Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Vaadin — Vulnerabilities & Security Advisories 27

Browse all 27 CVE security advisories affecting Vaadin. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Vaadin:VaadinDesigner
CVE IDTitleCVSSSeverityPublished
CVE-2026-2742 Unauthorized session creation via reserved framework path access — vaadinCWE-284 9.1AICriticalAI2026-03-10
CVE-2026-2741 Zip Slip Path Traversal on Node Unpack — vaadinCWE-22 6.7AIMediumAI2026-03-10
CVE-2025-15022 Cross-site scripting in Action caption — vaadinCWE-79 6.1 -2026-01-05
CVE-2025-9467 Possibility to bypass file upload validation on the server-side — vaadinCWE-20 7.5AIHighAI2025-09-04
CVE-2023-25500 Vaadin 信息泄露漏洞 — vaadinCWE-200 3.5 Low2023-06-22
CVE-2023-25499 Possible information disclosure in non visible components — vaadinCWE-200 5.7 Medium2023-06-22
CVE-2022-29567 Possible information disclosure inside TreeGrid component with default data provider — vaadinCWE-200 5.7 Medium2022-05-24
CVE-2021-33611 Reflected cross-site scripting in vaadin-menu-bar webjar resources in Vaadin 14 — VaadinCWE-79 6.1 Medium2021-11-02
CVE-2021-33609 Denial of service in DataCommunicator class in Vaadin 8 — VaadinCWE-400 4.3 Medium2021-10-13
CVE-2021-33605 Unauthorized property update in CheckboxGroup component in Vaadin 12-14 and 15-20 — VaadinCWE-754 4.3 Medium2021-08-25
CVE-2021-31412 Possible route enumeration in production mode via RouteNotFoundError view in Vaadin 10, 11-14, and 15-19 — VaadinCWE-1295 5.3 Medium2021-06-24
CVE-2021-33604 Reflected cross-site scripting in development mode handler in Vaadin 14, 15-19 — VaadinCWE-172 2.5 Low2021-06-24
CVE-2021-31409 Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19 — VaadinCWE-400 7.5 High2021-05-05
CVE-2021-31411 Insecure temporary directory usage in frontend build functionality of Vaadin 14 and 15-19 — VaadinCWE-379 6.3 Medium2021-05-05
CVE-2021-31410 Project sources exposure in Vaadin Designer — DesignerCWE-402 8.6 High2021-04-23
CVE-2021-31408 Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19 — VaadinCWE-613 6.3 Medium2021-04-23
CVE-2021-31407 Server classes and resources exposure in OSGi applications using Vaadin 12-14 and 19 — VaadinCWE-402 8.6 High2021-04-23
CVE-2021-31406 Timing side channel vulnerability in endpoint request handler in Vaadin 15-19 — VaadinCWE-208 4.0 Medium2021-04-23
CVE-2021-31405 Regular expression denial of service (ReDoS) in EmailField component in Vaadin 14 and 15-17 — VaadinCWE-400 7.5 High2021-04-23
CVE-2021-31404 Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18 — VaadinCWE-208 4.0 Medium2021-04-23
CVE-2021-31403 Timing side channel vulnerability in UIDL request handler in Vaadin 7 and 8 — VaadinCWE-208 4.0 Medium2021-04-23
CVE-2020-36321 Directory traversal in development mode handler in Vaadin 14 and 15-17 — VaadinCWE-22 5.9 Medium2021-04-23
CVE-2020-36320 Regular expression Denial of Service (ReDoS) in EmailValidator class in Vaadin 7 — VaadinCWE-400 7.5 High2021-04-23
CVE-2020-36319 Potential sensitive data exposure in applications using Vaadin 15 — VaadinCWE-200 3.1 Low2021-04-23
CVE-2019-25028 Stored cross-site scripting in Grid component in Vaadin 7 and 8 — VaadinCWE-80 5.4 Medium2021-04-23
CVE-2018-25007 Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11 — VaadinCWE-754 2.6 Low2021-04-23
CVE-2019-25027 Reflected cross-site scripting in default RouteNotFoundError view in Vaadin 10 and 11-13 — VaadinCWE-81 6.1 Medium2021-04-23

This page lists every published CVE security advisory associated with Vaadin. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.