Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

dromara — Vulnerabilities & Security Advisories 25

Browse all 25 CVE security advisories affecting dromara. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by dromara:hertzbeatUJCMSHuToolJ2eeFASTRuoYi-Vue-PlusSa-Tokenopen-capacity-platformMaxKeyNorthstardataComparelamp-cloudwarm-flow
CVE IDTitleCVSSSeverityPublished
CVE-2026-6125 Dromara warm-flow Workflow Definition save-json SpelHelper.parseExpression code injection — warm-flowCWE-94 6.3 Medium2026-04-12
CVE-2026-5529 Dromara lamp-cloud DefUserController pageUser improper authorization — lamp-cloudCWE-285 4.3 Medium2026-04-05
CVE-2026-2954 Dromara UJCMS ImportDataController import-channel importChanel injection — UJCMSCWE-74 6.3 Medium2026-02-22
CVE-2026-2953 Dromara UJCMS Template WebFileTemplateController.delete deleteDirectory path traversal — UJCMSCWE-22 5.4 Medium2026-02-22
CVE-2026-2819 Dromara RuoYi-Vue-Plus Workflow deleteByInstanceIds SaServletFilter authorization — RuoYi-Vue-PlusCWE-862 6.3 Medium2026-02-20
CVE-2025-15222 Dromara Sa-Token SaSerializerTemplateForJdkUseBase64.java ObjectInputStream.readObject deserialization — Sa-TokenCWE-502 5.0 Medium2025-12-30
CVE-2025-15117 Dromara Sa-Token SaJdkSerializer.java ObjectInputStream.readObject deserialization — Sa-TokenCWE-502 3.1 Low2025-12-28
CVE-2025-13268 Dromara dataCompare JDBC URL DbconfigServiceImpl.java DbConfig injection — dataCompareCWE-74 6.3 Medium2025-11-17
CVE-2025-7552 Dromara Northstar Path AuthorizationInterceptor.java preHandle access control — NorthstarCWE-284 6.3 Medium2025-07-13
CVE-2025-6925 Dromara RuoYi-Vue-Plus Mail MailController.java path traversal — RuoYi-Vue-PlusCWE-22 5.3 Medium2025-06-30
CVE-2025-6517 Dromara MaxKey Meta URL SAML20DetailsController.java add server-side request forgery — MaxKeyCWE-918 6.3 Medium2025-06-23
CVE-2025-2491 Dromara ujcms Edit Template File Page WebFileTemplateController.java update cross site scripting — ujcmsCWE-79 2.4 Low2025-03-18
CVE-2025-2490 Dromara ujcms File Upload WebFileUploadController.java upload cross site scripting — ujcmsCWE-79 2.4 Low2025-03-18
CVE-2024-12483 Dromara UJCMS User ID id authorization — UJCMSCWE-639 3.7 Low2024-12-11
CVE-2024-3928 Dromara open-capacity-platform auth-server heapdump information disclosure — open-capacity-platformCWE-200 4.3 Medium2024-04-17
CVE-2023-51389 HertzBeat SnakeYAML Deser RCE — hertzbeatCWE-502 9.8 Critical2024-02-22
CVE-2023-51388 HertzBeat AviatorScript Inject RCE — hertzbeatCWE-74 9.8 Critical2024-02-22
CVE-2023-51653 Hertzbeat JMX JNDI RCE — hertzbeatCWE-74 9.8 Critical2024-02-22
CVE-2023-51650 Unauthorized access vulnerability on three interfaces — hertzbeatCWE-862 7.5 High2023-12-22
CVE-2023-51387 Expression Injection Vulnerability in Hertzbeat — hertzbeatCWE-94 7.2 High2023-12-22
CVE-2022-39337 Permission bypass due to incorrect configuration in github.com/dromara/hertzbeat — hertzbeatCWE-284 7.5 High2023-12-22
CVE-2023-3276 Dromara HuTool XML Parsing Module XmlUtil.java readBySax xml external entity reference — HuToolCWE-611 5.5 Medium2023-06-15
CVE-2023-2476 Dromara J2eeFAST Announcement cross site scripting — J2eeFASTCWE-79 3.5 Low2023-05-02
CVE-2023-2475 Dromara J2eeFAST System Message cross site scripting — J2eeFASTCWE-79 3.5 Low2023-05-02
CVE-2022-4565 Dromara HuTool cn.hutool.core.util.ZipUtil.java resource consumption — HuToolCWE-404 4.3 Medium2022-12-16

This page lists every published CVE security advisory associated with dromara. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.