34757
MEDIUM	4.8	CVE-2024-38827	CVE-2024-38827: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM	4.8	CVE-2026-21925	CVE-2026-21925
MEDIUM	4.8	CVE-2026-6042	CVE-2026-6042
MEDIUM	4.7	CVE-2025-68160	CVE-2025-68160
MEDIUM	4.6	CVE-2026-22184	CVE-2026-22184
MEDIUM	4.3	CVE-2021-39194	CVE-2021-39194: Improper Handling of Missing Values
MEDIUM	4.3	CVE-2025-10966	CVE-2025-10966
MEDIUM	4.0	CVE-2025-69418	CVE-2025-69418
MEDIUM	4.0	CVE-2026-32776	CVE-2026-32776
MEDIUM	4.0	CVE-2026-32777	CVE-2026-32777
MEDIUM	4.0	CVE-2026-41254	CVE-2026-41254
LOW	3.7	CVE-2025-11143	CVE-2025-11143: Improper Input Validation
LOW	3.2	CVE-2025-46394	CVE-2025-46394
LOW	3.1	CVE-2025-15224	CVE-2025-15224
LOW	2.9	CVE-2026-24515	CVE-2026-24515
LOW	2.9	CVE-2026-27171	CVE-2026-27171
LOW	2.9	CVE-2026-32778	CVE-2026-32778
LOW	2.9	CVE-2026-42578	CVE-2026-42578: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
LOW	2.7	CVE-2025-66453	CVE-2025-66453: Uncontrolled Resource Consumption
LOW	2.5	CVE-2024-58251	CVE-2024-58251
LOW	2.3	CVE-2026-32588	CVE-2026-32588: Uncontrolled Resource Consumption
LOW	1.9	CVE-2026-3293	CVE-2026-3293: Uncontrolled Resource Consumption

↑2.15.0

Severity Breakdown

Severity	Count
CRITICAL	7
HIGH	55
MEDIUM	76
LOW	16

Details for version: 2.15.0

CVE Details for Version: 2.15.0

Severity	Score	CVE ID	Description
CRITICAL	10.0	CVE-2025-66516	CVE-2025-66516: Improper Restriction of XML External Entity Reference
CRITICAL	9.8	CVE-2026-31789	CVE-2026-31789
CRITICAL	9.8	CVE-2026-32767	CVE-2026-32767
CRITICAL	9.8	CVE-2026-42027	CVE-2026-42027: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
CRITICAL	9.3	CVE-2025-54988	CVE-2025-54988: Improper Restriction of XML External Entity Reference
CRITICAL	9.2	CVE-2026-8178	CVE-2026-8178: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
CRITICAL	9.1	CVE-2026-40682	CVE-2026-40682: Improper Restriction of XML External Entity Reference
HIGH	8.9	CVE-2026-5598	CVE-2026-5598: Covert Timing Channel
HIGH	8.8	CVE-2020-9492	CVE-2020-9492: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
HIGH	8.8	CVE-2025-12183	CVE-2025-12183: Out-of-bounds Read
HIGH	8.8	CVE-2025-15467	CVE-2025-15467
HIGH	8.8	CVE-2025-48734	CVE-2025-48734: Improper Access Control
HIGH	8.8	CVE-2025-69194	CVE-2025-69194
HIGH	8.7	CVE-2023-52428	CVE-2023-52428: Uncontrolled Resource Consumption
HIGH	8.7	CVE-2026-33871	CVE-2026-33871: Allocation of Resources Without Limits or Throttling
HIGH	8.7	CVE-2026-35554	CVE-2026-35554: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
HIGH	8.3	CVE-2026-25646	CVE-2026-25646
HIGH	8.2	CVE-2025-55163	CVE-2025-55163: Allocation of Resources Without Limits or Throttling
HIGH	8.2	CVE-2025-66566	CVE-2025-66566: Insertion of Sensitive Information Into Sent Data
HIGH	8.2	CVE-2026-26740	CVE-2026-26740
HIGH	8.1	CVE-2025-59250	CVE-2025-59250: Improper Input Validation
HIGH	8.1	CVE-2026-28387	CVE-2026-28387
HIGH	8.1	CVE-2026-40200	CVE-2026-40200
HIGH	7.7	CVE-2024-47072	CVE-2024-47072: Stack-based Buffer Overflow
HIGH	7.7	CVE-2025-59419	CVE-2025-59419: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
HIGH	7.6	CVE-2026-33636	CVE-2026-33636
HIGH	7.5	CVE-2021-31684	CVE-2021-31684: Out-of-bounds Read
HIGH	7.5	CVE-2022-41404	CVE-2022-41404: Uncontrolled Resource Consumption
HIGH	7.5	CVE-2023-1370	CVE-2023-1370: Uncontrolled Recursion
HIGH	7.5	CVE-2023-28118	CVE-2023-28118: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
HIGH	7.5	CVE-2024-21634	CVE-2024-21634: Allocation of Resources Without Limits or Throttling
HIGH	7.5	CVE-2025-13151	CVE-2025-13151
HIGH	7.5	CVE-2025-41249	CVE-2025-41249: Improper Authorization
HIGH	7.5	CVE-2025-53066	CVE-2025-53066
HIGH	7.5	CVE-2025-59375	CVE-2025-59375
HIGH	7.5	CVE-2025-69420	CVE-2025-69420
HIGH	7.5	CVE-2025-69421	CVE-2025-69421
HIGH	7.5	CVE-2025-9086	CVE-2025-9086
HIGH	7.5	CVE-2025-9230	CVE-2025-9230
HIGH	7.5	CVE-2026-21945	CVE-2026-21945
HIGH	7.5	CVE-2026-27135	CVE-2026-27135
HIGH	7.5	CVE-2026-28388	CVE-2026-28388
HIGH	7.5	CVE-2026-28389	CVE-2026-28389
HIGH	7.5	CVE-2026-28390	CVE-2026-28390
HIGH	7.5	CVE-2026-31790	CVE-2026-31790
HIGH	7.5	CVE-2026-33416	CVE-2026-33416
HIGH	7.5	CVE-2026-33870	CVE-2026-33870: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
HIGH	7.5	CVE-2026-3805	CVE-2026-3805
HIGH	7.5	CVE-2026-42198	CVE-2026-42198: Allocation of Resources Without Limits or Throttling
HIGH	7.5	CVE-2026-42440	CVE-2026-42440: Memory Allocation with Excessive Size Value
HIGH	7.5	CVE-2026-42579	CVE-2026-42579: Improper Input Validation
HIGH	7.5	CVE-2026-42583	CVE-2026-42583: Uncontrolled Resource Consumption
HIGH	7.5	CVE-2026-42587	CVE-2026-42587: Uncontrolled Resource Consumption
HIGH	7.4	CVE-2025-69419	CVE-2025-69419
HIGH	7.4	CVE-2026-21932	CVE-2026-21932
HIGH	7.4	CVE-2026-2332	CVE-2026-2332: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
HIGH	7.3	CVE-2026-2673	CVE-2026-2673
HIGH	7.3	CVE-2026-42584	CVE-2026-42584: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
HIGH	7.2	CVE-2024-13009	CVE-2024-13009: Improper Resource Shutdown or Release
HIGH	7.1	CVE-2025-64720	CVE-2025-64720
HIGH	7.1	CVE-2025-65018	CVE-2025-65018
HIGH	7.1	CVE-2025-66293	CVE-2025-66293
MEDIUM	6.9	CVE-2025-31672	CVE-2025-31672: Improper Input Validation
MEDIUM	6.9	CVE-2025-58050	CVE-2025-58050
MEDIUM	6.9	CVE-2025-58057	CVE-2025-58057: Improper Handling of Highly Compressed Data (Data Amplification)
MEDIUM	6.9	CVE-2026-25210	CVE-2026-25210
MEDIUM	6.9	CVE-2026-34478	CVE-2026-34478: Improper Output Neutralization for Logs
MEDIUM	6.9	CVE-2026-34480	CVE-2026-34480: Improper Encoding or Escaping of Output
MEDIUM	6.9	GHSA-72hv-8253-57qq	GHSA-72hv-8253-57qq: Allocation of Resources Without Limits or Throttling
MEDIUM	6.8	CVE-2026-22801	CVE-2026-22801
MEDIUM	6.8	CVE-2026-42586	CVE-2026-42586: Improper Neutralization of CRLF Sequences ('CRLF Injection')
MEDIUM	6.5	CVE-2024-45993	CVE-2024-45993
MEDIUM	6.5	CVE-2025-48924	CVE-2025-48924: Uncontrolled Recursion
MEDIUM	6.5	CVE-2025-60876	CVE-2025-60876
MEDIUM	6.5	CVE-2025-67735	CVE-2025-67735: Improper Neutralization of CRLF Sequences ('CRLF Injection')
MEDIUM	6.5	CVE-2025-9231	CVE-2025-9231
MEDIUM	6.5	CVE-2026-1965	CVE-2026-1965
MEDIUM	6.5	CVE-2026-3784	CVE-2026-3784
MEDIUM	6.5	CVE-2026-42580	CVE-2026-42580: Integer Overflow or Wraparound
MEDIUM	6.5	CVE-2026-42585	CVE-2026-42585: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
MEDIUM	6.3	CVE-2024-6763	CVE-2024-6763: Improper Validation of Syntactic Correctness of Input
MEDIUM	6.3	CVE-2025-14017	CVE-2025-14017
MEDIUM	6.3	CVE-2025-68161	CVE-2025-68161: Improper Validation of Certificate with Host Mismatch
MEDIUM	6.3	CVE-2026-34477	CVE-2026-34477: Improper Validation of Certificate with Host Mismatch
MEDIUM	6.1	CVE-2025-11187	CVE-2025-11187
MEDIUM	6.1	CVE-2025-64505	CVE-2025-64505
MEDIUM	6.1	CVE-2025-64506	CVE-2025-64506
MEDIUM	6.1	CVE-2026-21933	CVE-2026-21933
MEDIUM	6.1	CVE-2026-22695	CVE-2026-22695
MEDIUM	6.0	CVE-2025-7962	CVE-2025-7962: Improper Neutralization of Input Terminators
MEDIUM	5.9	CVE-2024-8184	CVE-2024-8184: Uncontrolled Resource Consumption
MEDIUM	5.9	CVE-2025-13034	CVE-2025-13034
MEDIUM	5.9	CVE-2025-15468	CVE-2025-15468
MEDIUM	5.9	CVE-2025-53057	CVE-2025-53057
MEDIUM	5.9	CVE-2025-62408	CVE-2025-62408
MEDIUM	5.9	CVE-2025-66199	CVE-2025-66199
MEDIUM	5.9	CVE-2025-9232	CVE-2025-9232
MEDIUM	5.9	CVE-2026-28208	CVE-2026-28208: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
MEDIUM	5.9	CVE-2026-34085	CVE-2026-34085
MEDIUM	5.9	CVE-2026-41245	CVE-2026-41245: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
MEDIUM	5.8	CVE-2024-58103	CVE-2024-58103: Uncontrolled Recursion
MEDIUM	5.8	CVE-2025-53864	CVE-2025-53864: Uncontrolled Recursion
MEDIUM	5.8	CVE-2026-42581	CVE-2026-42581: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
MEDIUM	5.5	CVE-2023-50570	CVE-2023-50570: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM	5.5	CVE-2024-35255	CVE-2024-35255: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
MEDIUM	5.5	CVE-2025-15469	CVE-2025-15469
MEDIUM	5.5	CVE-2026-0636	CVE-2026-0636: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
MEDIUM	5.5	CVE-2026-22795	CVE-2026-22795
MEDIUM	5.3	CVE-2021-34429	CVE-2021-34429: Exposure of Sensitive Information to an Unauthorized Actor
MEDIUM	5.3	CVE-2023-26048	CVE-2023-26048: Uncontrolled Resource Consumption
MEDIUM	5.3	CVE-2023-40167	CVE-2023-40167: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM	5.3	CVE-2024-9823	CVE-2024-9823: Uncontrolled Resource Consumption
MEDIUM	5.3	CVE-2025-10148	CVE-2025-10148
MEDIUM	5.3	CVE-2025-14524	CVE-2025-14524
MEDIUM	5.3	CVE-2025-14819	CVE-2025-14819
MEDIUM	5.3	CVE-2025-15079	CVE-2025-15079
MEDIUM	5.3	CVE-2026-22796	CVE-2026-22796
MEDIUM	5.3	CVE-2026-23865	CVE-2026-23865
MEDIUM	5.3	CVE-2026-33558	CVE-2026-33558: Insertion of Sensitive Information into Log File
MEDIUM	5.3	CVE-2026-3783	CVE-2026-3783
MEDIUM	5.3	CVE-2026-41417	CVE-2026-41417: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
MEDIUM	5.3	CVE-2026-44248	CVE-2026-44248: Uncontrolled Resource Consumption
MEDIUM	5.3	CVE-2026-45292	CVE-2026-45292: Allocation of Resources Without Limits or Throttling
MEDIUM	5.1	CVE-2024-38808	CVE-2024-38808: Allocation of Resources Without Limits or Throttling
MEDIUM	5.1	CVE-2026-23868	CVE-2026-23868
MEDIUM	5.1	CVE-2026-34757	CVE-2026-34757
MEDIUM	4.8	CVE-2024-38827	CVE-2024-38827: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM	4.8	CVE-2026-21925	CVE-2026-21925
MEDIUM	4.8	CVE-2026-6042	CVE-2026-6042
MEDIUM	4.7	CVE-2025-68160	CVE-2025-68160
MEDIUM	4.6	CVE-2026-22184	CVE-2026-22184
MEDIUM	4.3	CVE-2021-39194	CVE-2021-39194: Improper Handling of Missing Values
MEDIUM	4.3	CVE-2023-41900	CVE-2023-41900: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM	4.3	CVE-2025-10966	CVE-2025-10966
MEDIUM	4.0	CVE-2025-69418	CVE-2025-69418
MEDIUM	4.0	CVE-2026-32776	CVE-2026-32776
MEDIUM	4.0	CVE-2026-32777	CVE-2026-32777
MEDIUM	4.0	CVE-2026-41254	CVE-2026-41254
LOW	3.9	GHSA-58qw-p7qm-5rvh	GHSA-58qw-p7qm-5rvh: Improper Restriction of XML External Entity Reference
LOW	3.7	CVE-2025-11143	CVE-2025-11143: Improper Input Validation
LOW	3.5	CVE-2023-36479	CVE-2023-36479: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
LOW	3.2	CVE-2025-46394	CVE-2025-46394
LOW	3.1	CVE-2025-15224	CVE-2025-15224
LOW	3.1	CVE-2025-58056	CVE-2025-58056: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
LOW	2.9	CVE-2026-24515	CVE-2026-24515
LOW	2.9	CVE-2026-27171	CVE-2026-27171
LOW	2.9	CVE-2026-32778	CVE-2026-32778
LOW	2.9	CVE-2026-42578	CVE-2026-42578: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
LOW	2.7	CVE-2022-2047	CVE-2022-2047: Improper Input Validation
LOW	2.7	CVE-2025-66453	CVE-2025-66453: Uncontrolled Resource Consumption
LOW	2.5	CVE-2024-58251	CVE-2024-58251
LOW	2.4	CVE-2023-26049	CVE-2023-26049: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
LOW	2.3	CVE-2026-32588	CVE-2026-32588: Uncontrolled Resource Consumption
LOW	1.9	CVE-2026-3293	CVE-2026-3293: Uncontrolled Resource Consumption

↑2.14.0

Severity Breakdown

Severity	Count
CRITICAL	7
HIGH	59
MEDIUM	80
LOW	17

Details for version: 2.14.0

CVE Details for Version: 2.14.0

Severity	Score	CVE ID	Description
CRITICAL	10.0	CVE-2025-66516	CVE-2025-66516: Improper Restriction of XML External Entity Reference
CRITICAL	9.8	CVE-2026-31789	CVE-2026-31789
CRITICAL	9.8	CVE-2026-32767	CVE-2026-32767
CRITICAL	9.8	CVE-2026-42027	CVE-2026-42027: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
CRITICAL	9.3	CVE-2025-54988	CVE-2025-54988: Improper Restriction of XML External Entity Reference
CRITICAL	9.2	CVE-2026-8178	CVE-2026-8178: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
CRITICAL	9.1	CVE-2026-40682	CVE-2026-40682: Improper Restriction of XML External Entity Reference
HIGH	8.9	CVE-2026-5598	CVE-2026-5598: Covert Timing Channel
HIGH	8.8	CVE-2020-9492	CVE-2020-9492: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
HIGH	8.8	CVE-2025-12183	CVE-2025-12183: Out-of-bounds Read
HIGH	8.8	CVE-2025-15467	CVE-2025-15467
HIGH	8.8	CVE-2025-48734	CVE-2025-48734: Improper Access Control
HIGH	8.8	CVE-2025-69194	CVE-2025-69194
HIGH	8.7	CVE-2023-52428	CVE-2023-52428: Uncontrolled Resource Consumption
HIGH	8.7	CVE-2026-33871	CVE-2026-33871: Allocation of Resources Without Limits or Throttling
HIGH	8.7	CVE-2026-35554	CVE-2026-35554: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
HIGH	8.6	CVE-2025-50059	CVE-2025-50059
HIGH	8.3	CVE-2026-25646	CVE-2026-25646
HIGH	8.2	CVE-2025-49146	CVE-2025-49146: Improper Authentication
HIGH	8.2	CVE-2025-55163	CVE-2025-55163: Allocation of Resources Without Limits or Throttling
HIGH	8.2	CVE-2025-66566	CVE-2025-66566: Insertion of Sensitive Information Into Sent Data
HIGH	8.2	CVE-2026-26740	CVE-2026-26740
HIGH	8.1	CVE-2025-30749	CVE-2025-30749
HIGH	8.1	CVE-2025-50106	CVE-2025-50106
HIGH	8.1	CVE-2025-59250	CVE-2025-59250: Improper Input Validation
HIGH	8.1	CVE-2026-28387	CVE-2026-28387
HIGH	8.1	CVE-2026-40200	CVE-2026-40200
HIGH	7.7	CVE-2024-47072	CVE-2024-47072: Stack-based Buffer Overflow
HIGH	7.7	CVE-2025-59419	CVE-2025-59419: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
HIGH	7.6	CVE-2026-33636	CVE-2026-33636
HIGH	7.5	CVE-2021-31684	CVE-2021-31684: Out-of-bounds Read
HIGH	7.5	CVE-2022-41404	CVE-2022-41404: Uncontrolled Resource Consumption
HIGH	7.5	CVE-2023-1370	CVE-2023-1370: Uncontrolled Recursion
HIGH	7.5	CVE-2023-28118	CVE-2023-28118: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
HIGH	7.5	CVE-2024-21634	CVE-2024-21634: Allocation of Resources Without Limits or Throttling
HIGH	7.5	CVE-2025-13151	CVE-2025-13151
HIGH	7.5	CVE-2025-41249	CVE-2025-41249: Improper Authorization
HIGH	7.5	CVE-2025-53066	CVE-2025-53066
HIGH	7.5	CVE-2025-5399	CVE-2025-5399
HIGH	7.5	CVE-2025-59375	CVE-2025-59375
HIGH	7.5	CVE-2025-69420	CVE-2025-69420
HIGH	7.5	CVE-2025-69421	CVE-2025-69421
HIGH	7.5	CVE-2025-9086	CVE-2025-9086
HIGH	7.5	CVE-2025-9230	CVE-2025-9230
HIGH	7.5	CVE-2026-21945	CVE-2026-21945
HIGH	7.5	CVE-2026-27135	CVE-2026-27135
HIGH	7.5	CVE-2026-28388	CVE-2026-28388
HIGH	7.5	CVE-2026-28389	CVE-2026-28389
HIGH	7.5	CVE-2026-28390	CVE-2026-28390
HIGH	7.5	CVE-2026-31790	CVE-2026-31790
HIGH	7.5	CVE-2026-33416	CVE-2026-33416
HIGH	7.5	CVE-2026-33870	CVE-2026-33870: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
HIGH	7.5	CVE-2026-3805	CVE-2026-3805
HIGH	7.5	CVE-2026-42198	CVE-2026-42198: Allocation of Resources Without Limits or Throttling
HIGH	7.5	CVE-2026-42440	CVE-2026-42440: Memory Allocation with Excessive Size Value
HIGH	7.5	CVE-2026-42579	CVE-2026-42579: Improper Input Validation
HIGH	7.5	CVE-2026-42583	CVE-2026-42583: Uncontrolled Resource Consumption
HIGH	7.5	CVE-2026-42587	CVE-2026-42587: Uncontrolled Resource Consumption
HIGH	7.4	CVE-2025-69419	CVE-2025-69419
HIGH	7.4	CVE-2026-21932	CVE-2026-21932
HIGH	7.4	CVE-2026-2332	CVE-2026-2332: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
HIGH	7.3	CVE-2026-42584	CVE-2026-42584: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
HIGH	7.2	CVE-2024-13009	CVE-2024-13009: Improper Resource Shutdown or Release
HIGH	7.1	CVE-2025-64720	CVE-2025-64720
HIGH	7.1	CVE-2025-65018	CVE-2025-65018
HIGH	7.1	CVE-2025-66293	CVE-2025-66293
MEDIUM	6.9	CVE-2025-31672	CVE-2025-31672: Improper Input Validation
MEDIUM	6.9	CVE-2025-58057	CVE-2025-58057: Improper Handling of Highly Compressed Data (Data Amplification)
MEDIUM	6.9	CVE-2026-25210	CVE-2026-25210
MEDIUM	6.9	CVE-2026-34478	CVE-2026-34478: Improper Output Neutralization for Logs
MEDIUM	6.9	CVE-2026-34480	CVE-2026-34480: Improper Encoding or Escaping of Output
MEDIUM	6.9	GHSA-72hv-8253-57qq	GHSA-72hv-8253-57qq: Allocation of Resources Without Limits or Throttling
MEDIUM	6.8	CVE-2026-22801	CVE-2026-22801
MEDIUM	6.8	CVE-2026-42586	CVE-2026-42586: Improper Neutralization of CRLF Sequences ('CRLF Injection')
MEDIUM	6.5	CVE-2024-45993	CVE-2024-45993
MEDIUM	6.5	CVE-2025-48924	CVE-2025-48924: Uncontrolled Recursion
MEDIUM	6.5	CVE-2025-4947	CVE-2025-4947
MEDIUM	6.5	CVE-2025-60876	CVE-2025-60876
MEDIUM	6.5	CVE-2025-67735	CVE-2025-67735: Improper Neutralization of CRLF Sequences ('CRLF Injection')
MEDIUM	6.5	CVE-2025-9231	CVE-2025-9231
MEDIUM	6.5	CVE-2026-1965	CVE-2026-1965
MEDIUM	6.5	CVE-2026-3784	CVE-2026-3784
MEDIUM	6.5	CVE-2026-42580	CVE-2026-42580: Integer Overflow or Wraparound
MEDIUM	6.5	CVE-2026-42585	CVE-2026-42585: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
MEDIUM	6.3	CVE-2024-6763	CVE-2024-6763: Improper Validation of Syntactic Correctness of Input
MEDIUM	6.3	CVE-2025-14017	CVE-2025-14017
MEDIUM	6.3	CVE-2025-68161	CVE-2025-68161: Improper Validation of Certificate with Host Mismatch
MEDIUM	6.3	CVE-2026-34477	CVE-2026-34477: Improper Validation of Certificate with Host Mismatch
MEDIUM	6.2	CVE-2025-27817	CVE-2025-27817: Server-Side Request Forgery (SSRF)
MEDIUM	6.1	CVE-2025-22227	CVE-2025-22227: Exposure of Sensitive Information to an Unauthorized Actor
MEDIUM	6.1	CVE-2025-64505	CVE-2025-64505
MEDIUM	6.1	CVE-2025-64506	CVE-2025-64506
MEDIUM	6.1	CVE-2026-21933	CVE-2026-21933
MEDIUM	6.1	CVE-2026-22695	CVE-2026-22695
MEDIUM	6.0	CVE-2025-7962	CVE-2025-7962: Improper Neutralization of Input Terminators
MEDIUM	5.9	CVE-2024-8184	CVE-2024-8184: Uncontrolled Resource Consumption
MEDIUM	5.9	CVE-2025-13034	CVE-2025-13034
MEDIUM	5.9	CVE-2025-15468	CVE-2025-15468
MEDIUM	5.9	CVE-2025-53057	CVE-2025-53057
MEDIUM	5.9	CVE-2025-62408	CVE-2025-62408
MEDIUM	5.9	CVE-2025-66199	CVE-2025-66199
MEDIUM	5.9	CVE-2025-9232	CVE-2025-9232
MEDIUM	5.9	CVE-2026-28208	CVE-2026-28208: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
MEDIUM	5.9	CVE-2026-34085	CVE-2026-34085
MEDIUM	5.9	CVE-2026-41245	CVE-2026-41245: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
MEDIUM	5.8	CVE-2024-58103	CVE-2024-58103: Uncontrolled Recursion
MEDIUM	5.8	CVE-2025-53864	CVE-2025-53864: Uncontrolled Recursion
MEDIUM	5.8	CVE-2026-42581	CVE-2026-42581: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
MEDIUM	5.5	CVE-2023-2976	CVE-2023-2976: Creation of Temporary File in Directory with Insecure Permissions
MEDIUM	5.5	CVE-2023-50570	CVE-2023-50570: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM	5.5	CVE-2024-35255	CVE-2024-35255: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
MEDIUM	5.5	CVE-2025-4949	org.eclipse.jgit: XXE vulnerability in Eclipse JGit
MEDIUM	5.5	CVE-2026-0636	CVE-2026-0636: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
MEDIUM	5.5	CVE-2026-22795	CVE-2026-22795
MEDIUM	5.3	CVE-2021-34429	CVE-2021-34429: Exposure of Sensitive Information to an Unauthorized Actor
MEDIUM	5.3	CVE-2023-26048	CVE-2023-26048: Uncontrolled Resource Consumption
MEDIUM	5.3	CVE-2023-40167	CVE-2023-40167: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM	5.3	CVE-2024-9823	CVE-2024-9823: Uncontrolled Resource Consumption
MEDIUM	5.3	CVE-2025-10148	CVE-2025-10148
MEDIUM	5.3	CVE-2025-14524	CVE-2025-14524
MEDIUM	5.3	CVE-2025-14819	CVE-2025-14819
MEDIUM	5.3	CVE-2025-15079	CVE-2025-15079
MEDIUM	5.3	CVE-2026-22796	CVE-2026-22796
MEDIUM	5.3	CVE-2026-23865	CVE-2026-23865
MEDIUM	5.3	CVE-2026-33558	CVE-2026-33558: Insertion of Sensitive Information into Log File
MEDIUM	5.3	CVE-2026-3783	CVE-2026-3783
MEDIUM	5.3	CVE-2026-41417	CVE-2026-41417: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
MEDIUM	5.3	CVE-2026-44248	CVE-2026-44248: Uncontrolled Resource Consumption
MEDIUM	5.3	CVE-2026-45292	CVE-2026-45292: Allocation of Resources Without Limits or Throttling
MEDIUM	5.1	CVE-2024-38808	CVE-2024-38808: Allocation of Resources Without Limits or Throttling
MEDIUM	5.1	CVE-2026-23868	CVE-2026-23868
MEDIUM	5.1	CVE-2026-34757	CVE-2026-34757
MEDIUM	4.8	CVE-2024-38827	CVE-2024-38827: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM	4.8	CVE-2025-30754	CVE-2025-30754
MEDIUM	4.8	CVE-2025-5025	CVE-2025-5025
MEDIUM	4.8	CVE-2026-21925	CVE-2026-21925
MEDIUM	4.8	CVE-2026-6042	CVE-2026-6042
MEDIUM	4.7	CVE-2025-68160	CVE-2025-68160
MEDIUM	4.6	CVE-2026-22184	CVE-2026-22184
MEDIUM	4.3	CVE-2021-39194	CVE-2021-39194: Improper Handling of Missing Values
MEDIUM	4.3	CVE-2023-41900	CVE-2023-41900: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM	4.3	CVE-2025-10966	CVE-2025-10966
MEDIUM	4.0	CVE-2025-69418	CVE-2025-69418
MEDIUM	4.0	CVE-2026-32776	CVE-2026-32776
MEDIUM	4.0	CVE-2026-32777	CVE-2026-32777
MEDIUM	4.0	CVE-2026-41254	CVE-2026-41254
LOW	3.9	GHSA-58qw-p7qm-5rvh	GHSA-58qw-p7qm-5rvh: Improper Restriction of XML External Entity Reference
LOW	3.7	CVE-2025-11143	CVE-2025-11143: Improper Input Validation
LOW	3.5	CVE-2023-36479	CVE-2023-36479: Improper Neutralization of Quoting Syntax
LOW	3.3	CVE-2020-8908	CVE-2020-8908: Improper Handling of Alternate Encoding
LOW	3.2	CVE-2025-46394	CVE-2025-46394
LOW	3.1	CVE-2025-15224	CVE-2025-15224
LOW	3.1	CVE-2025-58056	CVE-2025-58056: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
LOW	2.9	CVE-2026-24515	CVE-2026-24515
LOW	2.9	CVE-2026-27171	CVE-2026-27171
LOW	2.9	CVE-2026-32778	CVE-2026-32778
LOW	2.9	CVE-2026-42578	CVE-2026-42578: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
LOW	2.7	CVE-2022-2047	CVE-2022-2047: Improper Input Validation
LOW	2.7	CVE-2025-66453	CVE-2025-66453: Uncontrolled Resource Consumption
LOW	2.5	CVE-2024-58251	CVE-2024-58251
LOW	2.4	CVE-2023-26049	CVE-2023-26049: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
LOW	2.3	CVE-2026-32588	CVE-2026-32588: Uncontrolled Resource Consumption
LOW	1.9	CVE-2026-3293	CVE-2026-3293: Uncontrolled Resource Consumption

↑2.13.0

Severity Breakdown

Severity	Count
CRITICAL	7
HIGH	65
MEDIUM	84
LOW	17

Details for version: 2.13.0

CVE Details for Version: 2.13.0

Severity	Score	CVE ID	Description
CRITICAL	10.0	CVE-2025-66516	CVE-2025-66516: Improper Restriction of XML External Entity Reference
CRITICAL	9.8	CVE-2026-31789	CVE-2026-31789
CRITICAL	9.8	CVE-2026-32767	CVE-2026-32767
CRITICAL	9.8	CVE-2026-42027	CVE-2026-42027: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
CRITICAL	9.3	CVE-2025-54988	CVE-2025-54988: Improper Restriction of XML External Entity Reference
CRITICAL	9.2	CVE-2026-8178	CVE-2026-8178: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
CRITICAL	9.1	CVE-2026-40682	CVE-2026-40682: Improper Restriction of XML External Entity Reference
HIGH	8.9	CVE-2026-5598	CVE-2026-5598: Covert Timing Channel
HIGH	8.8	CVE-2020-9492	CVE-2020-9492: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
HIGH	8.8	CVE-2025-12183	CVE-2025-12183: Out-of-bounds Read
HIGH	8.8	CVE-2025-15467	CVE-2025-15467
HIGH	8.8	CVE-2025-48734	CVE-2025-48734: Improper Access Control
HIGH	8.8	CVE-2025-69194	CVE-2025-69194
HIGH	8.7	CVE-2023-52428	CVE-2023-52428: Uncontrolled Resource Consumption
HIGH	8.7	CVE-2024-23945	CVE-2024-23945: Generation of Error Message Containing Sensitive Information
HIGH	8.7	CVE-2024-47554	CVE-2024-47554: Uncontrolled Resource Consumption
HIGH	8.7	CVE-2026-33871	CVE-2026-33871: Allocation of Resources Without Limits or Throttling
HIGH	8.7	CVE-2026-35554	CVE-2026-35554: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
HIGH	8.6	CVE-2025-50059	CVE-2025-50059
HIGH	8.3	CVE-2026-25646	CVE-2026-25646
HIGH	8.2	CVE-2025-49146	CVE-2025-49146: Improper Authentication
HIGH	8.2	CVE-2025-55163	CVE-2025-55163: Allocation of Resources Without Limits or Throttling
HIGH	8.2	CVE-2025-66566	CVE-2025-66566: Insertion of Sensitive Information Into Sent Data
HIGH	8.2	CVE-2026-26740	CVE-2026-26740
HIGH	8.1	CVE-2025-30749	CVE-2025-30749
HIGH	8.1	CVE-2025-50106	CVE-2025-50106
HIGH	8.1	CVE-2025-59250	CVE-2025-59250: Improper Input Validation
HIGH	8.1	CVE-2026-28387	CVE-2026-28387
HIGH	8.1	CVE-2026-40200	CVE-2026-40200
HIGH	7.7	CVE-2024-47072	CVE-2024-47072: Stack-based Buffer Overflow
HIGH	7.7	CVE-2025-59419	CVE-2025-59419: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
HIGH	7.6	CVE-2026-33636	CVE-2026-33636
HIGH	7.5	CVE-2021-31684	CVE-2021-31684: Out-of-bounds Read
HIGH	7.5	CVE-2021-34538	CVE-2021-34538: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
HIGH	7.5	CVE-2022-41404	CVE-2022-41404: Uncontrolled Resource Consumption
HIGH	7.5	CVE-2023-1370	CVE-2023-1370: Uncontrolled Recursion
HIGH	7.5	CVE-2023-28118	CVE-2023-28118: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
HIGH	7.5	CVE-2024-21634	CVE-2024-21634: Allocation of Resources Without Limits or Throttling
HIGH	7.5	CVE-2024-57699	CVE-2024-57699: Uncontrolled Recursion
HIGH	7.5	CVE-2025-13151	CVE-2025-13151
HIGH	7.5	CVE-2025-41249	CVE-2025-41249: Improper Authorization
HIGH	7.5	CVE-2025-53066	CVE-2025-53066
HIGH	7.5	CVE-2025-5399	CVE-2025-5399
HIGH	7.5	CVE-2025-59375	CVE-2025-59375
HIGH	7.5	CVE-2025-69420	CVE-2025-69420
HIGH	7.5	CVE-2025-69421	CVE-2025-69421
HIGH	7.5	CVE-2025-9086	CVE-2025-9086
HIGH	7.5	CVE-2025-9230	CVE-2025-9230
HIGH	7.5	CVE-2026-21945	CVE-2026-21945
HIGH	7.5	CVE-2026-27135	CVE-2026-27135
HIGH	7.5	CVE-2026-28388	CVE-2026-28388
HIGH	7.5	CVE-2026-28389	CVE-2026-28389
HIGH	7.5	CVE-2026-28390	CVE-2026-28390
HIGH	7.5	CVE-2026-31790	CVE-2026-31790
HIGH	7.5	CVE-2026-33416	CVE-2026-33416
HIGH	7.5	CVE-2026-33870	CVE-2026-33870: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
HIGH	7.5	CVE-2026-3805	CVE-2026-3805
HIGH	7.5	CVE-2026-42198	CVE-2026-42198: Allocation of Resources Without Limits or Throttling
HIGH	7.5	CVE-2026-42440	CVE-2026-42440: Memory Allocation with Excessive Size Value
HIGH	7.5	CVE-2026-42579	CVE-2026-42579: Improper Input Validation
HIGH	7.5	CVE-2026-42583	CVE-2026-42583: Uncontrolled Resource Consumption
HIGH	7.5	CVE-2026-42587	CVE-2026-42587: Uncontrolled Resource Consumption
HIGH	7.4	CVE-2025-69419	CVE-2025-69419
HIGH	7.4	CVE-2026-21932	CVE-2026-21932
HIGH	7.4	CVE-2026-2332	CVE-2026-2332: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
HIGH	7.3	CVE-2026-42584	CVE-2026-42584: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
HIGH	7.3	CVE-2026-43869	CVE-2026-43869: Improper Validation of Certificate with Host Mismatch
HIGH	7.2	CVE-2024-13009	CVE-2024-13009: Improper Resource Shutdown or Release
HIGH	7.1	CVE-2025-46762	CVE-2025-46762: External Control of File Name or Path
HIGH	7.1	CVE-2025-64720	CVE-2025-64720
HIGH	7.1	CVE-2025-65018	CVE-2025-65018
HIGH	7.1	CVE-2025-66293	CVE-2025-66293
MEDIUM	6.9	CVE-2025-31672	CVE-2025-31672: Improper Input Validation
MEDIUM	6.9	CVE-2025-58057	CVE-2025-58057: Improper Handling of Highly Compressed Data (Data Amplification)
MEDIUM	6.9	CVE-2026-25210	CVE-2026-25210
MEDIUM	6.9	CVE-2026-34478	CVE-2026-34478: Improper Output Neutralization for Logs
MEDIUM	6.9	CVE-2026-34480	CVE-2026-34480: Improper Encoding or Escaping of Output
MEDIUM	6.9	GHSA-72hv-8253-57qq	GHSA-72hv-8253-57qq: Allocation of Resources Without Limits or Throttling
MEDIUM	6.8	CVE-2024-31141	CVE-2024-31141: Improper Privilege Management
MEDIUM	6.8	CVE-2026-22801	CVE-2026-22801
MEDIUM	6.8	CVE-2026-42586	CVE-2026-42586: Improper Neutralization of CRLF Sequences ('CRLF Injection')
MEDIUM	6.7	CVE-2024-26308	CVE-2024-26308: Allocation of Resources Without Limits or Throttling
MEDIUM	6.5	CVE-2024-45993	CVE-2024-45993
MEDIUM	6.5	CVE-2025-48924	CVE-2025-48924: Uncontrolled Recursion
MEDIUM	6.5	CVE-2025-4947	CVE-2025-4947
MEDIUM	6.5	CVE-2025-60876	CVE-2025-60876
MEDIUM	6.5	CVE-2025-67735	CVE-2025-67735: Improper Neutralization of CRLF Sequences ('CRLF Injection')
MEDIUM	6.5	CVE-2025-9231	CVE-2025-9231
MEDIUM	6.5	CVE-2026-1965	CVE-2026-1965
MEDIUM	6.5	CVE-2026-3784	CVE-2026-3784
MEDIUM	6.5	CVE-2026-42580	CVE-2026-42580: Integer Overflow or Wraparound
MEDIUM	6.5	CVE-2026-42585	CVE-2026-42585: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
MEDIUM	6.3	CVE-2024-6763	CVE-2024-6763: Improper Validation of Syntactic Correctness of Input
MEDIUM	6.3	CVE-2025-14017	CVE-2025-14017
MEDIUM	6.3	CVE-2025-68161	CVE-2025-68161: Improper Validation of Certificate with Host Mismatch
MEDIUM	6.3	CVE-2026-34477	CVE-2026-34477: Improper Validation of Certificate with Host Mismatch
MEDIUM	6.2	CVE-2025-27817	CVE-2025-27817: Server-Side Request Forgery (SSRF)
MEDIUM	6.1	CVE-2025-22227	CVE-2025-22227: Exposure of Sensitive Information to an Unauthorized Actor
MEDIUM	6.1	CVE-2025-64505	CVE-2025-64505
MEDIUM	6.1	CVE-2025-64506	CVE-2025-64506
MEDIUM	6.1	CVE-2026-21933	CVE-2026-21933
MEDIUM	6.1	CVE-2026-22695	CVE-2026-22695
MEDIUM	6.0	CVE-2025-7962	CVE-2025-7962: Improper Neutralization of Input Terminators
MEDIUM	5.9	CVE-2024-25710	CVE-2024-25710: Loop with Unreachable Exit Condition ('Infinite Loop')
MEDIUM	5.9	CVE-2024-8184	CVE-2024-8184: Uncontrolled Resource Consumption
MEDIUM	5.9	CVE-2025-13034	CVE-2025-13034
MEDIUM	5.9	CVE-2025-15468	CVE-2025-15468
MEDIUM	5.9	CVE-2025-53057	CVE-2025-53057
MEDIUM	5.9	CVE-2025-62408	CVE-2025-62408
MEDIUM	5.9	CVE-2025-66199	CVE-2025-66199
MEDIUM	5.9	CVE-2025-9232	CVE-2025-9232
MEDIUM	5.9	CVE-2026-28208	CVE-2026-28208: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
MEDIUM	5.9	CVE-2026-34085	CVE-2026-34085
MEDIUM	5.9	CVE-2026-41245	CVE-2026-41245: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
MEDIUM	5.8	CVE-2024-58103	CVE-2024-58103: Uncontrolled Recursion
MEDIUM	5.8	CVE-2025-53864	CVE-2025-53864: Uncontrolled Recursion
MEDIUM	5.8	CVE-2026-42581	CVE-2026-42581: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
MEDIUM	5.5	CVE-2023-2976	CVE-2023-2976: Creation of Temporary File in Directory with Insecure Permissions
MEDIUM	5.5	CVE-2023-50570	CVE-2023-50570: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM	5.5	CVE-2024-35255	CVE-2024-35255: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
MEDIUM	5.5	CVE-2025-4949	org.eclipse.jgit: XXE vulnerability in Eclipse JGit
MEDIUM	5.5	CVE-2026-0636	CVE-2026-0636: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
MEDIUM	5.5	CVE-2026-22795	CVE-2026-22795
MEDIUM	5.3	CVE-2021-34429	CVE-2021-34429: Exposure of Sensitive Information to an Unauthorized Actor
MEDIUM	5.3	CVE-2023-26048	CVE-2023-26048: Uncontrolled Resource Consumption
MEDIUM	5.3	CVE-2023-40167	CVE-2023-40167: Improper Handling of Length Parameter Inconsistency
MEDIUM	5.3	CVE-2024-21742	CVE-2024-21742: Improper Input Validation
MEDIUM	5.3	CVE-2024-9823	CVE-2024-9823: Uncontrolled Resource Consumption
MEDIUM	5.3	CVE-2025-10148	CVE-2025-10148
MEDIUM	5.3	CVE-2025-14524	CVE-2025-14524
MEDIUM	5.3	CVE-2025-14819	CVE-2025-14819
MEDIUM	5.3	CVE-2025-15079	CVE-2025-15079
MEDIUM	5.3	CVE-2026-22796	CVE-2026-22796
MEDIUM	5.3	CVE-2026-23865	CVE-2026-23865
MEDIUM	5.3	CVE-2026-33558	CVE-2026-33558: Insertion of Sensitive Information into Log File
MEDIUM	5.3	CVE-2026-3783	CVE-2026-3783
MEDIUM	5.3	CVE-2026-41417	CVE-2026-41417: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
MEDIUM	5.3	CVE-2026-44248	CVE-2026-44248: Uncontrolled Resource Consumption
MEDIUM	5.3	CVE-2026-45292	CVE-2026-45292: Allocation of Resources Without Limits or Throttling
MEDIUM	5.1	CVE-2024-38808	CVE-2024-38808: Allocation of Resources Without Limits or Throttling
MEDIUM	5.1	CVE-2026-23868	CVE-2026-23868
MEDIUM	5.1	CVE-2026-34757	CVE-2026-34757
MEDIUM	4.8	CVE-2024-38827	CVE-2024-38827: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM	4.8	CVE-2025-30754	CVE-2025-30754
MEDIUM	4.8	CVE-2025-5025	CVE-2025-5025
MEDIUM	4.8	CVE-2026-21925	CVE-2026-21925
MEDIUM	4.8	CVE-2026-6042	CVE-2026-6042
MEDIUM	4.7	CVE-2025-68160	CVE-2025-68160
MEDIUM	4.6	CVE-2026-22184	CVE-2026-22184
MEDIUM	4.3	CVE-2021-39194	CVE-2021-39194: Improper Handling of Missing Values
MEDIUM	4.3	CVE-2023-41900	CVE-2023-41900: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM	4.3	CVE-2025-10966	CVE-2025-10966
MEDIUM	4.0	CVE-2025-69418	CVE-2025-69418
MEDIUM	4.0	CVE-2026-32776	CVE-2026-32776
MEDIUM	4.0	CVE-2026-32777	CVE-2026-32777
MEDIUM	4.0	CVE-2026-41254	CVE-2026-41254
LOW	3.9	GHSA-58qw-p7qm-5rvh	GHSA-58qw-p7qm-5rvh: Improper Restriction of XML External Entity Reference
LOW	3.7	CVE-2025-11143	CVE-2025-11143: Improper Input Validation
LOW	3.5	CVE-2023-36479	CVE-2023-36479: Improper Neutralization of Quoting Syntax
LOW	3.3	CVE-2020-8908	CVE-2020-8908: Improper Handling of Alternate Encoding
LOW	3.2	CVE-2025-46394	CVE-2025-46394
LOW	3.1	CVE-2025-15224	CVE-2025-15224
LOW	3.1	CVE-2025-58056	CVE-2025-58056: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
LOW	2.9	CVE-2026-24515	CVE-2026-24515
LOW	2.9	CVE-2026-27171	CVE-2026-27171
LOW	2.9	CVE-2026-32778	CVE-2026-32778
LOW	2.9	CVE-2026-42578	CVE-2026-42578: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
LOW	2.7	CVE-2022-2047	CVE-2022-2047: Improper Input Validation
LOW	2.7	CVE-2025-66453	CVE-2025-66453: Uncontrolled Resource Consumption
LOW	2.5	CVE-2024-58251	CVE-2024-58251
LOW	2.4	CVE-2023-26049	CVE-2023-26049: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
LOW	2.3	CVE-2026-32588	CVE-2026-32588: Uncontrolled Resource Consumption
LOW	1.9	CVE-2026-3293	CVE-2026-3293: Uncontrolled Resource Consumption

↑2.12.0

Severity Breakdown

Severity	Count
CRITICAL	9
HIGH	78
MEDIUM	92
LOW	19

Details for version: 2.12.0

CVE Details for Version: 2.12.0

Severity	Score	CVE ID	Description
CRITICAL	10.0	CVE-2025-30065	CVE-2025-30065: Deserialization of Untrusted Data
CRITICAL	10.0	CVE-2025-66516	CVE-2025-66516: Improper Restriction of XML External Entity Reference
CRITICAL	9.8	CVE-2023-25613	CVE-2023-25613: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CRITICAL	9.8	CVE-2026-31789	CVE-2026-31789
CRITICAL	9.8	CVE-2026-32767	CVE-2026-32767
CRITICAL	9.8	CVE-2026-42027	CVE-2026-42027: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
CRITICAL	9.3	CVE-2025-54988	CVE-2025-54988: Improper Restriction of XML External Entity Reference
CRITICAL	9.2	CVE-2026-8178	CVE-2026-8178: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
CRITICAL	9.1	CVE-2026-40682	CVE-2026-40682: Improper Restriction of XML External Entity Reference
HIGH	8.8	CVE-2020-9492	CVE-2020-9492: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
HIGH	8.8	CVE-2025-12183	CVE-2025-12183: Out-of-bounds Read
HIGH	8.8	CVE-2025-15467	CVE-2025-15467
HIGH	8.8	CVE-2025-48734	CVE-2025-48734: Improper Access Control
HIGH	8.8	CVE-2025-69194	CVE-2025-69194
HIGH	8.7	CVE-2023-52428	CVE-2023-52428: Uncontrolled Resource Consumption
HIGH	8.7	CVE-2024-7254	CVE-2024-7254: Improper Input Validation
HIGH	8.7	CVE-2026-33871	CVE-2026-33871: Allocation of Resources Without Limits or Throttling
HIGH	8.7	CVE-2026-35554	CVE-2026-35554: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
HIGH	8.6	CVE-2025-50059	CVE-2025-50059
HIGH	8.3	CVE-2025-31498	CVE-2025-31498
HIGH	8.3	CVE-2026-25646	CVE-2026-25646
HIGH	8.2	CVE-2025-49146	CVE-2025-49146: Improper Authentication
HIGH	8.2	CVE-2025-55163	CVE-2025-55163: Allocation of Resources Without Limits or Throttling
HIGH	8.2	CVE-2025-66566	CVE-2025-66566: Insertion of Sensitive Information Into Sent Data
HIGH	8.2	CVE-2026-26740	CVE-2026-26740
HIGH	8.1	CVE-2025-30749	CVE-2025-30749
HIGH	8.1	CVE-2025-50106	CVE-2025-50106
HIGH	8.1	CVE-2025-59250	CVE-2025-59250: Improper Input Validation
HIGH	8.1	CVE-2026-28387	CVE-2026-28387
HIGH	8.1	CVE-2026-40200	CVE-2026-40200
HIGH	7.7	CVE-2024-47072	CVE-2024-47072: Stack-based Buffer Overflow
HIGH	7.7	CVE-2025-23083	CVE-2025-23083
HIGH	7.6	CVE-2026-33636	CVE-2026-33636
HIGH	7.5	CVE-2019-16869	CVE-2019-16869: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
HIGH	7.5	CVE-2021-22569	CVE-2021-22569: Incorrect Behavior Order
HIGH	7.5	CVE-2021-31684	CVE-2021-31684: Out-of-bounds Read
HIGH	7.5	CVE-2021-37136	CVE-2021-37136: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
HIGH	7.5	CVE-2022-3509	CVE-2022-3509: Uncontrolled Resource Consumption
HIGH	7.5	CVE-2022-3510	CVE-2022-3510: Uncontrolled Resource Consumption
HIGH	7.5	CVE-2022-41404	CVE-2022-41404: Uncontrolled Resource Consumption
HIGH	7.5	CVE-2022-41881	CVE-2022-41881: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
HIGH	7.5	CVE-2023-1370	CVE-2023-1370: Uncontrolled Recursion
HIGH	7.5	CVE-2023-28118	CVE-2023-28118: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
HIGH	7.5	CVE-2023-34054	CVE-2023-34054: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
HIGH	7.5	CVE-2023-34062	CVE-2023-34062: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
HIGH	7.5	CVE-2023-34455	CVE-2023-34455: Allocation of Resources Without Limits or Throttling
HIGH	7.5	CVE-2023-43642	CVE-2023-43642: Allocation of Resources Without Limits or Throttling
HIGH	7.5	CVE-2024-21634	CVE-2024-21634: Allocation of Resources Without Limits or Throttling
HIGH	7.5	CVE-2024-57699	CVE-2024-57699: Uncontrolled Recursion
HIGH	7.5	CVE-2024-8176	CVE-2024-8176
HIGH	7.5	CVE-2025-13151	CVE-2025-13151
HIGH	7.5	CVE-2025-24970	CVE-2025-24970: Improper Input Validation
HIGH	7.5	CVE-2025-27553	CVE-2025-27553: Relative Path Traversal
HIGH	7.5	CVE-2025-41249	CVE-2025-41249: Improper Authorization
HIGH	7.5	CVE-2025-53066	CVE-2025-53066
HIGH	7.5	CVE-2025-5399	CVE-2025-5399
HIGH	7.5	CVE-2025-59375	CVE-2025-59375
HIGH	7.5	CVE-2025-69420	CVE-2025-69420
HIGH	7.5	CVE-2025-69421	CVE-2025-69421
HIGH	7.5	CVE-2025-9086	CVE-2025-9086
HIGH	7.5	CVE-2025-9230	CVE-2025-9230
HIGH	7.5	CVE-2026-21945	CVE-2026-21945
HIGH	7.5	CVE-2026-27135	CVE-2026-27135
HIGH	7.5	CVE-2026-28388	CVE-2026-28388
HIGH	7.5	CVE-2026-28389	CVE-2026-28389
HIGH	7.5	CVE-2026-28390	CVE-2026-28390
HIGH	7.5	CVE-2026-31790	CVE-2026-31790
HIGH	7.5	CVE-2026-33416	CVE-2026-33416
HIGH	7.5	CVE-2026-33870	CVE-2026-33870: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
HIGH	7.5	CVE-2026-3805	CVE-2026-3805
HIGH	7.5	CVE-2026-42198	CVE-2026-42198: Allocation of Resources Without Limits or Throttling
HIGH	7.5	CVE-2026-42440	CVE-2026-42440: Memory Allocation with Excessive Size Value
HIGH	7.5	CVE-2026-42579	CVE-2026-42579: Improper Input Validation
HIGH	7.5	CVE-2026-42583	CVE-2026-42583: Uncontrolled Resource Consumption
HIGH	7.5	CVE-2026-42587	CVE-2026-42587: Uncontrolled Resource Consumption
HIGH	7.4	CVE-2025-21587	CVE-2025-21587
HIGH	7.4	CVE-2025-69419	CVE-2025-69419
HIGH	7.4	CVE-2026-21932	CVE-2026-21932
HIGH	7.4	CVE-2026-2332	CVE-2026-2332: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
HIGH	7.3	CVE-2025-31344	CVE-2025-31344
HIGH	7.3	CVE-2026-42584	CVE-2026-42584: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
HIGH	7.2	CVE-2024-13009	CVE-2024-13009: Improper Resource Shutdown or Release
HIGH	7.1	CVE-2025-46762	CVE-2025-46762: External Control of File Name or Path
HIGH	7.1	CVE-2025-64720	CVE-2025-64720
HIGH	7.1	CVE-2025-65018	CVE-2025-65018
HIGH	7.1	CVE-2025-66293	CVE-2025-66293
HIGH	7.0	CVE-2024-25638	CVE-2024-25638: Insufficient Verification of Data Authenticity
MEDIUM	6.9	CVE-2024-29133	CVE-2024-29133: Out-of-bounds Write
MEDIUM	6.9	CVE-2025-30474	CVE-2025-30474: Exposure of Sensitive Information to an Unauthorized Actor
MEDIUM	6.9	CVE-2025-31672	CVE-2025-31672: Improper Input Validation
MEDIUM	6.9	CVE-2025-58057	CVE-2025-58057: Improper Handling of Highly Compressed Data (Data Amplification)
MEDIUM	6.9	CVE-2026-25210	CVE-2026-25210
MEDIUM	6.9	CVE-2026-34478	CVE-2026-34478: Improper Output Neutralization for Logs
MEDIUM	6.9	CVE-2026-34480	CVE-2026-34480: Improper Encoding or Escaping of Output
MEDIUM	6.9	GHSA-72hv-8253-57qq	GHSA-72hv-8253-57qq: Allocation of Resources Without Limits or Throttling
MEDIUM	6.8	CVE-2026-22801	CVE-2026-22801
MEDIUM	6.5	CVE-2023-34462	CVE-2023-34462: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM	6.5	CVE-2024-29131	CVE-2024-29131: Out-of-bounds Write
MEDIUM	6.5	CVE-2024-45993	CVE-2024-45993
MEDIUM	6.5	CVE-2025-48924	CVE-2025-48924: Uncontrolled Recursion
MEDIUM	6.5	CVE-2025-4947	CVE-2025-4947
MEDIUM	6.5	CVE-2025-60876	CVE-2025-60876
MEDIUM	6.5	CVE-2025-67735	CVE-2025-67735: Improper Neutralization of CRLF Sequences ('CRLF Injection')
MEDIUM	6.5	CVE-2025-9231	CVE-2025-9231
MEDIUM	6.5	CVE-2026-1965	CVE-2026-1965
MEDIUM	6.5	CVE-2026-3784	CVE-2026-3784
MEDIUM	6.5	CVE-2026-42580	CVE-2026-42580: Integer Overflow or Wraparound
MEDIUM	6.5	CVE-2026-42585	CVE-2026-42585: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
MEDIUM	6.3	CVE-2024-6763	CVE-2024-6763: Improper Validation of Syntactic Correctness of Input
MEDIUM	6.3	CVE-2025-14017	CVE-2025-14017
MEDIUM	6.3	CVE-2025-68161	CVE-2025-68161: Improper Validation of Certificate with Host Mismatch
MEDIUM	6.3	CVE-2026-34477	CVE-2026-34477: Improper Validation of Certificate with Host Mismatch
MEDIUM	6.2	CVE-2025-27817	CVE-2025-27817: Server-Side Request Forgery (SSRF)
MEDIUM	6.1	CVE-2025-22227	CVE-2025-22227: Exposure of Sensitive Information to an Unauthorized Actor
MEDIUM	6.1	CVE-2025-64505	CVE-2025-64505
MEDIUM	6.1	CVE-2025-64506	CVE-2025-64506
MEDIUM	6.1	CVE-2026-21933	CVE-2026-21933
MEDIUM	6.1	CVE-2026-22695	CVE-2026-22695
MEDIUM	6.0	CVE-2025-7962	CVE-2025-7962: Improper Neutralization of Input Terminators
MEDIUM	5.9	CVE-2021-21295	CVE-2021-21295: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM	5.9	CVE-2021-21409	CVE-2021-21409: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM	5.9	CVE-2023-34453	CVE-2023-34453: Integer Overflow or Wraparound
MEDIUM	5.9	CVE-2023-34454	CVE-2023-34454: Integer Overflow or Wraparound
MEDIUM	5.9	CVE-2024-8184	CVE-2024-8184: Uncontrolled Resource Consumption
MEDIUM	5.9	CVE-2025-13034	CVE-2025-13034
MEDIUM	5.9	CVE-2025-15468	CVE-2025-15468
MEDIUM	5.9	CVE-2025-53057	CVE-2025-53057
MEDIUM	5.9	CVE-2025-62408	CVE-2025-62408
MEDIUM	5.9	CVE-2025-66199	CVE-2025-66199
MEDIUM	5.9	CVE-2025-9232	CVE-2025-9232
MEDIUM	5.9	CVE-2026-28208	CVE-2026-28208: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
MEDIUM	5.9	CVE-2026-34085	CVE-2026-34085
MEDIUM	5.9	CVE-2026-41245	CVE-2026-41245: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
MEDIUM	5.8	CVE-2024-58103	CVE-2024-58103: Uncontrolled Recursion
MEDIUM	5.8	CVE-2025-53864	CVE-2025-53864: Uncontrolled Recursion
MEDIUM	5.8	CVE-2026-42581	CVE-2026-42581: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
MEDIUM	5.7	CVE-2022-3171	CVE-2022-3171: Improper Input Validation
MEDIUM	5.6	CVE-2025-30698	CVE-2025-30698
MEDIUM	5.5	CVE-2021-22570	CVE-2021-22570: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM	5.5	CVE-2023-2976	CVE-2023-2976: Creation of Temporary File in Directory with Insecure Permissions
MEDIUM	5.5	CVE-2023-50570	CVE-2023-50570: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM	5.5	CVE-2024-35255	CVE-2024-35255: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
MEDIUM	5.5	CVE-2025-25193	CVE-2025-25193: Uncontrolled Resource Consumption
MEDIUM	5.5	CVE-2025-4949	org.eclipse.jgit: XXE vulnerability in Eclipse JGit
MEDIUM	5.5	CVE-2026-22795	CVE-2026-22795
MEDIUM	5.4	CVE-2024-47535	CVE-2024-47535: Uncontrolled Resource Consumption
MEDIUM	5.3	CVE-2020-29582	CVE-2020-29582: Incorrect Default Permissions
MEDIUM	5.3	CVE-2021-34429	CVE-2021-34429: Exposure of Sensitive Information to an Unauthorized Actor
MEDIUM	5.3	CVE-2022-24329	CVE-2022-24329: Improper Locking
MEDIUM	5.3	CVE-2023-26048	CVE-2023-26048: Uncontrolled Resource Consumption
MEDIUM	5.3	CVE-2023-40167	CVE-2023-40167: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM	5.3	CVE-2024-9823	CVE-2024-9823: Uncontrolled Resource Consumption
MEDIUM	5.3	CVE-2025-10148	CVE-2025-10148
MEDIUM	5.3	CVE-2025-14524	CVE-2025-14524
MEDIUM	5.3	CVE-2025-14819	CVE-2025-14819
MEDIUM	5.3	CVE-2025-15079	CVE-2025-15079
MEDIUM	5.3	CVE-2026-22796	CVE-2026-22796
MEDIUM	5.3	CVE-2026-23865	CVE-2026-23865
MEDIUM	5.3	CVE-2026-33558	CVE-2026-33558: Insertion of Sensitive Information into Log File
MEDIUM	5.3	CVE-2026-3783	CVE-2026-3783
MEDIUM	5.3	CVE-2026-41417	CVE-2026-41417: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
MEDIUM	5.3	CVE-2026-45292	CVE-2026-45292: Allocation of Resources Without Limits or Throttling
MEDIUM	5.1	CVE-2024-38808	CVE-2024-38808: Allocation of Resources Without Limits or Throttling
MEDIUM	5.1	CVE-2026-23868	CVE-2026-23868
MEDIUM	5.1	CVE-2026-34757	CVE-2026-34757
MEDIUM	4.8	CVE-2024-38827	CVE-2024-38827: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM	4.8	CVE-2025-30754	CVE-2025-30754
MEDIUM	4.8	CVE-2025-5025	CVE-2025-5025
MEDIUM	4.8	CVE-2026-21925	CVE-2026-21925
MEDIUM	4.8	CVE-2026-6042	CVE-2026-6042
MEDIUM	4.7	CVE-2025-68160	CVE-2025-68160
MEDIUM	4.6	CVE-2026-22184	CVE-2026-22184
MEDIUM	4.3	CVE-2021-39194	CVE-2021-39194: Improper Handling of Missing Values
MEDIUM	4.3	CVE-2023-41900	CVE-2023-41900: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM	4.3	CVE-2025-10966	CVE-2025-10966
MEDIUM	4.0	CVE-2025-69418	CVE-2025-69418
MEDIUM	4.0	CVE-2026-32776	CVE-2026-32776
MEDIUM	4.0	CVE-2026-32777	CVE-2026-32777
MEDIUM	4.0	CVE-2026-41254	CVE-2026-41254
LOW	3.9	GHSA-58qw-p7qm-5rvh	GHSA-58qw-p7qm-5rvh: Improper Restriction of XML External Entity Reference
LOW	3.7	CVE-2025-11143	CVE-2025-11143: Improper Input Validation
LOW	3.5	CVE-2023-36479	CVE-2023-36479: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
LOW	3.3	CVE-2020-8908	CVE-2020-8908: Improper Handling of Alternate Encoding
LOW	3.3	CVE-2025-27496	CVE-2025-27496: Insertion of Sensitive Information into Log File
LOW	3.2	CVE-2025-46394	CVE-2025-46394
LOW	3.1	CVE-2025-15224	CVE-2025-15224
LOW	3.1	CVE-2025-58056	CVE-2025-58056: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
LOW	2.9	CVE-2026-24515	CVE-2026-24515
LOW	2.9	CVE-2026-27171	CVE-2026-27171
LOW	2.9	CVE-2026-32778	CVE-2026-32778
LOW	2.9	CVE-2026-42578	CVE-2026-42578: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
LOW	2.7	CVE-2022-2047	CVE-2022-2047: Improper Input Validation
LOW	2.7	CVE-2025-66453	CVE-2025-66453: Uncontrolled Resource Consumption
LOW	2.5	CVE-2024-58251	CVE-2024-58251
LOW	2.4	CVE-2023-26049	CVE-2023-26049: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
LOW	2.3	CVE-2026-32588	CVE-2026-32588: Uncontrolled Resource Consumption
LOW	2.0	CVE-2024-23454	CVE-2024-23454: Improper Privilege Management
LOW	1.9	CVE-2026-3293	CVE-2026-3293: Uncontrolled Resource Consumption

↑2.11.0

Severity Breakdown

Severity	Count
CRITICAL	9
HIGH	83
MEDIUM	99
LOW	21

Details for version: 2.11.0

CVE Details for Version: 2.11.0

Severity	Score	CVE ID	Description
CRITICAL	10.0	CVE-2025-30065	CVE-2025-30065: Deserialization of Untrusted Data
CRITICAL	10.0	CVE-2025-66516	CVE-2025-66516: Improper Restriction of XML External Entity Reference
CRITICAL	9.8	CVE-2023-25613	CVE-2023-25613: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CRITICAL	9.8	CVE-2026-31789	CVE-2026-31789
CRITICAL	9.8	CVE-2026-32767	CVE-2026-32767
CRITICAL	9.8	CVE-2026-42027	CVE-2026-42027: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
CRITICAL	9.3	CVE-2025-54988	CVE-2025-54988: Improper Restriction of XML External Entity Reference
CRITICAL	9.2	CVE-2026-8178	CVE-2026-8178: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
CRITICAL	9.1	CVE-2026-40682	CVE-2026-40682: Improper Restriction of XML External Entity Reference
HIGH	8.8	CVE-2020-9492	CVE-2020-9492: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
HIGH	8.8	CVE-2025-12183	CVE-2025-12183: Out-of-bounds Read
HIGH	8.8	CVE-2025-15467	CVE-2025-15467
HIGH	8.8	CVE-2025-23015	CVE-2025-23015: Privilege Defined With Unsafe Actions
HIGH	8.8	CVE-2025-48734	CVE-2025-48734: Improper Access Control
HIGH	8.8	CVE-2025-69194	CVE-2025-69194
HIGH	8.7	CVE-2023-52428	CVE-2023-52428: Uncontrolled Resource Consumption
HIGH	8.7	CVE-2024-7254	CVE-2024-7254: Improper Input Validation
HIGH	8.7	CVE-2026-33871	CVE-2026-33871: Allocation of Resources Without Limits or Throttling
HIGH	8.7	CVE-2026-35554	CVE-2026-35554: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
HIGH	8.6	CVE-2025-50059	CVE-2025-50059
HIGH	8.3	CVE-2025-31498	CVE-2025-31498
HIGH	8.3	CVE-2026-25646	CVE-2026-25646
HIGH	8.2	CVE-2025-49146	CVE-2025-49146: Improper Authentication
HIGH	8.2	CVE-2025-55163	CVE-2025-55163: Allocation of Resources Without Limits or Throttling
HIGH	8.2	CVE-2025-66566	CVE-2025-66566: Insertion of Sensitive Information Into Sent Data
HIGH	8.2	CVE-2026-26740	CVE-2026-26740
HIGH	8.1	CVE-2025-26519	CVE-2025-26519
HIGH	8.1	CVE-2025-30749	CVE-2025-30749
HIGH	8.1	CVE-2025-50106	CVE-2025-50106
HIGH	8.1	CVE-2025-59250	CVE-2025-59250: Improper Input Validation
HIGH	8.1	CVE-2026-28387	CVE-2026-28387
HIGH	8.1	CVE-2026-40200	CVE-2026-40200
HIGH	7.8	CVE-2025-24789	CVE-2025-24789: Untrusted Search Path
HIGH	7.7	CVE-2024-47072	CVE-2024-47072: Stack-based Buffer Overflow
HIGH	7.7	CVE-2025-23083	CVE-2025-23083
HIGH	7.6	CVE-2026-33636	CVE-2026-33636
HIGH	7.5	CVE-2019-16869	CVE-2019-16869: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
HIGH	7.5	CVE-2021-22569	CVE-2021-22569: Incorrect Behavior Order
HIGH	7.5	CVE-2021-31684	CVE-2021-31684: Out-of-bounds Read
HIGH	7.5	CVE-2021-37136	CVE-2021-37136: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
HIGH	7.5	CVE-2022-3509	CVE-2022-3509: Uncontrolled Resource Consumption
HIGH	7.5	CVE-2022-3510	CVE-2022-3510: Uncontrolled Resource Consumption
HIGH	7.5	CVE-2022-41404	CVE-2022-41404: Uncontrolled Resource Consumption
HIGH	7.5	CVE-2022-41881	CVE-2022-41881: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
HIGH	7.5	CVE-2023-1370	CVE-2023-1370: Uncontrolled Recursion
HIGH	7.5	CVE-2023-28118	CVE-2023-28118: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
HIGH	7.5	CVE-2023-34054	CVE-2023-34054
HIGH	7.5	CVE-2023-34062	CVE-2023-34062: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
HIGH	7.5	CVE-2023-34455	CVE-2023-34455: Allocation of Resources Without Limits or Throttling
HIGH	7.5	CVE-2023-43642	CVE-2023-43642: Allocation of Resources Without Limits or Throttling
HIGH	7.5	CVE-2024-21634	CVE-2024-21634: Allocation of Resources Without Limits or Throttling
HIGH	7.5	CVE-2024-57699	CVE-2024-57699: Uncontrolled Recursion
HIGH	7.5	CVE-2024-8176	CVE-2024-8176
HIGH	7.5	CVE-2025-13151	CVE-2025-13151
HIGH	7.5	CVE-2025-24970	CVE-2025-24970: Improper Input Validation
HIGH	7.5	CVE-2025-27553	CVE-2025-27553: Relative Path Traversal
HIGH	7.5	CVE-2025-41249	CVE-2025-41249: Improper Authorization
HIGH	7.5	CVE-2025-53066	CVE-2025-53066
HIGH	7.5	CVE-2025-5399	CVE-2025-5399
HIGH	7.5	CVE-2025-59375	CVE-2025-59375
HIGH	7.5	CVE-2025-69420	CVE-2025-69420
HIGH	7.5	CVE-2025-69421	CVE-2025-69421
HIGH	7.5	CVE-2025-9086	CVE-2025-9086
HIGH	7.5	CVE-2025-9230	CVE-2025-9230
HIGH	7.5	CVE-2026-21945	CVE-2026-21945
HIGH	7.5	CVE-2026-27135	CVE-2026-27135
HIGH	7.5	CVE-2026-28388	CVE-2026-28388
HIGH	7.5	CVE-2026-28389	CVE-2026-28389
HIGH	7.5	CVE-2026-28390	CVE-2026-28390
HIGH	7.5	CVE-2026-31790	CVE-2026-31790
HIGH	7.5	CVE-2026-33416	CVE-2026-33416
HIGH	7.5	CVE-2026-33870	CVE-2026-33870: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
HIGH	7.5	CVE-2026-3805	CVE-2026-3805
HIGH	7.5	CVE-2026-42198	CVE-2026-42198: Allocation of Resources Without Limits or Throttling
HIGH	7.5	CVE-2026-42440	CVE-2026-42440: Memory Allocation with Excessive Size Value
HIGH	7.5	CVE-2026-42579	CVE-2026-42579: Improper Input Validation
HIGH	7.5	CVE-2026-42583	CVE-2026-42583: Uncontrolled Resource Consumption
HIGH	7.5	CVE-2026-42587	CVE-2026-42587: Uncontrolled Resource Consumption
HIGH	7.4	CVE-2025-21587	CVE-2025-21587
HIGH	7.4	CVE-2025-69419	CVE-2025-69419
HIGH	7.4	CVE-2026-21932	CVE-2026-21932
HIGH	7.4	CVE-2026-2332	CVE-2026-2332: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
HIGH	7.3	CVE-2025-0725	CVE-2025-0725
HIGH	7.3	CVE-2025-31344	CVE-2025-31344
HIGH	7.3	CVE-2026-42584	CVE-2026-42584: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
HIGH	7.2	CVE-2024-13009	CVE-2024-13009: Improper Resource Shutdown or Release
HIGH	7.1	CVE-2025-46762	CVE-2025-46762: External Control of File Name or Path
HIGH	7.1	CVE-2025-64720	CVE-2025-64720
HIGH	7.1	CVE-2025-65018	CVE-2025-65018
HIGH	7.1	CVE-2025-66293	CVE-2025-66293
HIGH	7.0	CVE-2024-25638	CVE-2024-25638: Insufficient Verification of Data Authenticity
HIGH	7.0	CVE-2025-0665	CVE-2025-0665
MEDIUM	6.9	CVE-2024-29133	CVE-2024-29133: Out-of-bounds Write
MEDIUM	6.9	CVE-2025-30474	CVE-2025-30474: Exposure of Sensitive Information to an Unauthorized Actor
MEDIUM	6.9	CVE-2025-31672	CVE-2025-31672: Improper Input Validation
MEDIUM	6.9	CVE-2025-58057	CVE-2025-58057: Improper Handling of Highly Compressed Data (Data Amplification)
MEDIUM	6.9	CVE-2026-25210	CVE-2026-25210
MEDIUM	6.9	CVE-2026-34478	CVE-2026-34478: Improper Output Neutralization for Logs
MEDIUM	6.9	CVE-2026-34480	CVE-2026-34480: Improper Encoding or Escaping of Output
MEDIUM	6.9	GHSA-72hv-8253-57qq	GHSA-72hv-8253-57qq: Allocation of Resources Without Limits or Throttling
MEDIUM	6.8	CVE-2026-22801	CVE-2026-22801
MEDIUM	6.5	CVE-2023-34462	CVE-2023-34462: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM	6.5	CVE-2024-29131	CVE-2024-29131: Out-of-bounds Write
MEDIUM	6.5	CVE-2024-45993	CVE-2024-45993
MEDIUM	6.5	CVE-2025-48924	CVE-2025-48924: Uncontrolled Recursion
MEDIUM	6.5	CVE-2025-4947	CVE-2025-4947
MEDIUM	6.5	CVE-2025-60876	CVE-2025-60876
MEDIUM	6.5	CVE-2025-67735	CVE-2025-67735: Improper Neutralization of CRLF Sequences ('CRLF Injection')
MEDIUM	6.5	CVE-2025-9231	CVE-2025-9231
MEDIUM	6.5	CVE-2026-1965	CVE-2026-1965
MEDIUM	6.5	CVE-2026-3784	CVE-2026-3784
MEDIUM	6.5	CVE-2026-42580	CVE-2026-42580: Integer Overflow or Wraparound
MEDIUM	6.5	CVE-2026-42585	CVE-2026-42585: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
MEDIUM	6.3	CVE-2024-12797	CVE-2024-12797
MEDIUM	6.3	CVE-2024-6763	CVE-2024-6763: Improper Validation of Syntactic Correctness of Input
MEDIUM	6.3	CVE-2025-14017	CVE-2025-14017
MEDIUM	6.3	CVE-2025-68161	CVE-2025-68161: Improper Validation of Certificate with Host Mismatch
MEDIUM	6.3	CVE-2026-34477	CVE-2026-34477: Improper Validation of Certificate with Host Mismatch
MEDIUM	6.2	CVE-2025-27817	CVE-2025-27817: Server-Side Request Forgery (SSRF)
MEDIUM	6.1	CVE-2025-22227	CVE-2025-22227: Exposure of Sensitive Information to an Unauthorized Actor
MEDIUM	6.1	CVE-2025-64505	CVE-2025-64505
MEDIUM	6.1	CVE-2025-64506	CVE-2025-64506
MEDIUM	6.1	CVE-2026-21933	CVE-2026-21933
MEDIUM	6.1	CVE-2026-22695	CVE-2026-22695
MEDIUM	6.0	CVE-2025-7962	CVE-2025-7962: Improper Neutralization of Input Terminators
MEDIUM	5.9	CVE-2021-21295	CVE-2021-21295: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM	5.9	CVE-2021-21409	CVE-2021-21409: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM	5.9	CVE-2023-34453	CVE-2023-34453: Integer Overflow or Wraparound
MEDIUM	5.9	CVE-2023-34454	CVE-2023-34454: Integer Overflow or Wraparound
MEDIUM	5.9	CVE-2024-27137	CVE-2024-27137: Exposure of Resource to Wrong Sphere
MEDIUM	5.9	CVE-2024-8184	CVE-2024-8184: Uncontrolled Resource Consumption
MEDIUM	5.9	CVE-2025-13034	CVE-2025-13034
MEDIUM	5.9	CVE-2025-15468	CVE-2025-15468
MEDIUM	5.9	CVE-2025-53057	CVE-2025-53057
MEDIUM	5.9	CVE-2025-62408	CVE-2025-62408
MEDIUM	5.9	CVE-2025-66199	CVE-2025-66199
MEDIUM	5.9	CVE-2025-9232	CVE-2025-9232
MEDIUM	5.9	CVE-2026-28208	CVE-2026-28208: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
MEDIUM	5.9	CVE-2026-34085	CVE-2026-34085
MEDIUM	5.9	CVE-2026-41245	CVE-2026-41245: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
MEDIUM	5.8	CVE-2024-58103	CVE-2024-58103: Uncontrolled Recursion
MEDIUM	5.8	CVE-2025-53864	CVE-2025-53864: Uncontrolled Recursion
MEDIUM	5.8	CVE-2026-42581	CVE-2026-42581: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
MEDIUM	5.7	CVE-2022-3171	CVE-2022-3171: Improper Input Validation
MEDIUM	5.6	CVE-2025-30698	CVE-2025-30698
MEDIUM	5.5	CVE-2021-22570	CVE-2021-22570: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM	5.5	CVE-2023-2976	CVE-2023-2976: Creation of Temporary File in Directory with Insecure Permissions
MEDIUM	5.5	CVE-2023-50570	CVE-2023-50570: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM	5.5	CVE-2024-35255	CVE-2024-35255: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
MEDIUM	5.5	CVE-2025-25193	CVE-2025-25193: Uncontrolled Resource Consumption
MEDIUM	5.5	CVE-2025-4949	org.eclipse.jgit: XXE vulnerability in Eclipse JGit
MEDIUM	5.5	CVE-2026-22795	CVE-2026-22795
MEDIUM	5.4	CVE-2024-47535	CVE-2024-47535: Uncontrolled Resource Consumption
MEDIUM	5.4	CVE-2025-24860	CVE-2025-24860: Incorrect Authorization
MEDIUM	5.3	CVE-2020-29582	CVE-2020-29582: Incorrect Default Permissions
MEDIUM	5.3	CVE-2021-34429	CVE-2021-34429: Exposure of Sensitive Information to an Unauthorized Actor
MEDIUM	5.3	CVE-2022-24329	CVE-2022-24329: Improper Locking
MEDIUM	5.3	CVE-2023-26048	CVE-2023-26048: Uncontrolled Resource Consumption
MEDIUM	5.3	CVE-2023-40167	CVE-2023-40167: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM	5.3	CVE-2024-12133	CVE-2024-12133
MEDIUM	5.3	CVE-2024-9823	CVE-2024-9823: Uncontrolled Resource Consumption
MEDIUM	5.3	CVE-2025-10148	CVE-2025-10148
MEDIUM	5.3	CVE-2025-14524	CVE-2025-14524
MEDIUM	5.3	CVE-2025-14819	CVE-2025-14819
MEDIUM	5.3	CVE-2025-15079	CVE-2025-15079
MEDIUM	5.3	CVE-2026-22796	CVE-2026-22796
MEDIUM	5.3	CVE-2026-23865	CVE-2026-23865
MEDIUM	5.3	CVE-2026-33558	CVE-2026-33558: Insertion of Sensitive Information into Log File
MEDIUM	5.3	CVE-2026-3783	CVE-2026-3783
MEDIUM	5.3	CVE-2026-41417	CVE-2026-41417: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
MEDIUM	5.3	CVE-2026-45292	CVE-2026-45292: Allocation of Resources Without Limits or Throttling
MEDIUM	5.1	CVE-2024-38808	CVE-2024-38808: Allocation of Resources Without Limits or Throttling
MEDIUM	5.1	CVE-2026-23868	CVE-2026-23868
MEDIUM	5.1	CVE-2026-34757	CVE-2026-34757
MEDIUM	4.8	CVE-2024-38827	CVE-2024-38827: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM	4.8	CVE-2025-21502	CVE-2025-21502
MEDIUM	4.8	CVE-2025-30754	CVE-2025-30754
MEDIUM	4.8	CVE-2025-5025	CVE-2025-5025
MEDIUM	4.8	CVE-2026-21925	CVE-2026-21925
MEDIUM	4.8	CVE-2026-6042	CVE-2026-6042
MEDIUM	4.7	CVE-2025-68160	CVE-2025-68160
MEDIUM	4.6	CVE-2026-22184	CVE-2026-22184
MEDIUM	4.4	CVE-2025-24790	CVE-2025-24790: Incorrect Default Permissions
MEDIUM	4.3	CVE-2021-39194	CVE-2021-39194: Improper Handling of Missing Values
MEDIUM	4.3	CVE-2023-41900	CVE-2023-41900: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM	4.3	CVE-2025-10966	CVE-2025-10966
MEDIUM	4.1	CVE-2024-13176	CVE-2024-13176
MEDIUM	4.0	CVE-2025-69418	CVE-2025-69418
MEDIUM	4.0	CVE-2026-32776	CVE-2026-32776
MEDIUM	4.0	CVE-2026-32777	CVE-2026-32777
MEDIUM	4.0	CVE-2026-41254	CVE-2026-41254
LOW	3.9	GHSA-58qw-p7qm-5rvh	GHSA-58qw-p7qm-5rvh: Improper Restriction of XML External Entity Reference
LOW	3.7	CVE-2025-11143	CVE-2025-11143: Improper Input Validation
LOW	3.5	CVE-2023-36479	CVE-2023-36479: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
LOW	3.4	CVE-2024-11053	CVE-2024-11053
LOW	3.4	CVE-2025-0167	CVE-2025-0167
LOW	3.3	CVE-2020-8908	CVE-2020-8908: Improper Handling of Alternate Encoding
LOW	3.3	CVE-2025-27496	CVE-2025-27496: Insertion of Sensitive Information into Log File
LOW	3.2	CVE-2025-46394	CVE-2025-46394
LOW	3.1	CVE-2025-15224	CVE-2025-15224
LOW	3.1	CVE-2025-58056	CVE-2025-58056: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
LOW	2.9	CVE-2026-24515	CVE-2026-24515
LOW	2.9	CVE-2026-27171	CVE-2026-27171
LOW	2.9	CVE-2026-32778	CVE-2026-32778
LOW	2.9	CVE-2026-42578	CVE-2026-42578: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
LOW	2.7	CVE-2022-2047	CVE-2022-2047: Improper Input Validation
LOW	2.7	CVE-2025-66453	CVE-2025-66453: Uncontrolled Resource Consumption
LOW	2.5	CVE-2024-58251	CVE-2024-58251
LOW	2.4	CVE-2023-26049	CVE-2023-26049: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
LOW	2.3	CVE-2026-32588	CVE-2026-32588: Uncontrolled Resource Consumption
LOW	2.0	CVE-2024-23454	CVE-2024-23454: Improper Privilege Management
LOW	1.9	CVE-2026-3293	CVE-2026-3293: Uncontrolled Resource Consumption

↑2.10.0

Severity Breakdown

Severity	Count
CRITICAL	11
HIGH	81
MEDIUM	100
LOW	25

Details for version: 2.10.0

CVE Details for Version: 2.10.0

Severity	Score	CVE ID	Description
CRITICAL	10.0	CVE-2025-30065	CVE-2025-30065: Deserialization of Untrusted Data
CRITICAL	10.0	CVE-2025-66516	CVE-2025-66516: Improper Restriction of XML External Entity Reference
CRITICAL	9.8	CVE-2021-37404	CVE-2021-37404: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CRITICAL	9.8	CVE-2022-25168	CVE-2022-25168: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CRITICAL	9.8	CVE-2023-25613	CVE-2023-25613: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CRITICAL	9.8	CVE-2026-31789	CVE-2026-31789
CRITICAL	9.8	CVE-2026-32767	CVE-2026-32767
CRITICAL	9.3	CVE-2024-47561	CVE-2024-47561: Deserialization of Untrusted Data
CRITICAL	9.3	CVE-2025-54988	CVE-2025-54988: Improper Restriction of XML External Entity Reference
CRITICAL	9.2	CVE-2026-8178	CVE-2026-8178: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
CRITICAL	9.1	CVE-2023-44981	CVE-2023-44981: Authorization Bypass Through User-Controlled Key
HIGH	8.8	CVE-2018-8009	CVE-2018-8009: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
HIGH	8.8	CVE-2018-8029	CVE-2018-8029: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
HIGH	8.8	CVE-2020-9492	CVE-2020-9492: Improper Privilege Management
HIGH	8.8	CVE-2025-12183	CVE-2025-12183: Out-of-bounds Read
HIGH	8.8	CVE-2025-15467	CVE-2025-15467
HIGH	8.8	CVE-2025-23015	CVE-2025-23015: Privilege Defined With Unsafe Actions
HIGH	8.8	CVE-2025-48734	CVE-2025-48734: Improper Access Control
HIGH	8.8	CVE-2025-69194	CVE-2025-69194
HIGH	8.7	CVE-2023-52428	CVE-2023-52428: Uncontrolled Resource Consumption
HIGH	8.7	CVE-2024-7254	CVE-2024-7254: Improper Input Validation
HIGH	8.7	CVE-2025-52999	CVE-2025-52999: Stack-based Buffer Overflow
HIGH	8.7	CVE-2026-33871	CVE-2026-33871: Allocation of Resources Without Limits or Throttling
HIGH	8.7	CVE-2026-35554	CVE-2026-35554: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
HIGH	8.6	CVE-2025-50059	CVE-2025-50059
HIGH	8.3	CVE-2025-31498	CVE-2025-31498
HIGH	8.3	CVE-2026-25646	CVE-2026-25646
HIGH	8.2	CVE-2025-55163	CVE-2025-55163: Allocation of Resources Without Limits or Throttling
HIGH	8.2	CVE-2025-66566	CVE-2025-66566: Insertion of Sensitive Information Into Sent Data
HIGH	8.2	CVE-2026-26740	CVE-2026-26740
HIGH	8.1	CVE-2025-26519	CVE-2025-26519
HIGH	8.1	CVE-2025-30749	CVE-2025-30749
HIGH	8.1	CVE-2025-50106	CVE-2025-50106
HIGH	8.1	CVE-2025-59250	CVE-2025-59250: Improper Input Validation
HIGH	8.1	CVE-2026-28387	CVE-2026-28387
HIGH	8.1	CVE-2026-40200	CVE-2026-40200
HIGH	7.8	CVE-2025-24789	CVE-2025-24789: Untrusted Search Path
HIGH	7.7	CVE-2024-47072	CVE-2024-47072: Stack-based Buffer Overflow
HIGH	7.7	CVE-2025-23083	CVE-2025-23083
HIGH	7.6	CVE-2026-33636	CVE-2026-33636
HIGH	7.5	CVE-2017-5637	CVE-2017-5637: Uncontrolled Resource Consumption
HIGH	7.5	CVE-2018-8012	CVE-2018-8012: Missing Authorization
HIGH	7.5	CVE-2019-16869	CVE-2019-16869: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
HIGH	7.5	CVE-2021-31684	CVE-2021-31684: Out-of-bounds Read
HIGH	7.5	CVE-2021-37136	CVE-2021-37136: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
HIGH	7.5	CVE-2022-40150	CVE-2022-40150: Uncontrolled Resource Consumption
HIGH	7.5	CVE-2022-41404	CVE-2022-41404: Uncontrolled Resource Consumption
HIGH	7.5	CVE-2022-41881	CVE-2022-41881: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
HIGH	7.5	CVE-2022-45685	CVE-2022-45685: Out-of-bounds Write
HIGH	7.5	CVE-2022-45693	CVE-2022-45693: Out-of-bounds Write
HIGH	7.5	CVE-2023-1370	CVE-2023-1370: Uncontrolled Recursion
HIGH	7.5	CVE-2023-1436	CVE-2023-1436: Uncontrolled Recursion
HIGH	7.5	CVE-2023-28118	CVE-2023-28118: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
HIGH	7.5	CVE-2023-34054	CVE-2023-34054
HIGH	7.5	CVE-2023-34062	CVE-2023-34062: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
HIGH	7.5	CVE-2024-21634	CVE-2024-21634: Allocation of Resources Without Limits or Throttling
HIGH	7.5	CVE-2024-57699	CVE-2024-57699: Uncontrolled Recursion
HIGH	7.5	CVE-2024-8176	CVE-2024-8176
HIGH	7.5	CVE-2025-13151	CVE-2025-13151
HIGH	7.5	CVE-2025-24970	CVE-2025-24970: Improper Input Validation
HIGH	7.5	CVE-2025-27553	CVE-2025-27553: Relative Path Traversal
HIGH	7.5	CVE-2025-41249	CVE-2025-41249: Improper Authorization
HIGH	7.5	CVE-2025-5399	CVE-2025-5399
HIGH	7.5	CVE-2025-59375	CVE-2025-59375
HIGH	7.5	CVE-2025-69420	CVE-2025-69420
HIGH	7.5	CVE-2025-69421	CVE-2025-69421
HIGH	7.5	CVE-2025-9086	CVE-2025-9086
HIGH	7.5	CVE-2025-9230	CVE-2025-9230
HIGH	7.5	CVE-2026-27135	CVE-2026-27135
HIGH	7.5	CVE-2026-28388	CVE-2026-28388
HIGH	7.5	CVE-2026-28389	CVE-2026-28389
HIGH	7.5	CVE-2026-28390	CVE-2026-28390
HIGH	7.5	CVE-2026-31790	CVE-2026-31790
HIGH	7.5	CVE-2026-33416	CVE-2026-33416
HIGH	7.5	CVE-2026-33870	CVE-2026-33870: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
HIGH	7.5	CVE-2026-3805	CVE-2026-3805
HIGH	7.5	CVE-2026-42198	CVE-2026-42198: Allocation of Resources Without Limits or Throttling
HIGH	7.5	CVE-2026-42579	CVE-2026-42579: Improper Input Validation
HIGH	7.5	CVE-2026-42583	CVE-2026-42583: Uncontrolled Resource Consumption
HIGH	7.5	CVE-2026-42587	CVE-2026-42587: Uncontrolled Resource Consumption
HIGH	7.4	CVE-2025-21587	CVE-2025-21587
HIGH	7.4	CVE-2025-69419	CVE-2025-69419
HIGH	7.4	CVE-2026-2332	CVE-2026-2332: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
HIGH	7.3	CVE-2025-0725	CVE-2025-0725
HIGH	7.3	CVE-2025-31344	CVE-2025-31344
HIGH	7.3	CVE-2026-42584	CVE-2026-42584: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
HIGH	7.2	CVE-2024-13009	CVE-2024-13009: Improper Resource Shutdown or Release
HIGH	7.1	CVE-2025-46762	CVE-2025-46762: External Control of File Name or Path
HIGH	7.1	CVE-2025-64720	CVE-2025-64720
HIGH	7.1	CVE-2025-65018	CVE-2025-65018
HIGH	7.1	CVE-2025-66293	CVE-2025-66293
HIGH	7.0	CVE-2025-0665	CVE-2025-0665
MEDIUM	6.9	CVE-2024-29133	CVE-2024-29133: Out-of-bounds Write
MEDIUM	6.9	CVE-2025-30474	CVE-2025-30474: Exposure of Sensitive Information to an Unauthorized Actor
MEDIUM	6.9	CVE-2025-31672	CVE-2025-31672: Improper Input Validation
MEDIUM	6.9	CVE-2025-58057	CVE-2025-58057: Improper Handling of Highly Compressed Data (Data Amplification)
MEDIUM	6.9	CVE-2026-25210	CVE-2026-25210
MEDIUM	6.9	CVE-2026-34478	CVE-2026-34478: Improper Output Neutralization for Logs
MEDIUM	6.9	CVE-2026-34480	CVE-2026-34480: Improper Encoding or Escaping of Output
MEDIUM	6.9	GHSA-72hv-8253-57qq	GHSA-72hv-8253-57qq: Allocation of Resources Without Limits or Throttling
MEDIUM	6.8	CVE-2026-22801	CVE-2026-22801
MEDIUM	6.5	CVE-2022-40149	CVE-2022-40149: Stack-based Buffer Overflow
MEDIUM	6.5	CVE-2023-34462	CVE-2023-34462: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM	6.5	CVE-2024-10524	CVE-2024-10524
MEDIUM	6.5	CVE-2024-29131	CVE-2024-29131: Out-of-bounds Write
MEDIUM	6.5	CVE-2024-43382	CVE-2024-43382: Missing Encryption of Sensitive Data
MEDIUM	6.5	CVE-2024-45993	CVE-2024-45993
MEDIUM	6.5	CVE-2024-9681	CVE-2024-9681
MEDIUM	6.5	CVE-2025-48924	CVE-2025-48924: Uncontrolled Recursion
MEDIUM	6.5	CVE-2025-4947	CVE-2025-4947
MEDIUM	6.5	CVE-2025-60876	CVE-2025-60876
MEDIUM	6.5	CVE-2025-67735	CVE-2025-67735: Improper Neutralization of CRLF Sequences ('CRLF Injection')
MEDIUM	6.5	CVE-2025-9231	CVE-2025-9231
MEDIUM	6.5	CVE-2026-1965	CVE-2026-1965
MEDIUM	6.5	CVE-2026-3784	CVE-2026-3784
MEDIUM	6.5	CVE-2026-42580	CVE-2026-42580: Integer Overflow or Wraparound
MEDIUM	6.5	CVE-2026-42585	CVE-2026-42585: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
MEDIUM	6.3	CVE-2024-12797	CVE-2024-12797
MEDIUM	6.3	CVE-2024-6763	CVE-2024-6763: Improper Validation of Syntactic Correctness of Input
MEDIUM	6.3	CVE-2025-14017	CVE-2025-14017
MEDIUM	6.3	CVE-2025-68161	CVE-2025-68161: Improper Validation of Certificate with Host Mismatch
MEDIUM	6.3	CVE-2026-34477	CVE-2026-34477: Improper Validation of Certificate with Host Mismatch
MEDIUM	6.2	CVE-2025-27817	CVE-2025-27817: Server-Side Request Forgery (SSRF)
MEDIUM	6.1	CVE-2025-22227	CVE-2025-22227: Exposure of Sensitive Information to an Unauthorized Actor
MEDIUM	6.1	CVE-2025-64505	CVE-2025-64505
MEDIUM	6.1	CVE-2025-64506	CVE-2025-64506
MEDIUM	6.1	CVE-2026-22695	CVE-2026-22695
MEDIUM	6.0	CVE-2025-7962	CVE-2025-7962: Improper Neutralization of Input Terminators
MEDIUM	5.9	CVE-2019-0201	CVE-2019-0201: Missing Authorization
MEDIUM	5.9	CVE-2021-21295	CVE-2021-21295: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM	5.9	CVE-2021-21409	CVE-2021-21409: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM	5.9	CVE-2024-27137	CVE-2024-27137: Exposure of Resource to Wrong Sphere
MEDIUM	5.9	CVE-2024-50602	CVE-2024-50602
MEDIUM	5.9	CVE-2024-8184	CVE-2024-8184: Uncontrolled Resource Consumption
MEDIUM	5.9	CVE-2025-13034	CVE-2025-13034
MEDIUM	5.9	CVE-2025-15468	CVE-2025-15468
MEDIUM	5.9	CVE-2025-62408	CVE-2025-62408
MEDIUM	5.9	CVE-2025-66199	CVE-2025-66199
MEDIUM	5.9	CVE-2025-9232	CVE-2025-9232
MEDIUM	5.9	CVE-2026-28208	CVE-2026-28208: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
MEDIUM	5.9	CVE-2026-34085	CVE-2026-34085
MEDIUM	5.9	CVE-2026-41245	CVE-2026-41245: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
MEDIUM	5.8	CVE-2024-58103	CVE-2024-58103: Uncontrolled Recursion
MEDIUM	5.8	CVE-2025-53864	CVE-2025-53864: Uncontrolled Recursion
MEDIUM	5.8	CVE-2026-42581	CVE-2026-42581: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
MEDIUM	5.6	CVE-2025-30698	CVE-2025-30698
MEDIUM	5.5	CVE-2023-2976	CVE-2023-2976: Creation of Temporary File in Directory with Insecure Permissions
MEDIUM	5.5	CVE-2023-50570	CVE-2023-50570: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM	5.5	CVE-2024-35255	CVE-2024-35255: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
MEDIUM	5.5	CVE-2025-25193	CVE-2025-25193: Uncontrolled Resource Consumption
MEDIUM	5.5	CVE-2025-4949	org.eclipse.jgit: XXE vulnerability in Eclipse JGit
MEDIUM	5.5	CVE-2026-22795	CVE-2026-22795
MEDIUM	5.4	CVE-2024-47535	CVE-2024-47535: Uncontrolled Resource Consumption
MEDIUM	5.4	CVE-2025-24860	CVE-2025-24860: Incorrect Authorization
MEDIUM	5.3	CVE-2021-34429	CVE-2021-34429: Exposure of Sensitive Information to an Unauthorized Actor
MEDIUM	5.3	CVE-2023-26048	CVE-2023-26048: Uncontrolled Resource Consumption
MEDIUM	5.3	CVE-2023-40167	CVE-2023-40167: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM	5.3	CVE-2024-12133	CVE-2024-12133
MEDIUM	5.3	CVE-2024-9823	CVE-2024-9823: Uncontrolled Resource Consumption
MEDIUM	5.3	CVE-2025-10148	CVE-2025-10148
MEDIUM	5.3	CVE-2025-14524	CVE-2025-14524
MEDIUM	5.3	CVE-2025-14819	CVE-2025-14819
MEDIUM	5.3	CVE-2025-15079	CVE-2025-15079
MEDIUM	5.3	CVE-2026-22796	CVE-2026-22796
MEDIUM	5.3	CVE-2026-23865	CVE-2026-23865
MEDIUM	5.3	CVE-2026-33558	CVE-2026-33558: Insertion of Sensitive Information into Log File
MEDIUM	5.3	CVE-2026-3783	CVE-2026-3783
MEDIUM	5.3	CVE-2026-41417	CVE-2026-41417: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
MEDIUM	5.3	CVE-2026-45292	CVE-2026-45292: Allocation of Resources Without Limits or Throttling
MEDIUM	5.1	CVE-2024-38808	CVE-2024-38808: Allocation of Resources Without Limits or Throttling
MEDIUM	5.1	CVE-2026-23868	CVE-2026-23868
MEDIUM	5.1	CVE-2026-34757	CVE-2026-34757
MEDIUM	4.8	CVE-2024-21235	CVE-2024-21235
MEDIUM	4.8	CVE-2024-38827	CVE-2024-38827: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM	4.8	CVE-2025-21502	CVE-2025-21502
MEDIUM	4.8	CVE-2025-30754	CVE-2025-30754
MEDIUM	4.8	CVE-2025-5025	CVE-2025-5025
MEDIUM	4.8	CVE-2026-6042	CVE-2026-6042
MEDIUM	4.7	CVE-2025-68160	CVE-2025-68160
MEDIUM	4.6	CVE-2026-22184	CVE-2026-22184
MEDIUM	4.4	CVE-2013-2035	CVE-2013-2035: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM	4.4	CVE-2025-24790	CVE-2025-24790: Incorrect Default Permissions
MEDIUM	4.3	CVE-2010-1330	CVE-2010-1330: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM	4.3	CVE-2021-39194	CVE-2021-39194: Improper Handling of Missing Values
MEDIUM	4.3	CVE-2023-41900	CVE-2023-41900: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM	4.3	CVE-2024-9143	CVE-2024-9143
MEDIUM	4.3	CVE-2025-10966	CVE-2025-10966
MEDIUM	4.1	CVE-2024-13176	CVE-2024-13176
MEDIUM	4.0	CVE-2025-69418	CVE-2025-69418
MEDIUM	4.0	CVE-2026-32776	CVE-2026-32776
MEDIUM	4.0	CVE-2026-32777	CVE-2026-32777
MEDIUM	4.0	CVE-2026-41254	CVE-2026-41254
LOW	3.9	GHSA-58qw-p7qm-5rvh	GHSA-58qw-p7qm-5rvh: Improper Restriction of XML External Entity Reference
LOW	3.7	CVE-2024-21208	CVE-2024-21208
LOW	3.7	CVE-2024-21210	CVE-2024-21210
LOW	3.7	CVE-2024-21211	CVE-2024-21211
LOW	3.7	CVE-2024-21217	CVE-2024-21217
LOW	3.7	CVE-2025-11143	CVE-2025-11143: Improper Input Validation
LOW	3.5	CVE-2023-36479	CVE-2023-36479: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
LOW	3.4	CVE-2024-11053	CVE-2024-11053
LOW	3.4	CVE-2025-0167	CVE-2025-0167
LOW	3.3	CVE-2020-8908	CVE-2020-8908: Improper Handling of Alternate Encoding
LOW	3.3	CVE-2025-27496	CVE-2025-27496: Insertion of Sensitive Information into Log File
LOW	3.2	CVE-2025-46394	CVE-2025-46394
LOW	3.1	CVE-2025-15224	CVE-2025-15224
LOW	3.1	CVE-2025-58056	CVE-2025-58056: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
LOW	2.9	CVE-2026-24515	CVE-2026-24515
LOW	2.9	CVE-2026-27171	CVE-2026-27171
LOW	2.9	CVE-2026-32778	CVE-2026-32778
LOW	2.9	CVE-2026-42578	CVE-2026-42578: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
LOW	2.7	CVE-2022-2047	CVE-2022-2047: Improper Input Validation
LOW	2.7	CVE-2025-66453	CVE-2025-66453: Uncontrolled Resource Consumption
LOW	2.5	CVE-2024-58251	CVE-2024-58251
LOW	2.4	CVE-2023-26049	CVE-2023-26049: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
LOW	2.3	CVE-2026-32588	CVE-2026-32588: Uncontrolled Resource Consumption
LOW	2.0	CVE-2024-23454	CVE-2024-23454: Improper Privilege Management
LOW	1.9	CVE-2026-3293	CVE-2026-3293: Uncontrolled Resource Consumption