Skip to Content

Apache Hop Security Vulnerability Scans

Last Updated: 07 Nov 2025 00:24:28

This vulnerabilities overview will be availabule in full until 31 Dec 2025. A reduced version will remain available as of 2026.

Quick Navigation

Development

Severity Breakdown

SeverityCount
HIGH11
MEDIUM8
LOW2

Details for version: Development

CVE Details for Version: Development

SeverityScoreCVE IDDescription
HIGH8.8CVE-2020-9492CVE-2020-9492: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
HIGH8.7CVE-2023-52428CVE-2023-52428: Uncontrolled Resource Consumption
HIGH8.1CVE-2025-59250CVE-2025-59250: Improper Input Validation
HIGH7.7CVE-2024-47072CVE-2024-47072: Stack-based Buffer Overflow
HIGH7.5CVE-2021-31684CVE-2021-31684: Out-of-bounds Read
HIGH7.5CVE-2022-41404CVE-2022-41404: Uncontrolled Resource Consumption
HIGH7.5CVE-2023-1370CVE-2023-1370: Uncontrolled Recursion
HIGH7.5CVE-2023-28118kaml has potential denial of service while parsing input with anchors and aliases
HIGH7.5CVE-2024-21634CVE-2024-21634: Allocation of Resources Without Limits or Throttling
HIGH7.5CVE-2025-41249CVE-2025-41249: Improper Authorization
HIGH7.5CVE-2025-55163netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability
MEDIUM6.5CVE-2024-45993CVE-2024-45993
MEDIUM6.5CVE-2025-48924CVE-2025-48924: Uncontrolled Recursion
MEDIUM5.8CVE-2024-58103Wire has Uncontrolled Recursion on Nested Groups
MEDIUM5.8CVE-2025-53864CVE-2025-53864: Uncontrolled Recursion
MEDIUM5.5CVE-2024-35255CVE-2024-35255: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
MEDIUM5.1CVE-2024-38808CVE-2024-38808: Allocation of Resources Without Limits or Throttling
MEDIUM4.8CVE-2024-38827CVE-2024-38827: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM4.3CVE-2021-39194Improper Handling of Missing Values in kaml
LOW3.2CVE-2025-46394CVE-2025-46394
LOW2.5CVE-2024-58251CVE-2024-58251

2.15.0

Severity Breakdown

SeverityCount
CRITICAL1
HIGH17
MEDIUM23
LOW7

Details for version: 2.15.0

CVE Details for Version: 2.15.0

SeverityScoreCVE IDDescription
CRITICAL9.3CVE-2025-54988CVE-2025-54988: Improper Restriction of XML External Entity Reference
HIGH8.8CVE-2020-9492CVE-2020-9492: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
HIGH8.8CVE-2025-48734CVE-2025-48734: Improper Access Control
HIGH8.7CVE-2023-52428CVE-2023-52428: Uncontrolled Resource Consumption
HIGH8.2CVE-2025-55163CVE-2025-55163: Allocation of Resources Without Limits or Throttling
HIGH8.1CVE-2025-59250CVE-2025-59250: Improper Input Validation
HIGH7.7CVE-2024-47072CVE-2024-47072: Stack-based Buffer Overflow
HIGH7.7CVE-2025-59419CVE-2025-59419: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
HIGH7.5CVE-2021-31684CVE-2021-31684: Out-of-bounds Read
HIGH7.5CVE-2022-41404CVE-2022-41404: Uncontrolled Resource Consumption
HIGH7.5CVE-2023-1370CVE-2023-1370: Uncontrolled Recursion
HIGH7.5CVE-2023-28118kaml has potential denial of service while parsing input with anchors and aliases
HIGH7.5CVE-2024-21634CVE-2024-21634: Allocation of Resources Without Limits or Throttling
HIGH7.5CVE-2025-41249CVE-2025-41249: Improper Authorization
HIGH7.5CVE-2025-59375CVE-2025-59375
HIGH7.5CVE-2025-9086CVE-2025-9086
HIGH7.5CVE-2025-9230CVE-2025-9230
HIGH7.2CVE-2024-13009CVE-2024-13009: Improper Resource Shutdown or Release
MEDIUM6.9CVE-2025-31672CVE-2025-31672: Improper Input Validation
MEDIUM6.9CVE-2025-58050CVE-2025-58050
MEDIUM6.9CVE-2025-58057CVE-2025-58057: Improper Handling of Highly Compressed Data (Data Amplification)
MEDIUM6.5CVE-2024-45993CVE-2024-45993
MEDIUM6.5CVE-2025-48924CVE-2025-48924: Uncontrolled Recursion
MEDIUM6.5CVE-2025-9231CVE-2025-9231
MEDIUM6.3CVE-2024-6763CVE-2024-6763: Improper Validation of Syntactic Correctness of Input
MEDIUM5.9CVE-2024-8184CVE-2024-8184: Uncontrolled Resource Consumption
MEDIUM5.9CVE-2025-9232CVE-2025-9232
MEDIUM5.8CVE-2024-58103Wire has Uncontrolled Recursion on Nested Groups
MEDIUM5.8CVE-2025-53864CVE-2025-53864: Uncontrolled Recursion
MEDIUM5.5CVE-2024-35255CVE-2024-35255: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
MEDIUM5.5CVE-2025-53057openjdk: Enhance certificate handling (Oracle CPU 2025-10)
MEDIUM5.5CVE-2025-53066openjdk: Enhance Path Factories (Oracle CPU 2025-10)
MEDIUM5.3CVE-2021-34429CVE-2021-34429: Exposure of Sensitive Information to an Unauthorized Actor
MEDIUM5.3CVE-2023-26048CVE-2023-26048: Uncontrolled Resource Consumption
MEDIUM5.3CVE-2023-40167CVE-2023-40167: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM5.3CVE-2024-9823CVE-2024-9823: Uncontrolled Resource Consumption
MEDIUM5.3CVE-2025-10148CVE-2025-10148
MEDIUM5.1CVE-2024-38808CVE-2024-38808: Allocation of Resources Without Limits or Throttling
MEDIUM4.8CVE-2024-38827CVE-2024-38827: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM4.3CVE-2021-39194Improper Handling of Missing Values in kaml
MEDIUM4.3CVE-2023-41900CVE-2023-41900: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
LOW3.9GHSA-58qw-p7qm-5rvhGHSA-58qw-p7qm-5rvh: Improper Restriction of XML External Entity Reference
LOW3.5CVE-2023-36479CVE-2023-36479: Improper Neutralization of Quoting Syntax
LOW3.2CVE-2025-46394CVE-2025-46394
LOW3.1CVE-2025-58056CVE-2025-58056: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
LOW2.7CVE-2022-2047CVE-2022-2047: Improper Input Validation
LOW2.5CVE-2024-58251CVE-2024-58251
LOW2.4CVE-2023-26049CVE-2023-26049: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

2.14.0

Severity Breakdown

SeverityCount
CRITICAL1
HIGH23
MEDIUM28
LOW8

Details for version: 2.14.0

CVE Details for Version: 2.14.0

SeverityScoreCVE IDDescription
CRITICAL9.3CVE-2025-54988CVE-2025-54988: Improper Restriction of XML External Entity Reference
HIGH8.8CVE-2020-9492CVE-2020-9492: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
HIGH8.8CVE-2025-48734CVE-2025-48734: Improper Access Control
HIGH8.7CVE-2023-52428CVE-2023-52428: Uncontrolled Resource Consumption
HIGH8.6CVE-2025-50059CVE-2025-50059
HIGH8.2CVE-2025-49146CVE-2025-49146: Improper Authentication
HIGH8.2CVE-2025-55163CVE-2025-55163: Allocation of Resources Without Limits or Throttling
HIGH8.1CVE-2025-30749CVE-2025-30749
HIGH8.1CVE-2025-50106CVE-2025-50106
HIGH8.1CVE-2025-59250CVE-2025-59250: Improper Input Validation
HIGH7.7CVE-2024-47072CVE-2024-47072: Stack-based Buffer Overflow
HIGH7.7CVE-2025-59419CVE-2025-59419: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
HIGH7.5CVE-2021-31684CVE-2021-31684: Out-of-bounds Read
HIGH7.5CVE-2022-41404CVE-2022-41404: Uncontrolled Resource Consumption
HIGH7.5CVE-2023-1370CVE-2023-1370: Uncontrolled Recursion
HIGH7.5CVE-2023-28118kaml has potential denial of service while parsing input with anchors and aliases
HIGH7.5CVE-2024-21634CVE-2024-21634: Allocation of Resources Without Limits or Throttling
HIGH7.5CVE-2025-41249CVE-2025-41249: Improper Authorization
HIGH7.5CVE-2025-53066CVE-2025-53066
HIGH7.5CVE-2025-5399CVE-2025-5399
HIGH7.5CVE-2025-59375CVE-2025-59375
HIGH7.5CVE-2025-9086CVE-2025-9086
HIGH7.5CVE-2025-9230CVE-2025-9230
HIGH7.2CVE-2024-13009CVE-2024-13009: Improper Resource Shutdown or Release
MEDIUM6.9CVE-2025-31672CVE-2025-31672: Improper Input Validation
MEDIUM6.9CVE-2025-58057CVE-2025-58057: Improper Handling of Highly Compressed Data (Data Amplification)
MEDIUM6.8CVE-2025-4949CVE-2025-4949: Improper Restriction of XML External Entity Reference
MEDIUM6.5CVE-2024-45993CVE-2024-45993
MEDIUM6.5CVE-2025-48924CVE-2025-48924: Uncontrolled Recursion
MEDIUM6.5CVE-2025-4947CVE-2025-4947
MEDIUM6.5CVE-2025-9231CVE-2025-9231
MEDIUM6.3CVE-2024-6763CVE-2024-6763: Improper Validation of Syntactic Correctness of Input
MEDIUM6.2CVE-2025-27817CVE-2025-27817: Server-Side Request Forgery (SSRF)
MEDIUM6.1CVE-2025-22227CVE-2025-22227: Exposure of Sensitive Information to an Unauthorized Actor
MEDIUM5.9CVE-2024-8184CVE-2024-8184: Uncontrolled Resource Consumption
MEDIUM5.9CVE-2025-53057CVE-2025-53057
MEDIUM5.9CVE-2025-9232CVE-2025-9232
MEDIUM5.8CVE-2024-58103Wire has Uncontrolled Recursion on Nested Groups
MEDIUM5.8CVE-2025-53864CVE-2025-53864: Uncontrolled Recursion
MEDIUM5.5CVE-2023-2976CVE-2023-2976: Creation of Temporary File in Directory with Insecure Permissions
MEDIUM5.5CVE-2024-35255CVE-2024-35255: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
MEDIUM5.3CVE-2021-34429CVE-2021-34429: Exposure of Sensitive Information to an Unauthorized Actor
MEDIUM5.3CVE-2023-26048CVE-2023-26048: Uncontrolled Resource Consumption
MEDIUM5.3CVE-2023-40167CVE-2023-40167: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM5.3CVE-2024-9823CVE-2024-9823: Uncontrolled Resource Consumption
MEDIUM5.3CVE-2025-10148CVE-2025-10148
MEDIUM5.1CVE-2024-38808CVE-2024-38808: Allocation of Resources Without Limits or Throttling
MEDIUM4.8CVE-2024-38827CVE-2024-38827: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM4.8CVE-2025-30754CVE-2025-30754
MEDIUM4.8CVE-2025-5025CVE-2025-5025
MEDIUM4.3CVE-2021-39194Improper Handling of Missing Values in kaml
MEDIUM4.3CVE-2023-41900CVE-2023-41900: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
LOW3.9GHSA-58qw-p7qm-5rvhGHSA-58qw-p7qm-5rvh: Improper Restriction of XML External Entity Reference
LOW3.5CVE-2023-36479CVE-2023-36479: Improper Neutralization of Quoting Syntax
LOW3.3CVE-2020-8908CVE-2020-8908: Improper Handling of Alternate Encoding
LOW3.2CVE-2025-46394CVE-2025-46394
LOW3.1CVE-2025-58056CVE-2025-58056: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
LOW2.7CVE-2022-2047CVE-2022-2047: Improper Input Validation
LOW2.5CVE-2024-58251CVE-2024-58251
LOW2.4CVE-2023-26049CVE-2023-26049: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

2.13.0

Severity Breakdown

SeverityCount
CRITICAL1
HIGH28
MEDIUM32
LOW8

Details for version: 2.13.0

CVE Details for Version: 2.13.0

SeverityScoreCVE IDDescription
CRITICAL9.3CVE-2025-54988CVE-2025-54988: Improper Restriction of XML External Entity Reference
HIGH8.8CVE-2020-9492CVE-2020-9492: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
HIGH8.8CVE-2025-48734CVE-2025-48734: Improper Access Control
HIGH8.7CVE-2023-52428CVE-2023-52428: Uncontrolled Resource Consumption
HIGH8.7CVE-2024-23945CVE-2024-23945: Generation of Error Message Containing Sensitive Information
HIGH8.7CVE-2024-47554CVE-2024-47554: Uncontrolled Resource Consumption
HIGH8.6CVE-2025-50059CVE-2025-50059
HIGH8.2CVE-2025-49146CVE-2025-49146: Improper Authentication
HIGH8.2CVE-2025-55163CVE-2025-55163: Allocation of Resources Without Limits or Throttling
HIGH8.1CVE-2025-30749CVE-2025-30749
HIGH8.1CVE-2025-50106CVE-2025-50106
HIGH8.1CVE-2025-59250CVE-2025-59250: Improper Input Validation
HIGH7.7CVE-2024-47072CVE-2024-47072: Stack-based Buffer Overflow
HIGH7.7CVE-2025-59419CVE-2025-59419: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
HIGH7.5CVE-2021-31684CVE-2021-31684: Out-of-bounds Read
HIGH7.5CVE-2021-34538CVE-2021-34538: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
HIGH7.5CVE-2022-41404CVE-2022-41404: Uncontrolled Resource Consumption
HIGH7.5CVE-2023-1370CVE-2023-1370: Uncontrolled Recursion
HIGH7.5CVE-2023-28118kaml has potential denial of service while parsing input with anchors and aliases
HIGH7.5CVE-2024-21634CVE-2024-21634: Allocation of Resources Without Limits or Throttling
HIGH7.5CVE-2024-57699CVE-2024-57699: Uncontrolled Recursion
HIGH7.5CVE-2025-41249CVE-2025-41249: Improper Authorization
HIGH7.5CVE-2025-53066CVE-2025-53066
HIGH7.5CVE-2025-5399CVE-2025-5399
HIGH7.5CVE-2025-59375CVE-2025-59375
HIGH7.5CVE-2025-9086CVE-2025-9086
HIGH7.5CVE-2025-9230CVE-2025-9230
HIGH7.2CVE-2024-13009CVE-2024-13009: Improper Resource Shutdown or Release
HIGH7.1CVE-2025-46762CVE-2025-46762: External Control of File Name or Path
MEDIUM6.9CVE-2025-31672CVE-2025-31672: Improper Input Validation
MEDIUM6.9CVE-2025-58057CVE-2025-58057: Improper Handling of Highly Compressed Data (Data Amplification)
MEDIUM6.8CVE-2024-31141CVE-2024-31141: Improper Privilege Management
MEDIUM6.8CVE-2025-4949CVE-2025-4949: Improper Restriction of XML External Entity Reference
MEDIUM6.7CVE-2024-26308CVE-2024-26308: Allocation of Resources Without Limits or Throttling
MEDIUM6.5CVE-2024-45993CVE-2024-45993
MEDIUM6.5CVE-2025-48924CVE-2025-48924: Uncontrolled Recursion
MEDIUM6.5CVE-2025-4947CVE-2025-4947
MEDIUM6.5CVE-2025-9231CVE-2025-9231
MEDIUM6.3CVE-2024-6763CVE-2024-6763: Improper Validation of Syntactic Correctness of Input
MEDIUM6.2CVE-2025-27817CVE-2025-27817: Server-Side Request Forgery (SSRF)
MEDIUM6.1CVE-2025-22227CVE-2025-22227: Exposure of Sensitive Information to an Unauthorized Actor
MEDIUM5.9CVE-2024-25710CVE-2024-25710: Loop with Unreachable Exit Condition ('Infinite Loop')
MEDIUM5.9CVE-2024-8184CVE-2024-8184: Uncontrolled Resource Consumption
MEDIUM5.9CVE-2025-53057CVE-2025-53057
MEDIUM5.9CVE-2025-9232CVE-2025-9232
MEDIUM5.8CVE-2024-58103Wire has Uncontrolled Recursion on Nested Groups
MEDIUM5.8CVE-2025-53864CVE-2025-53864: Uncontrolled Recursion
MEDIUM5.5CVE-2023-2976CVE-2023-2976: Creation of Temporary File in Directory with Insecure Permissions
MEDIUM5.5CVE-2024-35255CVE-2024-35255: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
MEDIUM5.3CVE-2021-34429CVE-2021-34429: Exposure of Sensitive Information to an Unauthorized Actor
MEDIUM5.3CVE-2023-26048CVE-2023-26048: Uncontrolled Resource Consumption
MEDIUM5.3CVE-2023-40167CVE-2023-40167: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM5.3CVE-2024-21742CVE-2024-21742: Improper Input Validation
MEDIUM5.3CVE-2024-9823CVE-2024-9823: Uncontrolled Resource Consumption
MEDIUM5.3CVE-2025-10148CVE-2025-10148
MEDIUM5.1CVE-2024-38808CVE-2024-38808: Allocation of Resources Without Limits or Throttling
MEDIUM4.8CVE-2024-38827CVE-2024-38827: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM4.8CVE-2025-30754CVE-2025-30754
MEDIUM4.8CVE-2025-5025CVE-2025-5025
MEDIUM4.3CVE-2021-39194Improper Handling of Missing Values in kaml
MEDIUM4.3CVE-2023-41900CVE-2023-41900: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
LOW3.9GHSA-58qw-p7qm-5rvhGHSA-58qw-p7qm-5rvh: Improper Restriction of XML External Entity Reference
LOW3.5CVE-2023-36479CVE-2023-36479: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
LOW3.3CVE-2020-8908CVE-2020-8908: Improper Handling of Alternate Encoding
LOW3.2CVE-2025-46394CVE-2025-46394
LOW3.1CVE-2025-58056CVE-2025-58056: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
LOW2.7CVE-2022-2047CVE-2022-2047: Improper Input Validation
LOW2.5CVE-2024-58251CVE-2024-58251
LOW2.4CVE-2023-26049CVE-2023-26049: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

2.12.0

Severity Breakdown

SeverityCount
CRITICAL3
HIGH43
MEDIUM43
LOW10

Details for version: 2.12.0

CVE Details for Version: 2.12.0

SeverityScoreCVE IDDescription
CRITICAL10.0CVE-2025-30065CVE-2025-30065: Deserialization of Untrusted Data
CRITICAL9.8CVE-2023-25613CVE-2023-25613: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CRITICAL9.3CVE-2025-54988CVE-2025-54988: Improper Restriction of XML External Entity Reference
HIGH8.8CVE-2020-9492CVE-2020-9492: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
HIGH8.8CVE-2025-48734CVE-2025-48734: Improper Access Control
HIGH8.7CVE-2023-52428CVE-2023-52428: Uncontrolled Resource Consumption
HIGH8.7CVE-2024-7254CVE-2024-7254: Improper Input Validation
HIGH8.6CVE-2025-50059CVE-2025-50059
HIGH8.3CVE-2025-31498CVE-2025-31498
HIGH8.2CVE-2025-49146CVE-2025-49146: Improper Authentication
HIGH8.2CVE-2025-55163CVE-2025-55163: Allocation of Resources Without Limits or Throttling
HIGH8.1CVE-2025-30749CVE-2025-30749
HIGH8.1CVE-2025-50106CVE-2025-50106
HIGH8.1CVE-2025-59250CVE-2025-59250: Improper Input Validation
HIGH7.7CVE-2024-47072CVE-2024-47072: Stack-based Buffer Overflow
HIGH7.7CVE-2025-23083CVE-2025-23083
HIGH7.5CVE-2019-16869CVE-2019-16869: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
HIGH7.5CVE-2021-22569CVE-2021-22569: Incorrect Behavior Order
HIGH7.5CVE-2021-31684CVE-2021-31684: Out-of-bounds Read
HIGH7.5CVE-2021-37136CVE-2021-37136: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
HIGH7.5CVE-2022-3509CVE-2022-3509: Uncontrolled Resource Consumption
HIGH7.5CVE-2022-3510CVE-2022-3510: Uncontrolled Resource Consumption
HIGH7.5CVE-2022-41404CVE-2022-41404: Uncontrolled Resource Consumption
HIGH7.5CVE-2022-41881CVE-2022-41881: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
HIGH7.5CVE-2023-1370CVE-2023-1370: Uncontrolled Recursion
HIGH7.5CVE-2023-28118kaml has potential denial of service while parsing input with anchors and aliases
HIGH7.5CVE-2023-34054CVE-2023-34054
HIGH7.5CVE-2023-34062CVE-2023-34062: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
HIGH7.5CVE-2023-34455CVE-2023-34455: Allocation of Resources Without Limits or Throttling
HIGH7.5CVE-2023-43642CVE-2023-43642: Allocation of Resources Without Limits or Throttling
HIGH7.5CVE-2024-21634CVE-2024-21634: Allocation of Resources Without Limits or Throttling
HIGH7.5CVE-2024-57699CVE-2024-57699: Uncontrolled Recursion
HIGH7.5CVE-2024-8176CVE-2024-8176
HIGH7.5CVE-2025-24970CVE-2025-24970: Improper Input Validation
HIGH7.5CVE-2025-27553CVE-2025-27553: Relative Path Traversal
HIGH7.5CVE-2025-41249CVE-2025-41249: Improper Authorization
HIGH7.5CVE-2025-53066CVE-2025-53066
HIGH7.5CVE-2025-5399CVE-2025-5399
HIGH7.5CVE-2025-59375CVE-2025-59375
HIGH7.5CVE-2025-9086CVE-2025-9086
HIGH7.5CVE-2025-9230CVE-2025-9230
HIGH7.4CVE-2025-21587CVE-2025-21587
HIGH7.3CVE-2025-31344CVE-2025-31344
HIGH7.2CVE-2024-13009CVE-2024-13009: Improper Resource Shutdown or Release
HIGH7.1CVE-2025-46762CVE-2025-46762: External Control of File Name or Path
HIGH7.0CVE-2024-25638CVE-2024-25638: Insufficient Verification of Data Authenticity
MEDIUM6.9CVE-2024-29133CVE-2024-29133: Out-of-bounds Write
MEDIUM6.9CVE-2025-30474CVE-2025-30474: Exposure of Sensitive Information to an Unauthorized Actor
MEDIUM6.9CVE-2025-31672CVE-2025-31672: Improper Input Validation
MEDIUM6.9CVE-2025-58057CVE-2025-58057: Improper Handling of Highly Compressed Data (Data Amplification)
MEDIUM6.8CVE-2025-4949CVE-2025-4949: Improper Restriction of XML External Entity Reference
MEDIUM6.5CVE-2023-34462CVE-2023-34462: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM6.5CVE-2024-29131CVE-2024-29131: Out-of-bounds Write
MEDIUM6.5CVE-2024-45993CVE-2024-45993
MEDIUM6.5CVE-2025-48924CVE-2025-48924: Uncontrolled Recursion
MEDIUM6.5CVE-2025-4947CVE-2025-4947
MEDIUM6.5CVE-2025-9231CVE-2025-9231
MEDIUM6.3CVE-2024-6763CVE-2024-6763: Improper Validation of Syntactic Correctness of Input
MEDIUM6.2CVE-2025-27817CVE-2025-27817: Server-Side Request Forgery (SSRF)
MEDIUM6.1CVE-2025-22227CVE-2025-22227: Exposure of Sensitive Information to an Unauthorized Actor
MEDIUM5.9CVE-2021-21295CVE-2021-21295: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM5.9CVE-2021-21409CVE-2021-21409: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM5.9CVE-2023-34453CVE-2023-34453: Integer Overflow or Wraparound
MEDIUM5.9CVE-2023-34454CVE-2023-34454: Integer Overflow or Wraparound
MEDIUM5.9CVE-2024-8184CVE-2024-8184: Uncontrolled Resource Consumption
MEDIUM5.9CVE-2025-53057CVE-2025-53057
MEDIUM5.9CVE-2025-9232CVE-2025-9232
MEDIUM5.8CVE-2024-58103Wire has Uncontrolled Recursion on Nested Groups
MEDIUM5.8CVE-2025-53864CVE-2025-53864: Uncontrolled Recursion
MEDIUM5.7CVE-2022-3171CVE-2022-3171: Improper Input Validation
MEDIUM5.6CVE-2025-30698CVE-2025-30698
MEDIUM5.5CVE-2021-22570CVE-2021-22570: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM5.5CVE-2023-2976CVE-2023-2976: Creation of Temporary File in Directory with Insecure Permissions
MEDIUM5.5CVE-2024-35255CVE-2024-35255: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
MEDIUM5.5CVE-2025-25193CVE-2025-25193: Uncontrolled Resource Consumption
MEDIUM5.4CVE-2024-47535CVE-2024-47535: Uncontrolled Resource Consumption
MEDIUM5.3CVE-2020-29582kotlin: vulnerable Java API was used for temporary file and folder creation which could result in information disclosure
MEDIUM5.3CVE-2021-34429CVE-2021-34429: Exposure of Sensitive Information to an Unauthorized Actor
MEDIUM5.3CVE-2022-24329kotlin: Not possible to lock dependencies for Multiplatform Gradle Projects
MEDIUM5.3CVE-2023-26048CVE-2023-26048: Uncontrolled Resource Consumption
MEDIUM5.3CVE-2023-40167CVE-2023-40167: Improper Handling of Length Parameter Inconsistency
MEDIUM5.3CVE-2024-9823CVE-2024-9823: Uncontrolled Resource Consumption
MEDIUM5.3CVE-2025-10148CVE-2025-10148
MEDIUM5.1CVE-2024-38808CVE-2024-38808: Allocation of Resources Without Limits or Throttling
MEDIUM4.8CVE-2024-38827CVE-2024-38827: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM4.8CVE-2025-30754CVE-2025-30754
MEDIUM4.8CVE-2025-5025CVE-2025-5025
MEDIUM4.3CVE-2021-39194Improper Handling of Missing Values in kaml
MEDIUM4.3CVE-2023-41900CVE-2023-41900: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
LOW3.9GHSA-58qw-p7qm-5rvhGHSA-58qw-p7qm-5rvh: Improper Restriction of XML External Entity Reference
LOW3.5CVE-2023-36479CVE-2023-36479: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
LOW3.3CVE-2020-8908CVE-2020-8908: Improper Handling of Alternate Encoding
LOW3.3CVE-2025-27496Snowflake JDBC Driver client-side encryption key in DEBUG logs
LOW3.2CVE-2025-46394CVE-2025-46394
LOW3.1CVE-2025-58056CVE-2025-58056: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
LOW2.7CVE-2022-2047CVE-2022-2047: Improper Input Validation
LOW2.5CVE-2024-58251CVE-2024-58251
LOW2.4CVE-2023-26049CVE-2023-26049: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
LOW2.0CVE-2024-23454CVE-2024-23454: Improper Privilege Management

2.11.0

Severity Breakdown

SeverityCount
CRITICAL4
HIGH47
MEDIUM50
LOW12

Details for version: 2.11.0

CVE Details for Version: 2.11.0

SeverityScoreCVE IDDescription
CRITICAL10.0CVE-2025-30065CVE-2025-30065: Deserialization of Untrusted Data
CRITICAL9.8CVE-2023-25613CVE-2023-25613: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CRITICAL9.8CVE-2025-0665CVE-2025-0665
CRITICAL9.3CVE-2025-54988CVE-2025-54988: Improper Restriction of XML External Entity Reference
HIGH8.8CVE-2020-9492CVE-2020-9492: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
HIGH8.8CVE-2025-23015CVE-2025-23015: Privilege Defined With Unsafe Actions
HIGH8.8CVE-2025-48734CVE-2025-48734: Improper Access Control
HIGH8.7CVE-2023-52428CVE-2023-52428: Uncontrolled Resource Consumption
HIGH8.7CVE-2024-7254CVE-2024-7254: Improper Input Validation
HIGH8.6CVE-2025-50059CVE-2025-50059
HIGH8.3CVE-2025-31498CVE-2025-31498
HIGH8.2CVE-2025-49146CVE-2025-49146: Improper Authentication
HIGH8.2CVE-2025-55163CVE-2025-55163: Allocation of Resources Without Limits or Throttling
HIGH8.1CVE-2025-26519CVE-2025-26519
HIGH8.1CVE-2025-30749CVE-2025-30749
HIGH8.1CVE-2025-50106CVE-2025-50106
HIGH8.1CVE-2025-59250CVE-2025-59250: Improper Input Validation
HIGH7.8CVE-2025-24789Snowflake JDBC allows an untrusted search path on Windows
HIGH7.7CVE-2024-47072CVE-2024-47072: Stack-based Buffer Overflow
HIGH7.7CVE-2025-23083CVE-2025-23083
HIGH7.5CVE-2019-16869CVE-2019-16869: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
HIGH7.5CVE-2021-22569CVE-2021-22569: Incorrect Behavior Order
HIGH7.5CVE-2021-31684CVE-2021-31684: Out-of-bounds Read
HIGH7.5CVE-2021-37136CVE-2021-37136: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
HIGH7.5CVE-2022-3509CVE-2022-3509: Uncontrolled Resource Consumption
HIGH7.5CVE-2022-3510CVE-2022-3510: Uncontrolled Resource Consumption
HIGH7.5CVE-2022-41404CVE-2022-41404: Uncontrolled Resource Consumption
HIGH7.5CVE-2022-41881CVE-2022-41881: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
HIGH7.5CVE-2023-1370CVE-2023-1370: Uncontrolled Recursion
HIGH7.5CVE-2023-28118kaml has potential denial of service while parsing input with anchors and aliases
HIGH7.5CVE-2023-34054CVE-2023-34054
HIGH7.5CVE-2023-34062CVE-2023-34062: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
HIGH7.5CVE-2023-34455CVE-2023-34455: Allocation of Resources Without Limits or Throttling
HIGH7.5CVE-2023-43642CVE-2023-43642: Allocation of Resources Without Limits or Throttling
HIGH7.5CVE-2024-21634CVE-2024-21634: Allocation of Resources Without Limits or Throttling
HIGH7.5CVE-2024-57699CVE-2024-57699: Uncontrolled Recursion
HIGH7.5CVE-2024-8176CVE-2024-8176
HIGH7.5CVE-2025-24970CVE-2025-24970: Improper Input Validation
HIGH7.5CVE-2025-27553CVE-2025-27553: Relative Path Traversal
HIGH7.5CVE-2025-41249CVE-2025-41249: Improper Authorization
HIGH7.5CVE-2025-53066CVE-2025-53066
HIGH7.5CVE-2025-5399CVE-2025-5399
HIGH7.5CVE-2025-59375CVE-2025-59375
HIGH7.5CVE-2025-9086CVE-2025-9086
HIGH7.5CVE-2025-9230CVE-2025-9230
HIGH7.4CVE-2025-21587CVE-2025-21587
HIGH7.3CVE-2025-0725CVE-2025-0725
HIGH7.3CVE-2025-31344CVE-2025-31344
HIGH7.2CVE-2024-13009CVE-2024-13009: Improper Resource Shutdown or Release
HIGH7.1CVE-2025-46762CVE-2025-46762: External Control of File Name or Path
HIGH7.0CVE-2024-25638CVE-2024-25638: Insufficient Verification of Data Authenticity
MEDIUM6.9CVE-2024-29133CVE-2024-29133: Out-of-bounds Write
MEDIUM6.9CVE-2025-30474CVE-2025-30474: Exposure of Sensitive Information to an Unauthorized Actor
MEDIUM6.9CVE-2025-31672CVE-2025-31672: Improper Input Validation
MEDIUM6.9CVE-2025-58057CVE-2025-58057: Improper Handling of Highly Compressed Data (Data Amplification)
MEDIUM6.8CVE-2025-4949CVE-2025-4949: Improper Restriction of XML External Entity Reference
MEDIUM6.5CVE-2023-34462CVE-2023-34462: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM6.5CVE-2024-29131CVE-2024-29131: Out-of-bounds Write
MEDIUM6.5CVE-2024-45993CVE-2024-45993
MEDIUM6.5CVE-2025-48924CVE-2025-48924: Uncontrolled Recursion
MEDIUM6.5CVE-2025-4947CVE-2025-4947
MEDIUM6.5CVE-2025-9231CVE-2025-9231
MEDIUM6.3CVE-2024-12797CVE-2024-12797
MEDIUM6.3CVE-2024-6763CVE-2024-6763: Improper Validation of Syntactic Correctness of Input
MEDIUM6.2CVE-2025-27817CVE-2025-27817: Server-Side Request Forgery (SSRF)
MEDIUM6.1CVE-2025-22227CVE-2025-22227: Exposure of Sensitive Information to an Unauthorized Actor
MEDIUM5.9CVE-2021-21295CVE-2021-21295: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM5.9CVE-2021-21409CVE-2021-21409: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM5.9CVE-2023-34453CVE-2023-34453: Integer Overflow or Wraparound
MEDIUM5.9CVE-2023-34454CVE-2023-34454: Integer Overflow or Wraparound
MEDIUM5.9CVE-2024-27137CVE-2024-27137: Exposure of Resource to Wrong Sphere
MEDIUM5.9CVE-2024-8184CVE-2024-8184: Uncontrolled Resource Consumption
MEDIUM5.9CVE-2025-53057CVE-2025-53057
MEDIUM5.9CVE-2025-9232CVE-2025-9232
MEDIUM5.8CVE-2024-58103Wire has Uncontrolled Recursion on Nested Groups
MEDIUM5.8CVE-2025-53864CVE-2025-53864: Uncontrolled Recursion
MEDIUM5.7CVE-2022-3171CVE-2022-3171: Improper Input Validation
MEDIUM5.6CVE-2025-30698CVE-2025-30698
MEDIUM5.5CVE-2021-22570CVE-2021-22570: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM5.5CVE-2023-2976CVE-2023-2976: Creation of Temporary File in Directory with Insecure Permissions
MEDIUM5.5CVE-2024-35255CVE-2024-35255: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
MEDIUM5.5CVE-2025-25193CVE-2025-25193: Uncontrolled Resource Consumption
MEDIUM5.4CVE-2024-47535CVE-2024-47535: Uncontrolled Resource Consumption
MEDIUM5.4CVE-2025-24860CVE-2025-24860: Incorrect Authorization
MEDIUM5.3CVE-2020-29582kotlin: vulnerable Java API was used for temporary file and folder creation which could result in information disclosure
MEDIUM5.3CVE-2021-34429CVE-2021-34429: Exposure of Sensitive Information to an Unauthorized Actor
MEDIUM5.3CVE-2022-24329kotlin: Not possible to lock dependencies for Multiplatform Gradle Projects
MEDIUM5.3CVE-2023-26048CVE-2023-26048: Uncontrolled Resource Consumption
MEDIUM5.3CVE-2023-40167CVE-2023-40167: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM5.3CVE-2024-12133CVE-2024-12133
MEDIUM5.3CVE-2024-9823CVE-2024-9823: Uncontrolled Resource Consumption
MEDIUM5.3CVE-2025-10148CVE-2025-10148
MEDIUM5.1CVE-2024-38808CVE-2024-38808: Allocation of Resources Without Limits or Throttling
MEDIUM4.8CVE-2024-38827CVE-2024-38827: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM4.8CVE-2025-21502CVE-2025-21502
MEDIUM4.8CVE-2025-30754CVE-2025-30754
MEDIUM4.8CVE-2025-5025CVE-2025-5025
MEDIUM4.4CVE-2025-24790Snowflake JDBC uses insecure temporary credential cache file permissions
MEDIUM4.3CVE-2021-39194Improper Handling of Missing Values in kaml
MEDIUM4.3CVE-2023-41900CVE-2023-41900: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM4.1CVE-2024-13176CVE-2024-13176
LOW3.9GHSA-58qw-p7qm-5rvhGHSA-58qw-p7qm-5rvh: Improper Restriction of XML External Entity Reference
LOW3.5CVE-2023-36479CVE-2023-36479: Improper Neutralization of Quoting Syntax
LOW3.4CVE-2024-11053CVE-2024-11053
LOW3.4CVE-2025-0167CVE-2025-0167
LOW3.3CVE-2020-8908CVE-2020-8908: Improper Handling of Alternate Encoding
LOW3.3CVE-2025-27496Snowflake JDBC Driver client-side encryption key in DEBUG logs
LOW3.2CVE-2025-46394CVE-2025-46394
LOW3.1CVE-2025-58056CVE-2025-58056: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
LOW2.7CVE-2022-2047CVE-2022-2047: Improper Input Validation
LOW2.5CVE-2024-58251CVE-2024-58251
LOW2.4CVE-2023-26049CVE-2023-26049: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
LOW2.0CVE-2024-23454CVE-2024-23454: Improper Privilege Management

2.10.0

Severity Breakdown

SeverityCount
CRITICAL8
HIGH48
MEDIUM53
LOW16

Details for version: 2.10.0

CVE Details for Version: 2.10.0

SeverityScoreCVE IDDescription
CRITICAL10.0CVE-2025-30065CVE-2025-30065: Deserialization of Untrusted Data
CRITICAL9.8CVE-2021-37404CVE-2021-37404: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CRITICAL9.8CVE-2022-25168CVE-2022-25168: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CRITICAL9.8CVE-2023-25613CVE-2023-25613: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CRITICAL9.8CVE-2025-0665CVE-2025-0665
CRITICAL9.3CVE-2024-47561CVE-2024-47561: Deserialization of Untrusted Data
CRITICAL9.3CVE-2025-54988CVE-2025-54988: Improper Restriction of XML External Entity Reference
CRITICAL9.1CVE-2023-44981zookeeper: Authorization Bypass in Apache ZooKeeper
HIGH8.8CVE-2018-8009CVE-2018-8009: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
HIGH8.8CVE-2018-8029CVE-2018-8029: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
HIGH8.8CVE-2020-9492CVE-2020-9492: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
HIGH8.8CVE-2025-23015CVE-2025-23015: Privilege Defined With Unsafe Actions
HIGH8.8CVE-2025-48734CVE-2025-48734: Improper Access Control
HIGH8.7CVE-2023-52428CVE-2023-52428: Uncontrolled Resource Consumption
HIGH8.7CVE-2024-7254CVE-2024-7254: Improper Input Validation
HIGH8.7CVE-2025-52999CVE-2025-52999: Stack-based Buffer Overflow
HIGH8.6CVE-2025-50059CVE-2025-50059
HIGH8.3CVE-2025-31498CVE-2025-31498
HIGH8.2CVE-2025-55163CVE-2025-55163: Allocation of Resources Without Limits or Throttling
HIGH8.1CVE-2025-26519CVE-2025-26519
HIGH8.1CVE-2025-30749CVE-2025-30749
HIGH8.1CVE-2025-50106CVE-2025-50106
HIGH8.1CVE-2025-59250CVE-2025-59250: Improper Input Validation
HIGH7.8CVE-2025-24789Snowflake JDBC allows an untrusted search path on Windows
HIGH7.7CVE-2024-47072CVE-2024-47072: Stack-based Buffer Overflow
HIGH7.7CVE-2025-23083CVE-2025-23083
HIGH7.5CVE-2017-5637zookeeper: Incorrect input validation with wchp/wchc four letter words
HIGH7.5CVE-2018-8012zookeeper: No authentication or authorization is enforced when a server joins a quorum
HIGH7.5CVE-2019-16869CVE-2019-16869: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
HIGH7.5CVE-2021-31684CVE-2021-31684: Out-of-bounds Read
HIGH7.5CVE-2021-37136CVE-2021-37136: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
HIGH7.5CVE-2022-40150CVE-2022-40150: Uncontrolled Resource Consumption
HIGH7.5CVE-2022-41404CVE-2022-41404: Uncontrolled Resource Consumption
HIGH7.5CVE-2022-41881CVE-2022-41881: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
HIGH7.5CVE-2022-45685CVE-2022-45685: Out-of-bounds Write
HIGH7.5CVE-2022-45693CVE-2022-45693: Out-of-bounds Write
HIGH7.5CVE-2023-1370CVE-2023-1370: Uncontrolled Recursion
HIGH7.5CVE-2023-1436CVE-2023-1436: Uncontrolled Recursion
HIGH7.5CVE-2023-28118kaml has potential denial of service while parsing input with anchors and aliases
HIGH7.5CVE-2023-34054CVE-2023-34054: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
HIGH7.5CVE-2023-34062CVE-2023-34062: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
HIGH7.5CVE-2024-21634CVE-2024-21634: Allocation of Resources Without Limits or Throttling
HIGH7.5CVE-2024-57699CVE-2024-57699: Uncontrolled Recursion
HIGH7.5CVE-2024-8176CVE-2024-8176
HIGH7.5CVE-2025-24970CVE-2025-24970: Improper Input Validation
HIGH7.5CVE-2025-27553CVE-2025-27553: Relative Path Traversal
HIGH7.5CVE-2025-41249CVE-2025-41249: Improper Authorization
HIGH7.5CVE-2025-5399CVE-2025-5399
HIGH7.5CVE-2025-59375CVE-2025-59375
HIGH7.5CVE-2025-9086CVE-2025-9086
HIGH7.5CVE-2025-9230CVE-2025-9230
HIGH7.4CVE-2025-21587CVE-2025-21587
HIGH7.3CVE-2025-0725CVE-2025-0725
HIGH7.3CVE-2025-31344CVE-2025-31344
HIGH7.2CVE-2024-13009CVE-2024-13009: Improper Resource Shutdown or Release
HIGH7.1CVE-2025-46762CVE-2025-46762: External Control of File Name or Path
MEDIUM6.9CVE-2024-29133CVE-2024-29133: Out-of-bounds Write
MEDIUM6.9CVE-2025-30474CVE-2025-30474: Exposure of Sensitive Information to an Unauthorized Actor
MEDIUM6.9CVE-2025-31672CVE-2025-31672: Improper Input Validation
MEDIUM6.9CVE-2025-58057CVE-2025-58057: Improper Handling of Highly Compressed Data (Data Amplification)
MEDIUM6.8CVE-2025-4949CVE-2025-4949: Improper Restriction of XML External Entity Reference
MEDIUM6.5CVE-2022-40149CVE-2022-40149: Stack-based Buffer Overflow
MEDIUM6.5CVE-2023-34462CVE-2023-34462: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM6.5CVE-2024-10524CVE-2024-10524
MEDIUM6.5CVE-2024-29131CVE-2024-29131: Out-of-bounds Write
MEDIUM6.5CVE-2024-45993CVE-2024-45993
MEDIUM6.5CVE-2024-9681CVE-2024-9681
MEDIUM6.5CVE-2025-48924CVE-2025-48924: Uncontrolled Recursion
MEDIUM6.5CVE-2025-4947CVE-2025-4947
MEDIUM6.5CVE-2025-9231CVE-2025-9231
MEDIUM6.3CVE-2024-12797CVE-2024-12797
MEDIUM6.3CVE-2024-6763CVE-2024-6763: Improper Validation of Syntactic Correctness of Input
MEDIUM6.2CVE-2025-27817CVE-2025-27817: Server-Side Request Forgery (SSRF)
MEDIUM6.1CVE-2025-22227CVE-2025-22227: Exposure of Sensitive Information to an Unauthorized Actor
MEDIUM5.9CVE-2019-0201zookeeper: Information disclosure in Apache ZooKeeper
MEDIUM5.9CVE-2021-21295CVE-2021-21295: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM5.9CVE-2021-21409CVE-2021-21409: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM5.9CVE-2024-27137CVE-2024-27137: Exposure of Resource to Wrong Sphere
MEDIUM5.9CVE-2024-43382Snowflake JDBC Security Advisory
MEDIUM5.9CVE-2024-50602CVE-2024-50602
MEDIUM5.9CVE-2024-8184CVE-2024-8184: Uncontrolled Resource Consumption
MEDIUM5.9CVE-2025-9232CVE-2025-9232
MEDIUM5.8CVE-2024-58103Wire has Uncontrolled Recursion on Nested Groups
MEDIUM5.8CVE-2025-53864CVE-2025-53864: Uncontrolled Recursion
MEDIUM5.6CVE-2025-30698CVE-2025-30698
MEDIUM5.5CVE-2023-2976CVE-2023-2976: Creation of Temporary File in Directory with Insecure Permissions
MEDIUM5.5CVE-2024-35255CVE-2024-35255: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
MEDIUM5.5CVE-2025-25193CVE-2025-25193: Uncontrolled Resource Consumption
MEDIUM5.4CVE-2024-47535CVE-2024-47535: Uncontrolled Resource Consumption
MEDIUM5.4CVE-2025-24860CVE-2025-24860: Incorrect Authorization
MEDIUM5.3CVE-2021-34429CVE-2021-34429: Exposure of Sensitive Information to an Unauthorized Actor
MEDIUM5.3CVE-2023-26048CVE-2023-26048: Uncontrolled Resource Consumption
MEDIUM5.3CVE-2023-40167CVE-2023-40167: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM5.3CVE-2024-12133CVE-2024-12133
MEDIUM5.3CVE-2024-9823CVE-2024-9823: Uncontrolled Resource Consumption
MEDIUM5.3CVE-2025-10148CVE-2025-10148
MEDIUM5.1CVE-2024-38808CVE-2024-38808: Allocation of Resources Without Limits or Throttling
MEDIUM4.8CVE-2024-21235CVE-2024-21235
MEDIUM4.8CVE-2024-38827CVE-2024-38827: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM4.8CVE-2025-21502CVE-2025-21502
MEDIUM4.8CVE-2025-30754CVE-2025-30754
MEDIUM4.8CVE-2025-5025CVE-2025-5025
MEDIUM4.4CVE-2013-2035CVE-2013-2035: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM4.4CVE-2025-24790Snowflake JDBC uses insecure temporary credential cache file permissions
MEDIUM4.3CVE-2010-1330CVE-2010-1330: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM4.3CVE-2021-39194Improper Handling of Missing Values in kaml
MEDIUM4.3CVE-2023-41900CVE-2023-41900: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
MEDIUM4.3CVE-2024-9143CVE-2024-9143
MEDIUM4.1CVE-2024-13176CVE-2024-13176
LOW3.9GHSA-58qw-p7qm-5rvhGHSA-58qw-p7qm-5rvh: Improper Restriction of XML External Entity Reference
LOW3.7CVE-2024-21208CVE-2024-21208
LOW3.7CVE-2024-21210CVE-2024-21210
LOW3.7CVE-2024-21211CVE-2024-21211
LOW3.7CVE-2024-21217CVE-2024-21217
LOW3.5CVE-2023-36479CVE-2023-36479: Improper Neutralization of Quoting Syntax
LOW3.4CVE-2024-11053CVE-2024-11053
LOW3.4CVE-2025-0167CVE-2025-0167
LOW3.3CVE-2020-8908CVE-2020-8908: Improper Handling of Alternate Encoding
LOW3.3CVE-2025-27496Snowflake JDBC Driver client-side encryption key in DEBUG logs
LOW3.2CVE-2025-46394CVE-2025-46394
LOW3.1CVE-2025-58056CVE-2025-58056: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
LOW2.7CVE-2022-2047CVE-2022-2047: Improper Input Validation
LOW2.5CVE-2024-58251CVE-2024-58251
LOW2.4CVE-2023-26049CVE-2023-26049: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
LOW2.0CVE-2024-23454CVE-2024-23454: Improper Privilege Management

Scanned using Trivy and Docker Scout

Report generated automatically by Apache Hop