Batik

This hub aggregates every CVE we track for Batik, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

OSS Librarieslibrarylibrary

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

HIGH7MEDIUM4CRITICAL1

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 12 most recently published vulnerabilities affecting Batik.

CVE-2022-44729Apache XML Graphics Batik: Information disclosure vulnerability7.1Aug 22, 2023
CVE-2022-44730Apache XML Graphics Batik: Information disclosure vulnerability4.4Aug 22, 2023
CVE-2022-42890Apache Batik prior to 1.16 allows RCE via scripting7.5Oct 25, 2022
CVE-2022-41704Apache Batik prior to 1.16 allows RCE when loading untrusted SVG input7.5Oct 25, 2022
CVE-2022-40146Jar url should be blocked by DefaultScriptSecurity7.5Sep 22, 2022
CVE-2022-38648PDFTranscoder does not block external resources5.3Sep 22, 2022
CVE-2022-38398Server-Side Request Forgery Information Disclosure Vulnerability5.3Sep 22, 2022
CVE-2020-11987Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vul...8.2Feb 24, 2021
CVE-2019-17566Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this ...7.5Nov 12, 2020
CVE-2018-8013In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor ...9.8May 24, 2018
CVE-2017-5662In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown d...7.3Apr 18, 2017
CVE-2015-0250XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of serv...6.4Mar 24, 2015

Product normalization is registry-driven with AI assist and human review. How it works