Java runtime environment
This hub aggregates every CVE we track for Java runtime environment, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
34
CVEs tracked
12
Critical
7
High
6
In CISA KEV
Severity distribution
MEDIUM13CRITICAL12HIGH7LOW2
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Java runtime environment.
- CVE-2019-2745Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability allo...5.1
- CVE-2016-4003Cross-site scripting (XSS) vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to...6.1
- CVE-2014-2428Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related ...7.6
- CVE-2014-2423Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-W...7.5
- CVE-2014-2422Unspecified vulnerability in Oracle Java SE 7u51 and 8, and JavaFX 2.2.51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.6.8
- CVE-2014-2420Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Deployment.2.6
- CVE-2014-2413Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Libraries.4.3
- CVE-2014-2412Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors relat...7.5
- CVE-2014-2410Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.9.3
- CVE-2014-2403Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via vectors related to JAXP.5.0
- CVE-2014-2402Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libr...7.5
- CVE-2014-2401Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality via unknown vectors related to 2D.5.0
- CVE-2014-2397Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hots...9.3
- CVE-2014-0464Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting, a different vulnerability than CVE-2014-0463.4.3
- CVE-2014-0463Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting, a different vulnerability than CVE-2014-0464.4.3
Product normalization is registry-driven with AI assist and human review. How it works