Subversion

This hub aggregates every CVE we track for Subversion, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Subversion.

• CVE-2024-46901Apache Subversion: mod_dav_svn denial-of-service via control characters in paths3.1Dec 9, 2024
• CVE-2024-45720Apache Subversion: Command line argument injection on Windows platforms8.2Oct 9, 2024
• CVE-2022-29048A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL.4.3Apr 12, 2022
• CVE-2022-29046Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site ...5.4Apr 12, 2022
• CVE-2022-24070Apache Subversion mod_dav_svn is vulnerable to memory corruption7.5Apr 12, 2022
• CVE-2021-28544Apache Subversion SVN authz protected copyfrom paths regression4.3Apr 12, 2022
• CVE-2021-21698Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent.7.5Nov 4, 2021
• CVE-2020-17525Remote unauthenticated denial-of-service in Subversion mod_authz_svn7.5Mar 17, 2021
• CVE-2020-2304Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.6.5Nov 4, 2020
• CVE-2020-2111Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability.5.4Feb 12, 2020
• CVE-2019-0203In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. This can lead to ...7.5Sep 26, 2019
• CVE-2018-11782In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can l...6.5Sep 26, 2019
• CVE-2018-11803Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory ...7.5Feb 5, 2019
• CVE-2018-1000111An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with netw...5.3Mar 13, 2018
• CVE-2013-4246libsvn_fs_fs/fs_fs.c in Apache Subversion 1.8.x before 1.8.2 might allow remote authenticated users with commit access to corrupt FSFS repositories and cause a denial of service or obtain sensitive...8.8Oct 30, 2017