org.apache.tomcat.embed:tomcat-embed-core vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.apache.tomcat.embed:tomcat-embed-core package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Untrusted Search Path	[9.0.23,9.0.106)[10.1.0,10.1.42)[11.0.0-M1,11.0.8)
H Relative Path Traversal	[,9.0.109)[10.1.0-M1,10.1.45)[11.0.0-M1,11.0.11)
M Improper Resource Shutdown or Release	[,9.0.110)[10.0.0-M1,10.1.47)[11.0.0-M1,11.0.12)
M Session Fixation	[9.0.0.M1,9.0.106)[10.1.0-M1,10.1.42)[11.0.0-M1,11.0.8)
H Improper Resource Shutdown or Release	[9.0.0.M1,9.0.108)[10.1.0-M1,10.1.44)[11.0.0-M1,11.0.10)
H Allocation of Resources Without Limits or Throttling	[9.0.0.M1,9.0.107)[10.1.0-M1,10.1.43)[11.0.0-M1,11.0.9)
H Race Condition	[9.0.0.M1,9.0.107)
H Integer Overflow or Wraparound	[9.0.0.M1,9.0.107)[10.0.0-M1,10.1.43)[11.0.0-M1,11.0.9)
H Allocation of Resources Without Limits or Throttling	[,9.0.106)[10.1.0-M1,10.1.42)[11.0.0-M1,11.0.8)
M Authentication Bypass Using an Alternate Path or Channel	[,9.0.106)[10.1.0-M1,10.1.42)[11.0.0-M1,11.0.8)
M Improper Handling of Case Sensitivity	[9.0.0.M1,9.0.105)[10.1.0-M1,10.1.41)[11.0.0-M1,11.0.7)
H Improper Cleanup on Thrown Exception	[9.0.76,9.0.104)[10.1.10,10.1.40)[11.0.0-M2,11.0.6)
M Improper Neutralization	[9.0.76,9.0.104)[10.1.10,10.1.40)[11.0.0-M2,11.0.6)
H Path Equivalence	[9.0.0.M1,9.0.99)[10.1.0-M1,10.1.35)[11.0.0-M1,11.0.3)
C Time-of-check Time-of-use (TOCTOU) Race Condition	[9.0.0.M1,9.0.98)[10.1.0-M1,10.1.34)[11.0.0-M1,11.0.2)
C Time-of-check Time-of-use (TOCTOU) Race Condition	[9.0.0.M1,9.0.98)[10.1.0-M1,10.1.34)[11.0.0-M1,11.0.2)
C Uncaught Exception	[9.0.0.M1,9.0.96)[10.1.0-M1,10.1.31)[11.0.0-M1,11.0.0)
M Inadequate Encryption Strength	[9.0.93,9.0.96)[10.1.28,10.1.31)[11.0.0-M24,11.0.0)
H Allocation of Resources Without Limits or Throttling	[9.0.13,9.0.90)[10.1.0-M1,10.1.25)[11.0.0-M1,11.0.0-M21)
H Insufficient Session Expiration	[,9.0.90)[10.1.0-M1,10.1.25)[11.0.0-M1,11.0.0-M21)
H Denial of Service (DoS)	[8.5.0,8.5.99)[9.0.0-M1,9.0.86)[10.1.0-M1,10.1.19)[11.0.0-M1,1.0.0-M17)
M Information Exposure	[8.5.7,8.5.64)[9.0.0-M11,9.0.44)[10.0.0-M1,10.0.4)
H Improper Input Validation	[8.5.0,8.5.96)[9.0.0-M1,9.0.83)[10.1.0-M1,10.1.16)[11.0.0-M1,11.0.0-M10)
M Incomplete Cleanup	[8.5.0,8.5.94)[9.0.0-M1,9.0.81)[10.1.0-M1,10.1.14)[11.0.0-M1,11.0.0-M12)
M Improper Input Validation	[8.5.0,8.5.94)[9.0.0-M1,9.0.81)[10.1.0-M1,10.1.14)[11.0.0-M1,11.0.0-M12)
M Incomplete Cleanup	[8.5.85,8.5.94)[9.0.70,9.0.81)
H Denial of Service (DoS)	[,8.5.94)[9.0.0,9.0.81)[10.0.0,10.1.14)[11.0.0-M3,11.0.0-M12)
M Access Restriction Bypass	[8.5.0,8.5.93)[9.0.0-M1,9.0.80)[10.1.0-M1,10.1.13)[11.0.0-M1,11.0.0-M11)
H Information Exposure	[8.5.88,8.5.89)[9.0.74,9.0.75)[10.1.8,10.1.9)[11.0.0-M5,11.0.0-M6)
M Denial of Service (DoS)	[8.5.85,8.5.88)[9.0.71,9.0.74)[10.1.5,10.1.8)[11.0.0-M2,11.0.0-M5)
M Unprotected Transport of Credentials	[8.5.0,8.5.86)[9.0.0-M1,9.0.72)[10.1.0-M1,10.1.6)[11.0.0-M1,11.0.0-M3)
M Denial of Service (DoS)	[8.5.0,8.5.85)[9.0.0-M1,9.0.71)[10.1.0-M1,10.1.5)[11.0.0-M1,11.0.0-M3)
H Improper Input Validation	[8.5.83,8.5.84)[9.0.40,9.0.69)[10.1.0-M1,10.1.2)
L HTTP Request Smuggling	[8.5.0,8.5.53)[9.0.0-M1,9.0.68)[10.0.0-M1,10.0.27)[10.1.0-M1,10.1.1)
L Information Exposure	[8.5.0,8.5.78)[9.0.0-M1,9.0.62)[10.0.0-M1,10.0.20)[10.1.0-M1,10.1.0-M14)
H Privilege Escalation	[8.5.55,8.5.75)[9.0.0,9.0.58)[10.0.0-M1,10.0.16)[10.1.0-M1,10.1.0-M10)
H Denial of Service (DoS)	[10.0.0,10.0.4)[8.0.0,8.5.64)[9.0.0,9.0.44)
M HTTP Request Smuggling	[10.0.0-M1,10.0.7)[9.0.0.M1,9.0.48)[8.5.0,8.5.68)
M Improper Input Validation	[10.0.0-M1,10.0.6)[9.0.0.M1,9.0.46)[8.5.0,8.5.66)[7.0.0,7.0.109)
H Denial of Service (DoS)	[10.0.3,10.0.5)[9.0.44,9.0.45)[8.5.64,8.5.65)
M HTTP Request Smuggling	[10.0.0-M1,10.0.2)[9.0.0.M1,9.0.43)[8.5.0,8.5.63)
H Remote Code Execution (RCE)	[10.0.0-M1,10.0.2)[9.0.0.M1,9.0.43)[8.5.0,8.5.63)[7.0.0,7.0.108)
M Information Disclosure	[10.0.0-M1,10.0.0-M10)[9.0.0.M1,9.0.40)[8.5.0,8.5.60)[7.0.0,7.0.107)
M Information Exposure	[8.5.0,8.5.60)[9.0.0,9.0.40)[10.0.0-M1,10.0.0-M10)
M HTTP Request Smuggling	[10.0.0-M1,10.0.0-M8)[9.0.0.M5,9.0.38)[8.5.1,8.5.58)
M Denial of Service (DoS)	[10.0.0-M1,10.0.0-M7)[9.0.0.M5,9.0.37)[8.5.1,8.5.57)
H Denial of Service (DoS)	[8.5.0,8.5.56)[9.0.0.M1,9.0.36)[10.0.0-M1,10.0.0-M6)
H Remote Code Execution (RCE)	[10.0.0-M1,10.0.0-M5)[9.0.0M1,9.0.35)[8.5.0,8.5.55)[7.0.0,7.0.104)
L HTTP Request Smuggling	[7.0.98,7.0.100)[8.5.48,8.5.51)[9.0.28,9.0.31)
H Privilege Escalation	[9.0.16,9.0.29)
L Session Fixation	[9.0.0.M1,9.0.30)[8.5.0,8.5.50)[,7.0.99)
M Information Exposure	[4.1.0,4.1.37)[5.5.0,5.5.26)[6.0.0,6.0.16)
H Denial of Service (DoS)	[8.5.0,8.5.40)[9.0.0.M1,9.0.20)
L Cross-site Scripting (XSS)	[9.0.0.M1,9.0.18)[8.5.0,8.5.40)[7.0.0,7.0.94)
H Remote Code Execution (RCE)	[7.0.0,7.0.94)[8.5.0,8.5.40)[9.0.0.M1,9.0.18)
H Denial of Service (DoS)	[8.5.0,8.5.38)[9.0.0.M1,9.0.16)
M Open Redirect	[7.0.23,7.0.91)[8.5.0,8.5.34)[9.0.0,9.0.12)
H Denial of Service (DoS)	[,7.0.90)[8.0.0,8.0.52)[8.5.0,8.5.32)[9.0.0,9.0.10)
M Information Exposure	[8.5.0,8.5.32)[9.0.0,9.0.10)
C Insecure Defaults	[,7.0.89)[8.0.0,8.0.53)[8.5.0,8.5.32)[9.0.0,9.0.9)
M Access Restriction Bypass	[7.0.0,7.0.85)[8.0.0.RC1,8.0.50)[8.5.0,8.5.28)[9.0.0.M1,9.0.5)
M Directory Traversal	[9.0.0M1,9.0.5)[8.5.0,8.5.28)[8.0.0RC1,8.0.50)[7.0.0,7.0.85)
H Information Exposure	[8.5.7,8.5.10)[9.0.0.M11,9.0.0.M16)
H Arbitrary Code Execution	[,7.0.82)[8,8.0.46)[8.5,8.5.22)[9.0.0.M1,9.0.1)
H Access Restriction Bypass	[7.0.0,7.0.78)[8.0.0RC1,8.0.44)[8.5.0,8.5.15)[9.0.0.M1,9.0.0.M21)
H Directory Traversal	[8.5.0,8.5.16)[9.0.0.M1,9.0.0.M22)
C Information Exposure	[7.0.0,7.0.76)[8.0.0-RC1,8.0.42)[8.5.0,8.5.12)[9.0.0.M1,9.0.0.M17)
H Denial of Service (DoS)	[8.5.0,8.5.13)[9.0.0.M1,9.0.0.M19)
H Information Exposure	[7.0.0,7.0.77)[8.0.0-RC1,8.0.43)[8.5.0,8.5.13)[9.0.0.M1,9.0.0.M19)
C Information Exposure	[8.5.0,8.5.13)[9.0.0.M1,9.0.0.M19)
H Denial of Service (DoS)	[7.0.0,7.0.70)[8.0,8.0.36)[8.5.0,8.5.3)[9-alpha,9.0.0.M7)
H Arbitrary File Upload	[7.0.0,7.0.40)
H Arbitrary File Upload	[7.0.0,7.0.40)
H Information Exposure	[7,7.0.74)[8.5.0,8.5.9)[8.0.0RC1,8.0.40)[9.0.0M1,9.0.0M15)
H Denial of Service (DoS)	[8.5.0,8.5.8)[9.0.0M1,9.0.0M13)
H Information Exposure	[7.0.0,7.0.73)[8,8.0.39)[8.5.0,8.5.8)[9-alpha,9.0.0.M13)
H Access Restriction Bypass	[7.0.0,7.0.72)[8,8.0.37)[8.5.0,8.5.5)[9-alpha,9.0.0.M10)
M Information Exposure	[8,8.0.37)[8.5.0,8.5.5)[9-alpha,9.0.0.M10)
M Timing Attack	[7.0.0,7.0.72)[8.0.0-RC1,8.0.37)[8.5.0,8.5.5)[9.0.0.M1,9.0.0.M10)
M Directory Traversal	[7.0.0,7.0.65)[8,8.0.27)
H Information Exposure	[7.0.0,7.0.66)[8.0.0-RC1,8.0.30)[9.0.0.M1,9.0.0.M2)
M Information Exposure	[7.0.0,7.0.68)[8.0.0-RC1,8.0.32)[9.0.0.M1,9.0.0.M3)
H Access Restriction Bypass	[7.0.0,7.0.68)[8.0.0-RC1,8.0.32)[9.0.0.M1,9.0.0.M3)
M Directory Traversal	[7.0.0,7.0.68)[8.0.0-RC1,8.0.30)[9.0.0.M1,9.0.0.M2)
M Access Restriction Bypass	[7.0.0,7.0.68)[8.0.0-RC1,8.0.32)[9.0.0.M1,9.0.0.M3)
M Cross-site Scripting (XSS)	[7.0.0,7.0.6)
M Access Restriction Bypass	[7.0.0,7.0.10)
M Access Restriction Bypass	[7.0.11,7.0.12)
M Access Restriction Bypass	[7.0.0,7.0.12)
M Access Restriction Bypass	[7.0.12,7.0.14)
M Arbitrary File Access	[7.0.0,7.0.17)
M Information Exposure	[7.0.0,7.0.22)
M Privilege Elevation	[7.0.0,7.0.22)
M Denial of Service (DoS)	[7.0.0,7.0.23)
M Improper Authentication	[7.0.0,7.0.12)
M Improper Input Validation	[7.0.0,7.0.19)
M Improper Access Control	[7.0.0,7.0.58)[8.0.0-RC1,8.0.16)
H Denial of Service (DoS)	[7.0.0,7.0.55)[8.0.0-RC1,8.0.9)
M HTTP Request Smuggling	[7.0.0,7.0.55)[8,8.0.9)
L Directory Traversal	[7.0.0,7.0.4)[6.0.0,6.1.0)[5.5.0,5.6.0)
M Access Restriction Bypass	[7.0.0,7.0.11)
M Improper Input Validation	[7.0.0,7.0.12)
L Information Exposure	[7.0.0,7.0.17)
M Denial of Service (DoS)	[7.0.0,7.0.53)[8,8.0.4)
M Access Restriction Bypass	[7.0.0,7.0.53)[8.0.0-RC1,8.0.4)
M Arbitrary File Read	[7.0.0,7.0.54)[8.0.0-RC1,8.0.6)
M Cross-site Request Forgery (CSRF)	[7.0.0,7.0.32)
M Denial of Service (DoS)	[7.0.0,7.0.23)
M Access Restriction Bypass	[7.0.0,7.0.30)
M Access Restriction Bypass	[7.0.0,7.0.30)
M Improper Authentication	[7.0.0,7.0.30)
M Improper Authentication	[7.0.0,7.0.30)
M Improper Authentication	[7.0.0,7.0.33)
L Information Exposure	[7.0.0,7.0.40)
M Information Exposure	[7.0.0,7.0.50)[8.0.0-RC1,8.0.0-RC11)
M Cross-site Scripting (XSS)	[7.0.0,7.0.4]
M Access Restriction Bypass	[7.0.0,7.0.12)
M Cryptographic Issues	[7.0.0,7.0.12)

Vulnerability

Vulnerable Version

Untrusted Search Path

[9.0.23,9.0.106)[10.1.0,10.1.42)[11.0.0-M1,11.0.8)

Relative Path Traversal

[,9.0.109)[10.1.0-M1,10.1.45)[11.0.0-M1,11.0.11)

Improper Resource Shutdown or Release

[,9.0.110)[10.0.0-M1,10.1.47)[11.0.0-M1,11.0.12)

Session Fixation

[9.0.0.M1,9.0.106)[10.1.0-M1,10.1.42)[11.0.0-M1,11.0.8)

Improper Resource Shutdown or Release

[9.0.0.M1,9.0.108)[10.1.0-M1,10.1.44)[11.0.0-M1,11.0.10)

Allocation of Resources Without Limits or Throttling

[9.0.0.M1,9.0.107)[10.1.0-M1,10.1.43)[11.0.0-M1,11.0.9)

Race Condition

[9.0.0.M1,9.0.107)

Integer Overflow or Wraparound

[9.0.0.M1,9.0.107)[10.0.0-M1,10.1.43)[11.0.0-M1,11.0.9)

Allocation of Resources Without Limits or Throttling

[,9.0.106)[10.1.0-M1,10.1.42)[11.0.0-M1,11.0.8)

Authentication Bypass Using an Alternate Path or Channel

[,9.0.106)[10.1.0-M1,10.1.42)[11.0.0-M1,11.0.8)

Improper Handling of Case Sensitivity

[9.0.0.M1,9.0.105)[10.1.0-M1,10.1.41)[11.0.0-M1,11.0.7)

Improper Cleanup on Thrown Exception

[9.0.76,9.0.104)[10.1.10,10.1.40)[11.0.0-M2,11.0.6)

Improper Neutralization

[9.0.76,9.0.104)[10.1.10,10.1.40)[11.0.0-M2,11.0.6)

Path Equivalence

[9.0.0.M1,9.0.99)[10.1.0-M1,10.1.35)[11.0.0-M1,11.0.3)

Time-of-check Time-of-use (TOCTOU) Race Condition

[9.0.0.M1,9.0.98)[10.1.0-M1,10.1.34)[11.0.0-M1,11.0.2)

Time-of-check Time-of-use (TOCTOU) Race Condition

[9.0.0.M1,9.0.98)[10.1.0-M1,10.1.34)[11.0.0-M1,11.0.2)

Uncaught Exception

[9.0.0.M1,9.0.96)[10.1.0-M1,10.1.31)[11.0.0-M1,11.0.0)

Inadequate Encryption Strength

[9.0.93,9.0.96)[10.1.28,10.1.31)[11.0.0-M24,11.0.0)

Allocation of Resources Without Limits or Throttling

[9.0.13,9.0.90)[10.1.0-M1,10.1.25)[11.0.0-M1,11.0.0-M21)

Insufficient Session Expiration

[,9.0.90)[10.1.0-M1,10.1.25)[11.0.0-M1,11.0.0-M21)

Denial of Service (DoS)

[8.5.0,8.5.99)[9.0.0-M1,9.0.86)[10.1.0-M1,10.1.19)[11.0.0-M1,1.0.0-M17)

Information Exposure

[8.5.7,8.5.64)[9.0.0-M11,9.0.44)[10.0.0-M1,10.0.4)

Improper Input Validation

[8.5.0,8.5.96)[9.0.0-M1,9.0.83)[10.1.0-M1,10.1.16)[11.0.0-M1,11.0.0-M10)

Incomplete Cleanup

[8.5.0,8.5.94)[9.0.0-M1,9.0.81)[10.1.0-M1,10.1.14)[11.0.0-M1,11.0.0-M12)

Improper Input Validation

[8.5.0,8.5.94)[9.0.0-M1,9.0.81)[10.1.0-M1,10.1.14)[11.0.0-M1,11.0.0-M12)

Incomplete Cleanup

[8.5.85,8.5.94)[9.0.70,9.0.81)

Denial of Service (DoS)

[,8.5.94)[9.0.0,9.0.81)[10.0.0,10.1.14)[11.0.0-M3,11.0.0-M12)

Access Restriction Bypass

[8.5.0,8.5.93)[9.0.0-M1,9.0.80)[10.1.0-M1,10.1.13)[11.0.0-M1,11.0.0-M11)

Information Exposure

[8.5.88,8.5.89)[9.0.74,9.0.75)[10.1.8,10.1.9)[11.0.0-M5,11.0.0-M6)

Denial of Service (DoS)

[8.5.85,8.5.88)[9.0.71,9.0.74)[10.1.5,10.1.8)[11.0.0-M2,11.0.0-M5)

Unprotected Transport of Credentials

[8.5.0,8.5.86)[9.0.0-M1,9.0.72)[10.1.0-M1,10.1.6)[11.0.0-M1,11.0.0-M3)

Denial of Service (DoS)

[8.5.0,8.5.85)[9.0.0-M1,9.0.71)[10.1.0-M1,10.1.5)[11.0.0-M1,11.0.0-M3)

Improper Input Validation

[8.5.83,8.5.84)[9.0.40,9.0.69)[10.1.0-M1,10.1.2)

HTTP Request Smuggling

[8.5.0,8.5.53)[9.0.0-M1,9.0.68)[10.0.0-M1,10.0.27)[10.1.0-M1,10.1.1)

Information Exposure

[8.5.0,8.5.78)[9.0.0-M1,9.0.62)[10.0.0-M1,10.0.20)[10.1.0-M1,10.1.0-M14)

Privilege Escalation

[8.5.55,8.5.75)[9.0.0,9.0.58)[10.0.0-M1,10.0.16)[10.1.0-M1,10.1.0-M10)

Denial of Service (DoS)

[10.0.0,10.0.4)[8.0.0,8.5.64)[9.0.0,9.0.44)

HTTP Request Smuggling

[10.0.0-M1,10.0.7)[9.0.0.M1,9.0.48)[8.5.0,8.5.68)

Improper Input Validation

[10.0.0-M1,10.0.6)[9.0.0.M1,9.0.46)[8.5.0,8.5.66)[7.0.0,7.0.109)

Denial of Service (DoS)

[10.0.3,10.0.5)[9.0.44,9.0.45)[8.5.64,8.5.65)

HTTP Request Smuggling

[10.0.0-M1,10.0.2)[9.0.0.M1,9.0.43)[8.5.0,8.5.63)

Remote Code Execution (RCE)

[10.0.0-M1,10.0.2)[9.0.0.M1,9.0.43)[8.5.0,8.5.63)[7.0.0,7.0.108)

Information Disclosure

[10.0.0-M1,10.0.0-M10)[9.0.0.M1,9.0.40)[8.5.0,8.5.60)[7.0.0,7.0.107)

Information Exposure

[8.5.0,8.5.60)[9.0.0,9.0.40)[10.0.0-M1,10.0.0-M10)

HTTP Request Smuggling

[10.0.0-M1,10.0.0-M8)[9.0.0.M5,9.0.38)[8.5.1,8.5.58)

Denial of Service (DoS)

[10.0.0-M1,10.0.0-M7)[9.0.0.M5,9.0.37)[8.5.1,8.5.57)

Denial of Service (DoS)

[8.5.0,8.5.56)[9.0.0.M1,9.0.36)[10.0.0-M1,10.0.0-M6)

Remote Code Execution (RCE)

[10.0.0-M1,10.0.0-M5)[9.0.0M1,9.0.35)[8.5.0,8.5.55)[7.0.0,7.0.104)

HTTP Request Smuggling

[7.0.98,7.0.100)[8.5.48,8.5.51)[9.0.28,9.0.31)

Privilege Escalation

[9.0.16,9.0.29)

Session Fixation

[9.0.0.M1,9.0.30)[8.5.0,8.5.50)[,7.0.99)

Information Exposure

[4.1.0,4.1.37)[5.5.0,5.5.26)[6.0.0,6.0.16)

Denial of Service (DoS)

[8.5.0,8.5.40)[9.0.0.M1,9.0.20)

Cross-site Scripting (XSS)

[9.0.0.M1,9.0.18)[8.5.0,8.5.40)[7.0.0,7.0.94)

Remote Code Execution (RCE)

[7.0.0,7.0.94)[8.5.0,8.5.40)[9.0.0.M1,9.0.18)

Denial of Service (DoS)

[8.5.0,8.5.38)[9.0.0.M1,9.0.16)

Open Redirect

[7.0.23,7.0.91)[8.5.0,8.5.34)[9.0.0,9.0.12)

Denial of Service (DoS)

[,7.0.90)[8.0.0,8.0.52)[8.5.0,8.5.32)[9.0.0,9.0.10)

Information Exposure

[8.5.0,8.5.32)[9.0.0,9.0.10)

Insecure Defaults

[,7.0.89)[8.0.0,8.0.53)[8.5.0,8.5.32)[9.0.0,9.0.9)

Access Restriction Bypass

[7.0.0,7.0.85)[8.0.0.RC1,8.0.50)[8.5.0,8.5.28)[9.0.0.M1,9.0.5)

Directory Traversal

[9.0.0M1,9.0.5)[8.5.0,8.5.28)[8.0.0RC1,8.0.50)[7.0.0,7.0.85)

Information Exposure

[8.5.7,8.5.10)[9.0.0.M11,9.0.0.M16)

Arbitrary Code Execution

[,7.0.82)[8,8.0.46)[8.5,8.5.22)[9.0.0.M1,9.0.1)

Access Restriction Bypass

[7.0.0,7.0.78)[8.0.0RC1,8.0.44)[8.5.0,8.5.15)[9.0.0.M1,9.0.0.M21)

Directory Traversal

[8.5.0,8.5.16)[9.0.0.M1,9.0.0.M22)

Information Exposure

[7.0.0,7.0.76)[8.0.0-RC1,8.0.42)[8.5.0,8.5.12)[9.0.0.M1,9.0.0.M17)

Denial of Service (DoS)

[8.5.0,8.5.13)[9.0.0.M1,9.0.0.M19)

Information Exposure

[7.0.0,7.0.77)[8.0.0-RC1,8.0.43)[8.5.0,8.5.13)[9.0.0.M1,9.0.0.M19)

Information Exposure

[8.5.0,8.5.13)[9.0.0.M1,9.0.0.M19)

Denial of Service (DoS)

[7.0.0,7.0.70)[8.0,8.0.36)[8.5.0,8.5.3)[9-alpha,9.0.0.M7)

Arbitrary File Upload

[7.0.0,7.0.40)

Arbitrary File Upload

[7.0.0,7.0.40)

Information Exposure

[7,7.0.74)[8.5.0,8.5.9)[8.0.0RC1,8.0.40)[9.0.0M1,9.0.0M15)

Denial of Service (DoS)

[8.5.0,8.5.8)[9.0.0M1,9.0.0M13)

Information Exposure

[7.0.0,7.0.73)[8,8.0.39)[8.5.0,8.5.8)[9-alpha,9.0.0.M13)

Access Restriction Bypass

[7.0.0,7.0.72)[8,8.0.37)[8.5.0,8.5.5)[9-alpha,9.0.0.M10)

Information Exposure

[8,8.0.37)[8.5.0,8.5.5)[9-alpha,9.0.0.M10)

Timing Attack

[7.0.0,7.0.72)[8.0.0-RC1,8.0.37)[8.5.0,8.5.5)[9.0.0.M1,9.0.0.M10)

Directory Traversal

[7.0.0,7.0.65)[8,8.0.27)

Information Exposure

[7.0.0,7.0.66)[8.0.0-RC1,8.0.30)[9.0.0.M1,9.0.0.M2)

Information Exposure

[7.0.0,7.0.68)[8.0.0-RC1,8.0.32)[9.0.0.M1,9.0.0.M3)

Access Restriction Bypass

[7.0.0,7.0.68)[8.0.0-RC1,8.0.32)[9.0.0.M1,9.0.0.M3)

Directory Traversal

[7.0.0,7.0.68)[8.0.0-RC1,8.0.30)[9.0.0.M1,9.0.0.M2)

Access Restriction Bypass

[7.0.0,7.0.68)[8.0.0-RC1,8.0.32)[9.0.0.M1,9.0.0.M3)

Cross-site Scripting (XSS)

[7.0.0,7.0.6)

Access Restriction Bypass

[7.0.0,7.0.10)

Access Restriction Bypass

[7.0.11,7.0.12)

Access Restriction Bypass

[7.0.0,7.0.12)

Access Restriction Bypass

[7.0.12,7.0.14)

Arbitrary File Access

[7.0.0,7.0.17)

Information Exposure

[7.0.0,7.0.22)

Privilege Elevation

[7.0.0,7.0.22)

Denial of Service (DoS)

[7.0.0,7.0.23)

Improper Authentication

[7.0.0,7.0.12)

Improper Input Validation

[7.0.0,7.0.19)

Improper Access Control

[7.0.0,7.0.58)[8.0.0-RC1,8.0.16)

Denial of Service (DoS)

[7.0.0,7.0.55)[8.0.0-RC1,8.0.9)

HTTP Request Smuggling

[7.0.0,7.0.55)[8,8.0.9)

Directory Traversal

[7.0.0,7.0.4)[6.0.0,6.1.0)[5.5.0,5.6.0)

Access Restriction Bypass

[7.0.0,7.0.11)

Improper Input Validation

[7.0.0,7.0.12)

Information Exposure

[7.0.0,7.0.17)

Denial of Service (DoS)

[7.0.0,7.0.53)[8,8.0.4)

Access Restriction Bypass

[7.0.0,7.0.53)[8.0.0-RC1,8.0.4)

Arbitrary File Read

[7.0.0,7.0.54)[8.0.0-RC1,8.0.6)

Cross-site Request Forgery (CSRF)

[7.0.0,7.0.32)

Denial of Service (DoS)

[7.0.0,7.0.23)

Access Restriction Bypass

[7.0.0,7.0.30)

Access Restriction Bypass

[7.0.0,7.0.30)

Improper Authentication

[7.0.0,7.0.30)

Improper Authentication

[7.0.0,7.0.30)

Improper Authentication

[7.0.0,7.0.33)

Information Exposure

[7.0.0,7.0.40)

Information Exposure

[7.0.0,7.0.50)[8.0.0-RC1,8.0.0-RC11)

Cross-site Scripting (XSS)

[7.0.0,7.0.4]

Access Restriction Bypass

[7.0.0,7.0.12)

Cryptographic Issues

[7.0.0,7.0.12)

Package versions

440 VERSIONS IN TOTAL See all versions

version	published	direct vulnerabilities
11.0.13	10 Oct, 2025	0 C 0 H 0 M 0 L
11.0.12	1 Oct, 2025	0 C 0 H 0 M 0 L
11.0.11	1 Sep, 2025	0 C 0 H 1 M 0 L
11.0.10	31 Jul, 2025	0 C 1 H 1 M 0 L
11.0.9	1 Jul, 2025	0 C 2 H 1 M 0 L
11.0.8	5 Jun, 2025	0 C 4 H 1 M 0 L
11.0.7	7 May, 2025	0 C 6 H 3 M 0 L
11.0.6	1 Apr, 2025	0 C 6 H 4 M 0 L
11.0.5	28 Feb, 2025	0 C 7 H 5 M 0 L
11.0.4	13 Feb, 2025	0 C 7 H 5 M 0 L