Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

vaadin — Vulnerabilities & Security Advisories 26

All 26 CVE vulnerabilities found in vaadin, with AI-generated Chinese analysis, references, and POCs.

Vendor: Vaadin

CVE IDTitleCVSSSeverityPublished
CVE-2026-2742 Unauthorized session creation via reserved framework path access CWE-284 9.1AICriticalAI2026-03-10
CVE-2026-2741 Zip Slip Path Traversal on Node Unpack CWE-22 6.7AIMediumAI2026-03-10
CVE-2025-15022 Cross-site scripting in Action caption CWE-79 6.1 -2026-01-05
CVE-2025-9467 Possibility to bypass file upload validation on the server-side CWE-20 7.5AIHighAI2025-09-04
CVE-2023-25500 Vaadin 信息泄露漏洞 CWE-200 3.5 Low2023-06-22
CVE-2023-25499 Possible information disclosure in non visible components CWE-200 5.7 Medium2023-06-22
CVE-2022-29567 Possible information disclosure inside TreeGrid component with default data provider CWE-200 5.7 Medium2022-05-24
CVE-2021-33611 Reflected cross-site scripting in vaadin-menu-bar webjar resources in Vaadin 14 CWE-79 6.1 Medium2021-11-02
CVE-2021-33609 Denial of service in DataCommunicator class in Vaadin 8 CWE-400 4.3 Medium2021-10-13
CVE-2021-33605 Unauthorized property update in CheckboxGroup component in Vaadin 12-14 and 15-20 CWE-754 4.3 Medium2021-08-25
CVE-2021-31412 Possible route enumeration in production mode via RouteNotFoundError view in Vaadin 10, 11-14, and 15-19 CWE-1295 5.3 Medium2021-06-24
CVE-2021-33604 Reflected cross-site scripting in development mode handler in Vaadin 14, 15-19 CWE-172 2.5 Low2021-06-24
CVE-2021-31409 Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19 CWE-400 7.5 High2021-05-05
CVE-2021-31411 Insecure temporary directory usage in frontend build functionality of Vaadin 14 and 15-19 CWE-379 6.3 Medium2021-05-05
CVE-2021-31408 Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19 CWE-613 6.3 Medium2021-04-23
CVE-2021-31407 Server classes and resources exposure in OSGi applications using Vaadin 12-14 and 19 CWE-402 8.6 High2021-04-23
CVE-2021-31406 Timing side channel vulnerability in endpoint request handler in Vaadin 15-19 CWE-208 4.0 Medium2021-04-23
CVE-2021-31405 Regular expression denial of service (ReDoS) in EmailField component in Vaadin 14 and 15-17 CWE-400 7.5 High2021-04-23
CVE-2021-31404 Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18 CWE-208 4.0 Medium2021-04-23
CVE-2021-31403 Timing side channel vulnerability in UIDL request handler in Vaadin 7 and 8 CWE-208 4.0 Medium2021-04-23
CVE-2020-36321 Directory traversal in development mode handler in Vaadin 14 and 15-17 CWE-22 5.9 Medium2021-04-23
CVE-2020-36320 Regular expression Denial of Service (ReDoS) in EmailValidator class in Vaadin 7 CWE-400 7.5 High2021-04-23
CVE-2020-36319 Potential sensitive data exposure in applications using Vaadin 15 CWE-200 3.1 Low2021-04-23
CVE-2019-25028 Stored cross-site scripting in Grid component in Vaadin 7 and 8 CWE-80 5.4 Medium2021-04-23
CVE-2018-25007 Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11 CWE-754 2.6 Low2021-04-23
CVE-2019-25027 Reflected cross-site scripting in default RouteNotFoundError view in Vaadin 10 and 11-13 CWE-81 6.1 Medium2021-04-23

All 26 known CVE vulnerabilities affecting vaadin with full Chinese analysis, references, and POCs where available.