Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

RuoYi — Vulnerabilities & Security Advisories 19

All 19 CVE vulnerabilities found in RuoYi, with AI-generated Chinese analysis, references, and POCs.

Vendor: y_project

CVE IDTitleCVSSSeverityPublished
CVE-2026-4564 yangzongzhuan RuoYi Quartz Job job code injection CWE-94 4.7 Medium2026-03-22
CVE-2025-14856 y_project RuoYi getnames code injection CWE-94 6.3 Medium2025-12-18
CVE-2025-10989 yangzongzhuan RuoYi selectAll improper authorization CWE-285 6.3 Medium2025-09-26
CVE-2025-10473 yangzongzhuan RuoYi Blacklist SqlUtil.java filterKeyword sql injection CWE-89 6.3 Medium2025-09-15
CVE-2025-10384 yangzongzhuan RuoYi Role cancelAll improper authorization CWE-285 5.4 Medium2025-09-13
CVE-2025-8847 yangzongzhuan RuoYi edit cross site scripting CWE-79 3.5 Low2025-08-11
CVE-2025-7907 yangzongzhuan RuoYi Druid application-druid.yml default credentials CWE-1392 4.3 Medium2025-07-20
CVE-2025-7906 yangzongzhuan RuoYi CommonController.java uploadFile unrestricted upload CWE-434 6.3 Medium2025-07-20
CVE-2025-7903 yangzongzhuan RuoYi Image Source ui layer CWE-1021 4.3 Medium2025-07-20
CVE-2025-7902 yangzongzhuan RuoYi SysNoticeController.java addSave cross site scripting CWE-79 3.5 Low2025-07-20
CVE-2025-7901 yangzongzhuan RuoYi Swagger UI index.html cross site scripting CWE-79 4.3 Medium2025-07-20
CVE-2025-4819 y_project RuoYi Offline Logout batchForceLogout improper authorization CWE-285 3.1 Low2025-05-17
CVE-2025-0734 y_project RuoYi Whitelist getBeanName deserialization CWE-502 4.7 Medium2025-01-27
CVE-2024-9048 y_project RuoYi Backend User Import SysUserServiceImpl.java SysUserServiceImpl cross site scripting CWE-79 3.1 Low2024-09-21
CVE-2024-6511 y_project RuoYi Content-Type isJsonRequest cross site scripting CWE-79 3.5 Low2024-07-04
CVE-2023-7133 y_project RuoYi HTTP POST Request login cross site scripting CWE-79 4.3 Medium2023-12-28
CVE-2023-3815 y_project RuoYi File Upload uploadFilesPath cross site scripting CWE-79 3.5 Low2023-07-21
CVE-2023-3163 y_project RuoYi filterKeyword resource consumption CWE-400 3.5 Low2023-06-08
CVE-2022-4566 y_project RuoYi GenController sql injection CWE-707 5.5 Medium2022-12-16

All 19 known CVE vulnerabilities affecting RuoYi with full Chinese analysis, references, and POCs where available.