vaadin

Top products

The 15 most recently published vulnerabilities affecting vaadin.

• CVE-2026-2742Unauthorized session creation via reserved framework path access5.3Mar 10, 2026
• CVE-2026-2741Zip Slip Path Traversal on Node Unpack6.8Mar 10, 2026
• CVE-2023-25500Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential informati...3.5Jun 22, 2023
• CVE-2023-25499Possible information disclosure in non visible components5.7Jun 22, 2023
• CVE-2022-29567Possible information disclosure inside TreeGrid component with default data provider5.7May 24, 2022
• CVE-2021-33611Reflected cross-site scripting in vaadin-menu-bar webjar resources in Vaadin 146.1Nov 2, 2021
• CVE-2021-33609Denial of service in DataCommunicator class in Vaadin 84.3Oct 13, 2021
• CVE-2021-33605Unauthorized property update in CheckboxGroup component in Vaadin 12-14 and 15-204.3Aug 25, 2021
• CVE-2021-31412Possible route enumeration in production mode via RouteNotFoundError view in Vaadin 10, 11-14, and 15-195.3Jun 24, 2021
• CVE-2021-33604Reflected cross-site scripting in development mode handler in Vaadin 14, 15-192.5Jun 24, 2021
• CVE-2021-31409Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-197.5May 5, 2021
• CVE-2021-31411Insecure temporary directory usage in frontend build functionality of Vaadin 14 and 15-196.3May 5, 2021
• CVE-2021-31410Project sources exposure in Vaadin Designer8.6Apr 23, 2021
• CVE-2021-31408Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-196.3Apr 23, 2021
• CVE-2021-31407Server classes and resources exposure in OSGi applications using Vaadin 12-14 and 198.6Apr 23, 2021