Com.vaadin:flow-server
This hub aggregates every CVE we track for Com.vaadin:flow-server, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
10
CVEs tracked
0
Critical
1
High
0
In CISA KEV
Severity distribution
MEDIUM6LOW3HIGH1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
2024-072026-06
Latest CVEs
The 10 most recently published vulnerabilities affecting Com.vaadin:flow-server.
- CVE-2026-2742Unauthorized session creation via reserved framework path access5.3
- CVE-2023-25500Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential informati...3.5
- CVE-2023-25499Possible information disclosure in non visible components5.7
- CVE-2021-31407Server classes and resources exposure in OSGi applications using Vaadin 12-14 and 198.6
- CVE-2021-31406Timing side channel vulnerability in endpoint request handler in Vaadin 15-194.0
- CVE-2021-31404Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-184.0
- CVE-2020-36319Potential sensitive data exposure in applications using Vaadin 153.1
- CVE-2020-36321Directory traversal in development mode handler in Vaadin 14 and 15-175.9
- CVE-2019-25027Reflected cross-site scripting in default RouteNotFoundError view in Vaadin 10 and 11-136.1
- CVE-2018-25007Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 112.6
Product normalization is registry-driven with AI assist and human review. How it works