graalvm · threatengine.sh

CVE-2026-34282

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen

7.5HIGH

CVE-2026-34268

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen

2.9LOW

CVE-2026-22021

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen

5.3MEDIUM

CVE-2026-22018

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen

3.7LOW

CVE-2026-22016

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen

7.5HIGH

CVE-2026-22013

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen

5.3MEDIUM

CVE-2026-22007

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen

2.9LOW

CVE-2026-22003

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported

6.0MEDIUM

CVE-2026-21945

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen

7.5HIGH

CVE-2026-21933

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen

6.1MEDIUM

CVE-2026-21932

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen

7.4HIGH

CVE-2026-21925

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen

4.8MEDIUM

CVE-2025-61748

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen

3.7LOW

CVE-2025-53066

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen

7.5HIGH

CVE-2025-53057

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen

5.9MEDIUM

CVE-2025-30761

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supporte

5.9MEDIUM

CVE-2025-50106

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen

8.1HIGH

CVE-2025-50059

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen

8.6HIGH

CVE-2025-30754

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen

4.8MEDIUM

CVE-2025-30749

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen

8.1HIGH

CVE-2025-30698

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen

5.6MEDIUM

CVE-2025-21587

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen

7.4HIGH

CVE-2025-21502

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen

4.8MEDIUM

CVE-2024-21235

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen

4.8MEDIUM

CVE-2024-21217

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen

3.7LOW

CVE-2024-21211

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen

3.7LOW

CVE-2024-21208

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen

3.7LOW

CVE-2024-21147

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen

7.4HIGH

CVE-2024-21145

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen

4.8MEDIUM

CVE-2024-21144

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Suppor

3.7LOW

CVE-2024-21140

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen

4.8MEDIUM

CVE-2024-21138

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen

3.7LOW

CVE-2024-21131

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen

3.7LOW

CVE-2024-21098

all versions

Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). S

3.7LOW

CVE-2024-21094

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen

3.7LOW

CVE-2024-21085

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Suppor

3.7LOW

CVE-2024-21068

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen

3.7LOW

CVE-2024-21012

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen

3.7LOW

CVE-2024-21011

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen

3.7LOW

CVE-2024-21005

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported v

3.1LOW

CVE-2024-21004

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported v

2.5LOW

CVE-2024-21003

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported v

3.1LOW

CVE-2024-21002

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported v

2.5LOW

CVE-2024-20954

all versions

Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). S

3.7LOW

CVE-2024-20945

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen

4.7MEDIUM

CVE-2024-20925

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported v

3.1LOW

CVE-2024-20923

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported v

3.1LOW

CVE-2024-20921

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen

5.9MEDIUM

CVE-2024-20919

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen

5.9MEDIUM

CVE-2024-20955

all versions

Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). S

3.7LOW

CVE-2024-20952

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen

7.4HIGH

CVE-2024-20932

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen

7.5HIGH

CVE-2024-20926

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen

5.9MEDIUM

CVE-2024-20922

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported v

2.5LOW

CVE-2024-20918

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (componen

7.4HIGH

CVE-2023-41993

all versions

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary

8.8HIGH

CVE-2023-22051

all versions

Vulnerability in the Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: GraalVM Compi

3.7LOW

CVE-2023-22049

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (componen

3.7LOW

CVE-2023-22045

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (componen

3.7LOW

CVE-2023-22044

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (componen

3.7LOW

CVE-2023-22041

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (componen

5.1MEDIUM

CVE-2023-22036

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (componen

3.7LOW

CVE-2023-22006

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (componen

3.1LOW

CVE-2023-21986

all versions

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Native Image). Supported versions th

5.7MEDIUM

CVE-2023-21968

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supporte

3.7LOW

CVE-2023-21967

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported ver

5.9MEDIUM

CVE-2023-21954

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported

5.9MEDIUM

CVE-2023-21939

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported ve

5.3MEDIUM

CVE-2023-21938

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supporte

3.7LOW

CVE-2023-21937

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Support

3.7LOW

CVE-2023-21930

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported ver

7.4HIGH

CVE-2023-21843

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported ve

3.7LOW

CVE-2023-21835

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported ver

5.3MEDIUM

CVE-2023-21830

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supp

5.3MEDIUM

CVE-2022-39399

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supporte

3.7LOW

CVE-2022-21634

all versions

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: LLVM Interpreter). Supported versions

7.5HIGH

CVE-2022-21628

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Lightweight HTTP Serv

5.3MEDIUM

CVE-2022-21626

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported

5.3MEDIUM

CVE-2022-21624

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported vers

3.7LOW

CVE-2022-21619

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported

3.7LOW

CVE-2022-21618

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported vers

5.3MEDIUM

CVE-2022-21597

all versions

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaScript). Supported versions that

5.3MEDIUM

CVE-2022-21549

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported

5.3MEDIUM

CVE-2022-21541

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported v

5.9MEDIUM

CVE-2022-21540

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported v

5.3MEDIUM

CVE-2022-34169

all versions

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This c

7.5HIGH

CVE-2022-25647

all versions

The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() meth

7.7HIGH

CVE-2022-21496

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported vers

5.3MEDIUM

CVE-2022-21476

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported

7.5HIGH

CVE-2022-21449

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported

7.5HIGH

CVE-2022-21443

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported

3.7LOW

CVE-2022-21434

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported

5.3MEDIUM

CVE-2022-21426

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported vers

5.3MEDIUM

CVE-2021-44533

all versions

Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers

5.3MEDIUM

CVE-2021-44532

all versions

Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this s

5.3MEDIUM

CVE-2021-44531

all versions

Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can r

7.4HIGH

CVE-2022-21366

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported v

5.3MEDIUM

CVE-2022-21365

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported v

5.3MEDIUM

CVE-2022-21360

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported v

5.3MEDIUM

CVE-2022-21349

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versio

5.3MEDIUM

CVE-2022-21341

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Suppo

5.3MEDIUM

CVE-2022-21340

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported

5.3MEDIUM

CVE-2022-21305

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported v

5.3MEDIUM

CVE-2022-21299

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported vers

5.3MEDIUM

CVE-2022-21296

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported vers

5.3MEDIUM

CVE-2022-21294

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported

5.3MEDIUM

CVE-2022-21293

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported

5.3MEDIUM

CVE-2022-21291

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported v

5.3MEDIUM

CVE-2022-21283

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported

5.3MEDIUM

CVE-2022-21282

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported vers

5.3MEDIUM

CVE-2022-21277

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported v

5.3MEDIUM

CVE-2022-21271

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported

5.3MEDIUM

CVE-2022-21248

all versions

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Suppo

3.7LOW

CVE-2021-22959

all versions

The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smugg

6.5MEDIUM

CVE-2021-22960

all versions

The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads t

6.5MEDIUM

CVE-2021-35603

all versions

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions th

3.7LOW

CVE-2021-35588

all versions

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions

3.1LOW

CVE-2021-35586

all versions

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions

5.3MEDIUM

CVE-2021-35578

all versions

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions th

5.3MEDIUM

CVE-2021-35567

all versions

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versio

6.8MEDIUM

CVE-2021-35565

all versions

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions th

5.3MEDIUM

CVE-2021-35564

all versions

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Keytool). Supported versions

5.3MEDIUM

CVE-2021-35561

all versions

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Utility). Supported versions

5.3MEDIUM

CVE-2021-35559

all versions

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions t

5.3MEDIUM

CVE-2021-35556

all versions

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions t

5.3MEDIUM

CVE-2021-35550

all versions

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions th

5.9MEDIUM

CVE-2021-39135

all versions

@npmcli/arborist, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command

8.2HIGH

CVE-2021-39134

all versions

@npmcli/arborist, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm comma

8.2HIGH

CVE-2021-37713

all versions

The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitr

8.2HIGH

CVE-2021-37712

all versions

The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitr

8.2HIGH

CVE-2021-37701

all versions

The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitra

8.2HIGH

CVE-2021-22940

all versions

Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit th

7.5HIGH

CVE-2021-22939

all versions

If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was r

5.3MEDIUM

CVE-2021-22931

all versions

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input

9.8CRITICAL

CVE-2021-32804

all versions

The npm package "tar" (aka node-tar) before versions 6.1.1, 5.0.6, 4.4.14, and 3.3.2 has a arbitrary File Creation/Overwrite vulne

8.2HIGH

CVE-2021-32803

all versions

The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vuln

8.2HIGH

CVE-2021-2388

all versions

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions

7.5HIGH

CVE-2021-2369

all versions

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Library). Supported versions

4.3MEDIUM

CVE-2021-2341

all versions

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versi

3.1LOW

CVE-2021-29921

all versions

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in s

9.8CRITICAL

CVE-2021-2163

all versions

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries)

5.3MEDIUM

CVE-2021-2161

all versions

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries)

5.9MEDIUM

CVE-2021-3450

all versions

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not

7.4HIGH

CVE-2021-3449

all versions

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renego

5.9MEDIUM

CVE-2021-21349

all versions

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability w

6.1MEDIUM

CVE-2021-27290

all versions

ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious

7.5HIGH

CVE-2021-22884

all versions

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhos

7.5HIGH

CVE-2021-22883

all versions

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempt

7.5HIGH

CVE-2021-23841

all versions

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and seria

5.9MEDIUM

CVE-2021-23840

all versions

Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the

7.5HIGH

CVE-2021-23839

all versions

OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and m

3.7LOW

CVE-2020-8287

all versions

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two

6.5MEDIUM

CVE-2020-8265

all versions

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When w

8.1HIGH

CVE-2020-1971

all versions

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPar

5.9MEDIUM

CVE-2020-28928

all versions

In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, a

5.5MEDIUM

CVE-2020-8277

all versions

A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Servic

7.5HIGH

CVE-2020-7774

all versions

The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution.

7.3HIGH

CVE-2020-14803

all versions

Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 1

5.3MEDIUM

CVE-2020-14718

all versions

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: JVMCI). Supported versions that are a

7.2HIGH

CVE-2020-8172

all versions

TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0.

7.4HIGH

CVE-2020-11080

all versions

In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept at

3.7LOW

CVE-2020-2900

all versions

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: Tools). Supported versions that are a

3.7LOW

CVE-2020-2802

all versions

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: GraalVM Compiler). Supported versions

7.7HIGH

CVE-2020-2799

all versions

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: GraalVM Compiler). Supported versions

6.3MEDIUM

CVE-2019-17561

all versions

The "Apache NetBeans" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and i

7.5HIGH

CVE-2019-17560

all versions

The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an

9.1CRITICAL

CVE-2019-15606

all versions

Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value

9.8CRITICAL

CVE-2019-15605

all versions

HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed

9.8CRITICAL

CVE-2019-15604

all versions

Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate

7.5HIGH

CVE-2020-2604

all versions

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are a

8.1HIGH

CVE-2020-2595

all versions

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: GraalVM Compiler). The supported vers

5.8MEDIUM

CVE-2020-2581

all versions

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: LLVM Interpreter). The supported vers

4.0MEDIUM

CVE-2019-16777

all versions

Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-insta

7.7HIGH

CVE-2019-16776

all versions

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside o

7.7HIGH

CVE-2019-16775

all versions

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks

7.7HIGH

CVE-2019-16255

all versions

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" ar

8.1HIGH

CVE-2019-10219

all versions

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting

6.1MEDIUM

CVE-2019-2989

all versions

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affe

6.8MEDIUM

CVE-2019-2986

all versions

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: LLVM Interpreter). The supported vers

7.7HIGH

CVE-2019-9518

all versions

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker se

7.5HIGH

CVE-2019-9517

all versions

Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. Th

7.5HIGH

CVE-2019-9516

all versions

Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stre

6.5MEDIUM

CVE-2019-9515

all versions

Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a s

7.5HIGH

CVE-2019-9514

all versions

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a numb

7.5HIGH

CVE-2019-9513

all versions

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates mul

7.5HIGH

CVE-2019-9511

all versions

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading

7.5HIGH

CVE-2019-2862

all versions

Vulnerability in the Oracle GraalVM Enterprise Edition component of Oracle GraalVM (subcomponent: Java). The supported version tha

6.8MEDIUM

CVE-2019-2813

all versions

Vulnerability in the Oracle GraalVM Enterprise Edition component of Oracle GraalVM (subcomponent: GraalVM). The supported version

7.7HIGH

oracle graalvm