Security Deep Dive
xwiki-platform
Security posture and CVE patch evidence from tracked releases.
3 actively-exploited dependency CVEs affects xwiki-platform-18.4.0.
KEV-listed CVEs are confirmed exploited in the wild — patch urgently.
Versions by Severity
CVEs are attributed to tracked releases published before the patch release.
| Version | Published | C | H | M | L | KEV | Notes |
|---|---|---|---|---|---|---|---|
| xwiki-platform-18.4.0 | 2026-05-27 | — | — | — | — | — |
Latest
|
| xwiki-platform-18.4.0-rc-1 | 2026-05-18 | — | — | — | — | — | |
| xwiki-platform-17.10.8 | 2026-04-28 | — | 3 | — | — | KEV 3 |
—
|
| xwiki-platform-18.3.0 | 2026-04-27 | — | 3 | — | — | KEV 3 |
—
|
| xwiki-platform-18.3.0-rc-1 | 2026-04-21 | — | 3 | — | — | KEV 3 |
—
|
| xwiki-platform-18.2.1 | 2026-04-09 | — | 3 | — | — | KEV 3 |
—
|
| xwiki-platform-17.10.7 | 2026-04-08 | — | 3 | — | — | KEV 3 |
—
|
| xwiki-platform-17.10.6 | 2026-04-03 | — | 3 | — | — | KEV 3 |
—
|
| xwiki-platform-17.10.5 | 2026-04-01 | — | 3 | — | — | KEV 3 |
—
|
| xwiki-platform-18.2.0 | 2026-03-30 | — | 3 | — | — | KEV 3 |
—
|
| xwiki-platform-18.2.0-rc-1 | 2026-03-24 | — | 3 | — | — | KEV 3 |
—
|
| xwiki-platform-17.10.4 | 2026-03-02 | — | 3 | — | — | KEV 3 |
—
|
| xwiki-platform-18.1.0 | 2026-02-23 | — | 3 | — | — | KEV 3 |
—
|
| xwiki-platform-17.4.10 | 2026-02-19 | — | 3 | — | — | KEV 3 |
—
|
| xwiki-platform-16.10.17 | 2026-02-19 | — | 3 | — | — | KEV 3 |
—
|
| xwiki-platform-18.1.0-rc-1 | 2026-02-17 | — | 3 | — | — | KEV 3 |
—
|
| xwiki-platform-17.4.9 | 2026-02-05 | — | 3 | — | — | KEV 3 |
—
|
| xwiki-platform-18.0.1 | 2026-02-04 | — | 3 | — | — | KEV 3 |
—
|
| xwiki-platform-17.10.3 | 2026-02-02 | — | 3 | — | — | KEV 3 |
—
|
| xwiki-platform-18.0.0 | 2026-01-27 | — | 3 | — | — | KEV 3 |
—
|
— Signed
— SLSA
— SBOM
✓ Security policy
Weekly cadence · 6d median
Active maintainer
Trust Signals — 3 of 9 Present
Evidence already collected from releases and repository metadata.
3/9
Present
Signed releases
Unknown
Latest release artifact signature
Latest release
—
SLSA provenance
Unknown
Attestation predicate level
Latest release
—
SBOM published
Unknown
GitHub SBOM API
Latest release
—
SECURITY.md
Present
GitHub repository metadata
Repository policy
Checked: 22d ago
Release cadence: weekly
Present
6d median over recent releases
Release history
Latest release: 7d ago
Maintainer active
Present
Recent commit activity
Repository
Last commit: 1d ago
Checksums (SHA256SUMS)
Not active yet
SHA256SUMS or equivalent
Release asset
Latest release: 7d ago
GitHub Actions attestation
Not active yet
actions/attest-build-provenance
Workflow file
Latest release: 7d ago
Signing assets
Not active yet
.sig, .crt, cosign.pub, or similar
Release asset
Latest release: 7d ago
0.5/10
Security Score
4.9/10
Scorecard
Dependency Exposure
462 transitive dependency
CVEs found in the latest SBOM.
124 critical.
Security Score
A composite score aggregating Scorecard performance, CVE patch history, OpenSSF badge tier, and dependency vulnerability exposure. Score ≥ 7.0 is healthy; < 4.0 warrants attention.
epss
0.00 / 0.5
Max EPSS 0.945
freshness
1.00 / 1.0
1d stale
scorecard
1.96 / 4.0
Score 4.9/10
cve health
0.00 / 2.5
⚠ No direct scan — 124c/181h transitive CVEs
patch speed
0.50 / 0.5
⚠ Estimated — no CVE patch history
kev exposure
-1.50 / 1.5
KEV exposure detected
supply chain risk
-1.50 / 10.0
Risk 100.0/100
Score breakdown
schema v2Vulnerability posture
vulnerability posture
0.0
25%
direct cves: clear
cve scan: estimated
Release responsiveness
release responsiveness
10.0
5%
patch speed days: no_history
Dependency exposure
dependency exposure
0.0
10%
supply chain risk: 100.0
transitive cves: 124c/181h
Provenance trust
provenance trust
4.9
40%
scorecard score: 4.9
openssf badge: none
Maintainer health
maintainer health
10.0
10%
activity freshness: 1d
Operational risk
operational risk
0.0
10%
kev exposure: detected
epss max: 0.945
How is this calculated?
The six dimensions group the legacy score signals into weighted categories: direct vulnerability status, patch responsiveness, dependency exposure, provenance checks, maintainer activity, and exploitability risk. The flat component values above remain available for compatibility.
Supply Chain Risk
Risk 100.0/100
124
Transitive critical CVEs
3
KEV-transitive CVEs
78%
Dependency freshness
Scorecard
Scorecard 4.9/10OpenSSF Scorecard evaluates supply-chain security practices automatically. Score ≥ 6 is passing; ≥ 8 is excellent.
| Check | Score | Reason |
|---|---|---|
| Maintained | 10 | 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 |
| Packaging | -1 | packaging workflow not detected |
| Code-Review | 0 | Found 2/30 approved changesets -- score normalized to 0 |
| CII-Best-Practices | 0 | no effort to earn an OpenSSF best practices badge detected |
| Dangerous-Workflow | 10 | no dangerous workflow patterns detected |
| Security-Policy | 9 | security policy file detected |
| Token-Permissions | 0 | detected GitHub workflow tokens with excessive permissions |
| License | 10 | license file detected |
| Branch-Protection | -1 | internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md |
| Signed-Releases | -1 | no releases found |
| Binary-Artifacts | 10 | no binaries found in the repo |
| Pinned-Dependencies | 0 | dependency not pinned by hash detected -- score normalized to 0 |
| Fuzzing | 0 | project is not fuzzed |
| SAST | 0 | SAST tool is not run on all commits -- score normalized to 0 |
OpenSSF Badge
OpenSSF none
Badge indicates adherence to open-source best practices.
CVE Patch History
Tracks CVEs that were addressed in tagged releases. Shorter gap between disclosure and patch = faster response. EPSS = predicted probability of exploitation in next 30 days (FIRST.org); colored at ≥90%ile and ≥50%ile.
CVEs Patched by Year
Critical
High
Medium
Low
2026
3
| CVE | Severity | EPSS | Disclosed | Fixed in | Days to fix | vs Ecosystem Median | KEV |
|---|---|---|---|---|---|---|---|
| CVE-2019-0193 | HIGH | 99%ile | — | xwiki-platform-18.4.0-rc-1 | — | — | KEV |
| CVE-2019-17558 | HIGH | 99%ile | — | xwiki-platform-18.4.0-rc-1 | — | — | KEV |
| CVE-2023-44487 | HIGH | 99%ile | — | xwiki-platform-18.4.0-rc-1 | — | — | KEV |
KEV = CISA Known Exploited Vulnerabilities catalog — actively exploited in the wild.
Dependency Vulnerabilities
4210 dependencies scanned
View full dependency list →
Scanning the SBOM (Software Bill of Materials) of the latest release for known vulnerabilities in transitive dependencies.
Critical
124
High
181
Medium
141
Low
16
Unknown
0
3 dependency vulnerabilities are in KEV.
CISA confirmed these vulnerabilities are actively exploited. Treat as critical priority.
Critical
124
High
181
Medium
141
Low
16
| CVE | Severity | KEV | Dependency | Affected version | Cleared in release |
|---|---|---|---|---|---|
| CVE-2013-4366 | critical | — | org.apache.httpcomponents:httpclient | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2015-7501 | critical | — | org.apache.commons:commons-collections4 | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2015-7501 | critical | — | commons-collections:commons-collections | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2016-1000031 | critical | — | commons-fileupload:commons-fileupload | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2016-2141 | critical | — | org.jgroups:jgroups | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2016-6809 | critical | — | org.apache.tika:tika-core | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2017-12629 | critical | — | org.apache.solr:solr-core | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2017-15095 | critical | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2017-17485 | critical | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2017-5929 | critical | — | ch.qos.logback:logback-classic | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2017-7525 | critical | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2018-11307 | critical | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2018-14718 | critical | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2018-14719 | critical | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2018-14720 | critical | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2018-14721 | critical | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2018-19360 | critical | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2018-19361 | critical | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2018-19362 | critical | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2018-7489 | critical | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2019-0192 | critical | — | org.apache.solr:solr-core | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2019-0228 | critical | — | org.apache.pdfbox:pdfbox | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2019-10744 | critical | — | lodash | 3.10.1 | xwiki-platform-18.4.0-rc-1 |
| CVE-2019-12409 | critical | — | org.apache.solr:solr-core | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2019-13990 | critical | — | org.quartz-scheduler:quartz | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2019-14379 | critical | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2019-14540 | critical | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2019-16335 | critical | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2019-16942 | critical | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2019-16943 | critical | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2019-17267 | critical | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2019-17531 | critical | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2019-20330 | critical | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-10683 | critical | — | org.dom4j:dom4j | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-13957 | critical | — | org.apache.solr:solr-core | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-13957 | critical | — | org.apache.solr:solr-solrj | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-1953 | critical | — | org.apache.commons:commons-configuration2 | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-8840 | critical | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-9546 | critical | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-9547 | critical | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-9548 | critical | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2021-23358 | critical | — | underscore | 1.6.0 | xwiki-platform-18.4.0-rc-1 |
| CVE-2021-26291 | critical | — | org.apache.maven:maven-core | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2021-29459 | critical | — | org.xwiki.platform:xwiki-platform-oldcore | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2022-0839 | critical | — | org.liquibase:liquibase-core | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2022-33980 | critical | — | org.apache.commons:commons-configuration2 | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2022-37865 | critical | — | org.apache.ivy:ivy | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2022-41853 | critical | — | org.hsqldb:hsqldb | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2022-42889 | critical | — | org.apache.commons:commons-text | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-26055 | critical | — | org.xwiki.commons:xwiki-commons-xml | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-26474 | critical | — | org.xwiki.platform:xwiki-platform-oldcore | 14.7-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-26475 | critical | — | org.xwiki.platform:xwiki-platform-annotation-ui | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-26477 | critical | — | org.xwiki.platform:xwiki-platform-flamingo-theme-ui | 14.2-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-27479 | critical | — | org.xwiki.platform:xwiki-platform-panels-ui | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-29201 | critical | — | org.xwiki.commons:xwiki-commons-xml | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-29205 | critical | — | org.xwiki.platform:xwiki-platform-rendering-xwiki | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-29210 | critical | — | org.xwiki.platform:xwiki-platform-notifications-ui | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-29212 | critical | — | org.xwiki.platform:xwiki-platform-panels-ui | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-29214 | critical | — | org.xwiki.platform:xwiki-platform-panels-ui | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-29507 | critical | — | org.xwiki.platform:xwiki-platform-oldcore | 14.7-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-29509 | critical | — | org.xwiki.platform:xwiki-platform-flamingo-theme-ui | 14.2-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-29510 | critical | — | org.xwiki.platform:xwiki-platform-administration-ui | 14.6-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-29511 | critical | — | org.xwiki.platform:xwiki-platform-administration-ui | 14.6-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-29514 | critical | — | org.xwiki.platform:xwiki-platform-administration-ui | 14.6-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-29523 | critical | — | org.xwiki.platform:xwiki-platform-oldcore | 14.7-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-29525 | critical | — | org.xwiki.platform:xwiki-platform-distribution-war | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-29526 | critical | — | org.xwiki.platform:xwiki-platform-oldcore | 14.7-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-29528 | critical | — | org.xwiki.commons:xwiki-commons-xml | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-30537 | critical | — | org.xwiki.platform:xwiki-platform-flamingo-theme-ui | 14.2-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-31126 | critical | — | org.xwiki.commons:xwiki-commons-xml | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-32069 | critical | — | org.xwiki.platform:xwiki-platform-test-ui | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-32070 | critical | — | org.xwiki.rendering:xwiki-rendering-syntax-html | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-32070 | critical | — | org.xwiki.rendering:xwiki-rendering-syntax-html5 | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-32070 | critical | — | org.xwiki.rendering:xwiki-rendering-syntax-annotatedxhtml | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-32070 | critical | — | org.xwiki.rendering:xwiki-rendering-syntax-annotatedhtml5 | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-32070 | critical | — | org.xwiki.rendering:xwiki-rendering-syntax-xhtml | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-32071 | critical | — | org.xwiki.platform:xwiki-platform-distribution-war | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-34464 | critical | — | org.xwiki.platform:xwiki-platform-web-templates | 15.0-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-35159 | critical | — | org.xwiki.platform:xwiki-platform-web-templates | 15.0-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-35160 | critical | — | org.xwiki.platform:xwiki-platform-web-templates | 15.0-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-36468 | critical | — | org.xwiki.platform:xwiki-platform-oldcore | 14.7-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-36469 | critical | — | org.xwiki.platform:xwiki-platform-notifications-ui | 15.1-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-36470 | critical | — | org.xwiki.platform:xwiki-platform-icon-default | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-36470 | critical | — | org.xwiki.platform:xwiki-platform-icon-script | 15.1-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-36471 | critical | — | org.xwiki.commons:xwiki-commons-xml | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-37277 | critical | — | org.xwiki.platform:xwiki-platform-rest-server | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-37913 | critical | — | org.xwiki.platform:xwiki-platform-office-importer | 14.1-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-45134 | critical | — | org.xwiki.platform:xwiki-platform-web-templates | 15.0-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-45135 | critical | — | org.xwiki.platform:xwiki-platform-web-templates | 15.0-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-45136 | critical | — | org.xwiki.platform:xwiki-platform-web-templates | 15.0-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-45137 | critical | — | org.xwiki.platform:xwiki-platform-web-templates | 15.0-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-46242 | critical | — | org.xwiki.platform:xwiki-platform-oldcore | 14.7-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-46244 | critical | — | org.xwiki.platform:xwiki-platform-display-api | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-46731 | critical | — | org.xwiki.platform:xwiki-platform-administration-ui | 15.1-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-50722 | critical | — | org.xwiki.platform:xwiki-platform-administration-ui | 15.1-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-50723 | critical | — | org.xwiki.platform:xwiki-platform-administration-ui | 15.1-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-7272 | critical | — | org.eclipse.parsson:parsson | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2024-21650 | critical | — | org.xwiki.platform:xwiki-platform-administration-ui | 15.1-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2024-31981 | critical | — | org.xwiki.platform:xwiki-platform-oldcore | 14.7-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2024-31983 | critical | — | org.xwiki.platform:xwiki-platform-localization-source-wiki | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2024-31986 | critical | — | org.xwiki.platform:xwiki-platform-scheduler-ui | 15.5-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2024-31987 | critical | — | org.xwiki.platform:xwiki-platform-oldcore | 14.7-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2024-31996 | critical | — | org.xwiki.commons:xwiki-commons-velocity | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2024-31997 | critical | — | org.xwiki.platform:xwiki-platform-uiextension-api | 15.1-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2024-37899 | critical | — | org.xwiki.platform:xwiki-platform-oldcore | 14.7-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2024-38369 | critical | — | org.xwiki.platform:xwiki-platform-rendering-macro-include | 14.10-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2024-41947 | critical | — | org.xwiki.platform:xwiki-platform-web-templates | 15.5-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2024-43400 | critical | — | org.xwiki.platform:xwiki-platform-oldcore | 14.7-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2024-43401 | critical | — | org.xwiki.platform:xwiki-platform-web-templates | 15.5-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2024-55877 | critical | — | org.xwiki.platform:xwiki-platform-help-ui | 15.4-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2024-55879 | critical | — | org.xwiki.platform:xwiki-platform-administration-ui | 15.8-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2024-56158 | critical | — | org.xwiki.platform:xwiki-platform-oldcore | 14.7-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-32429 | critical | — | org.xwiki.platform:xwiki-platform-distribution-war | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-32969 | critical | — | org.xwiki.platform:xwiki-platform-rest-server | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-32974 | critical | — | org.xwiki.platform:xwiki-platform-security-requiredrights-default | 15.9-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-4641 | critical | — | io.github.bonigarcia:webdrivermanager | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-52472 | critical | — | org.xwiki.platform:xwiki-platform-rest-server | 17.2.0-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-53835 | critical | — | org.xwiki.rendering:xwiki-rendering-syntax-xhtml | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-53836 | critical | — | org.xwiki.rendering:xwiki-rendering-transformation-macro | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-54988 | critical | — | org.apache.tika:tika-parser-pdf-module | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-55747 | critical | — | org.xwiki.platform:xwiki-platform-webjars-api | 16.5.0-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-55748 | critical | — | org.xwiki.platform:xwiki-platform-skin-skinx | 15.1-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-66516 | critical | — | org.apache.tika:tika-core | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-66516 | critical | — | org.apache.tika:tika-parser-pdf-module | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2012-0881 | high | — | xerces:xercesImpl | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2012-6153 | high | — | org.apache.httpcomponents:httpclient | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2012-6612 | high | — | org.apache.solr:solr-core | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2013-2186 | high | — | commons-fileupload:commons-fileupload | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2013-4002 | high | — | xerces:xercesImpl | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2014-0050 | high | — | commons-fileupload:commons-fileupload | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2015-6420 | high | — | org.apache.commons:commons-collections4 | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2015-6420 | high | — | commons-collections:commons-collections | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2016-2175 | high | — | org.apache.pdfbox:pdfbox | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2016-3092 | high | — | commons-fileupload:commons-fileupload | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2016-4434 | high | — | org.apache.tika:tika-core | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2017-12626 | high | — | org.apache.poi:poi | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2017-3163 | high | — | org.apache.solr:solr-core | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2017-3164 | high | — | org.apache.solr:solr-core | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2017-5661 | high | — | org.apache.xmlgraphics:fop | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2017-7660 | high | — | org.apache.solr:solr-core | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2017-9803 | high | — | org.apache.solr:solr-core | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2018-1000632 | high | — | org.dom4j:dom4j | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2018-11761 | high | — | org.apache.tika:tika-core | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2018-11796 | high | — | org.apache.tika:tika-core | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2018-12022 | high | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2018-12023 | high | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2018-1308 | high | — | org.apache.solr:solr-core | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2018-1335 | high | — | org.apache.tika:tika-core | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2018-16487 | high | — | lodash | 3.10.1 | xwiki-platform-18.4.0-rc-1 |
| CVE-2018-5968 | high | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2019-0193 | high | KEV | org.apache.solr:solr-core | — | xwiki-platform-18.4.0 |
| CVE-2019-10088 | high | — | org.apache.tika:tika-core | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2019-10094 | high | — | org.apache.tika:tika-core | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2019-12086 | high | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2019-12401 | high | — | org.apache.solr:solr-core | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2019-12402 | high | — | org.apache.commons:commons-compress | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2019-14439 | high | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2019-14892 | high | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2019-14893 | high | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2019-17558 | high | KEV | org.apache.solr:solr-core | — | xwiki-platform-18.4.0 |
| CVE-2020-10650 | high | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-10672 | high | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-10673 | high | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-10968 | high | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-10969 | high | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-11111 | high | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-11112 | high | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-11113 | high | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-11619 | high | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-11620 | high | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-13936 | high | — | org.apache.velocity:velocity | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-14060 | high | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-14061 | high | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-14062 | high | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-14195 | high | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-15252 | high | — | org.xwiki.platform:xwiki-platform-oldcore | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-24616 | high | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-24750 | high | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-25638 | high | — | org.hibernate:hibernate-core | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-25649 | high | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-35490 | high | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-35491 | high | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-35728 | high | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-36179 | high | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-36180 | high | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-36181 | high | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-36182 | high | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-36183 | high | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-36184 | high | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-36185 | high | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-36186 | high | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-36187 | high | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-36188 | high | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-36189 | high | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-36518 | high | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-7751 | high | — | pathval | 0.1.1 | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-7753 | high | — | trim | 0.0.1 | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-8203 | high | — | lodash | 3.10.1 | xwiki-platform-18.4.0-rc-1 |
| CVE-2021-20190 | high | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2021-21380 | high | — | org.xwiki.platform:xwiki-platform-ratings-api | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2021-22569 | high | — | com.google.protobuf:protobuf-java | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2021-23337 | high | — | lodash | 3.10.1 | xwiki-platform-18.4.0-rc-1 |
| CVE-2021-29262 | high | — | org.apache.solr:solr-core | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2021-33623 | high | — | trim-newlines | 2.0.0 | xwiki-platform-18.4.0-rc-1 |
| CVE-2021-33813 | high | — | org.jdom:jdom2 | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2021-35515 | high | — | org.apache.commons:commons-compress | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2021-35516 | high | — | org.apache.commons:commons-compress | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2021-35517 | high | — | org.apache.commons:commons-compress | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2021-36090 | high | — | org.apache.commons:commons-compress | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2021-37714 | high | — | org.jsoup:jsoup | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2021-46877 | high | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2022-24897 | high | — | org.xwiki.commons:xwiki-commons-velocity | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2022-31166 | high | — | org.xwiki.platform:xwiki-platform-oldcore | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2022-3509 | high | — | com.google.protobuf:protobuf-java | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2022-3510 | high | — | com.google.protobuf:protobuf-java | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2022-36090 | high | — | org.xwiki.platform:xwiki-platform-oldcore | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2022-36092 | high | — | org.xwiki.platform:xwiki-platform-oldcore | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2022-36096 | high | — | org.xwiki.platform:xwiki-platform-index-ui | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2022-37866 | high | — | org.apache.ivy:ivy | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2022-41932 | high | — | org.xwiki.platform:xwiki-platform-oldcore | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2022-42003 | high | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2022-42004 | high | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2022-44729 | high | — | org.apache.xmlgraphics:batik-svgrasterizer | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2022-45688 | high | — | org.json:json | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2022-46751 | high | — | org.apache.ivy:ivy | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-24998 | high | — | commons-fileupload:commons-fileupload | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-26476 | high | — | org.xwiki.platform:xwiki-platform-livetable-ui | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-26480 | high | — | org.xwiki.platform:xwiki-platform-livedata-macro | 14.3-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-27480 | high | — | org.xwiki.platform:xwiki-platform-xar-model | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-29208 | high | — | org.xwiki.platform:xwiki-platform-oldcore | 14.7-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-29508 | high | — | org.xwiki.platform:xwiki-platform-livedata-macro | 14.10-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-29517 | high | — | org.xwiki.platform:xwiki-platform-office-viewer | 14.7-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-29522 | high | — | org.xwiki.platform:xwiki-platform-xclass-ui | 14.3-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-34467 | high | — | org.xwiki.platform:xwiki-platform-livetable-ui | 14.10-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-35151 | high | — | org.xwiki.platform:xwiki-platform-rest-server | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-35157 | high | — | org.xwiki.platform:xwiki-platform-oldcore | 14.7-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-36478 | high | — | org.eclipse.jetty.http2:http2-hpack | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-37460 | high | — | org.codehaus.plexus:plexus-archiver | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-37912 | high | — | org.xwiki.rendering:xwiki-rendering-macro-footnotes | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-40572 | high | — | org.xwiki.platform:xwiki-platform-oldcore | 14.7-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-46243 | high | — | org.xwiki.platform:xwiki-platform-oldcore | 14.7-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-50291 | high | — | org.apache.solr:solr-core | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-50386 | high | — | org.apache.solr:solr-core | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-5072 | high | — | org.json:json | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-50732 | high | — | org.xwiki.platform:xwiki-platform-index-tree-macro | 15.1-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-6378 | high | — | ch.qos.logback:logback-classic | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2024-21538 | high | — | cross-spawn | 7.0.3 | xwiki-platform-18.4.0-rc-1 |
| CVE-2024-21648 | high | — | org.xwiki.platform:xwiki-platform-oldcore | 14.7-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2024-21651 | high | — | org.xwiki.platform:xwiki-platform-distribution-war | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2024-22201 | high | — | org.eclipse.jetty.http2:http2-common | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2024-29415 | high | — | ip | 2.0.1 | xwiki-platform-18.4.0-rc-1 |
| CVE-2024-4068 | high | — | braces | 1.8.5 | xwiki-platform-18.4.0-rc-1 |
| CVE-2024-46978 | high | — | org.xwiki.platform:xwiki-platform-notifications-ui | 15.1-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2024-47554 | high | — | commons-io:commons-io | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2024-55663 | high | — | org.xwiki.platform:xwiki-platform-distribution-war | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2024-7254 | high | — | com.google.protobuf:protobuf-java | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-24814 | high | — | org.apache.solr:solr-core | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-27820 | high | — | org.apache.httpcomponents.client5:httpclient5 | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-29924 | high | — | org.xwiki.platform:xwiki-platform-security-authorization-api | 14.10-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-29925 | high | — | org.xwiki.platform:xwiki-platform-rest-server | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-32968 | high | — | org.xwiki.platform:xwiki-platform-oldcore | 14.7-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-46557 | high | — | org.xwiki.platform:xwiki-platform-security-authentication-ui | 16.5.0-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-48976 | high | — | commons-fileupload:commons-fileupload | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-49581 | high | — | org.xwiki.platform:xwiki-platform-rendering-wikimacro-store | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-49582 | high | — | org.xwiki.platform:xwiki-platform-rendering-macro-context | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-49582 | high | — | org.xwiki.platform:xwiki-platform-security-requiredrights-default | 15.9-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-49582 | high | — | org.xwiki.platform:xwiki-platform-rendering-xwiki | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-49584 | high | — | org.xwiki.platform:xwiki-platform-rest-server | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-49585 | high | — | org.xwiki.platform:xwiki-platform-security-requiredrights-default | 15.9-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-49586 | high | — | org.xwiki.platform:xwiki-platform-oldcore | 14.7-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-5115 | high | — | org.eclipse.jetty.http2:http2-common | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-54124 | high | — | org.xwiki.platform:xwiki-platform-oldcore | 14.7-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-54125 | high | — | org.xwiki.platform:xwiki-platform-oldcore | 14.7-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-54385 | high | — | org.xwiki.platform:xwiki-platform-oldcore | 14.7-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-55749 | high | — | org.xwiki.platform:xwiki-platform-tool-jetty-resources | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-64756 | high | — | glob | 10.4.5 | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-66473 | high | — | org.xwiki.platform:xwiki-platform-rest-server | 17.2.0-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-0603 | high | — | org.hibernate:hibernate-core | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-22022 | high | — | org.apache.solr:solr-core | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-22444 | high | — | org.apache.solr:solr-core | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-2332 | high | — | org.eclipse.jetty:jetty-http | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-26996 | high | — | minimatch | 3.0.8 | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-27601 | high | — | underscore | 1.6.0 | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-27606 | high | — | rollup | 4.55.1 | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-27903 | high | — | minimatch | 3.0.8 | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-27904 | high | — | minimatch | 3.0.8 | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-32141 | high | — | flatted | 3.3.1 | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-33151 | high | — | socket.io-parser | 4.2.4 | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-33228 | high | — | flatted | 3.3.1 | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-33229 | high | — | org.xwiki.platform:xwiki-platform-oldcore | 17.9.0-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-33671 | high | — | picomatch | 2.3.1 | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-33943 | high | — | happy-dom | 20.8.7 | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-34226 | high | — | happy-dom | 20.8.7 | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-39363 | high | — | vite | 6.4.1 | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-40542 | high | — | org.apache.httpcomponents.client5:httpclient5 | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-42033 | high | — | axios | 1.15.0 | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-42035 | high | — | axios | 1.15.0 | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-42043 | high | — | axios | 1.15.0 | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-42264 | high | — | axios | 1.15.0 | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-42577 | high | — | io.netty:netty-transport-native-epoll | 4.2.12 | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-4800 | high | — | lodash | 4.6.1 | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-5598 | high | — | org.bouncycastle:bcprov-jdk18on | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-6321 | high | — | fast-uri | 3.1.0 | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-6322 | high | — | fast-uri | 3.1.0 | xwiki-platform-18.4.0-rc-1 |
| GHSA-8j8c-7jfh-h6hx | high | — | js-yaml | 3.4.6 | xwiki-platform-18.4.0-rc-1 |
| CVE-2006-7223 | medium | — | org.xwiki.platform:xwiki-platform-oldcore | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2009-2625 | medium | — | xerces:xercesImpl | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2011-1498 | medium | — | org.apache.httpcomponents:httpclient | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2012-0213 | medium | — | org.apache.poi:poi | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2012-2098 | medium | — | org.apache.commons:commons-compress | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2012-5783 | medium | — | commons-httpclient:commons-httpclient | 3.1 | xwiki-platform-18.4.0-rc-1 |
| CVE-2013-4112 | medium | — | org.jgroups:jgroups | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2013-6397 | medium | — | org.apache.solr:solr-core | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2013-6407 | medium | — | org.apache.solr:solr-core | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2013-6408 | medium | — | org.apache.solr:solr-core | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2014-3529 | medium | — | org.apache.poi:poi | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2014-3574 | medium | — | org.apache.poi:poi | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2014-3577 | medium | — | org.apache.httpcomponents:httpclient | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2014-9527 | medium | — | org.apache.poi:poi | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2015-5262 | medium | — | org.apache.httpcomponents:httpclient | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2015-6748 | medium | — | org.jsoup:jsoup | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2015-8795 | medium | — | org.apache.solr:solr-core | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2015-8797 | medium | — | org.apache.solr:solr-core | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2017-5644 | medium | — | org.apache.poi:poi | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2018-1002200 | medium | — | org.codehaus.plexus:plexus-archiver | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2018-10237 | medium | — | com.google.guava:guava | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2018-11762 | medium | — | org.apache.tika:tika-core | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2018-11771 | medium | — | org.apache.commons:commons-compress | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2018-11797 | medium | — | org.apache.pdfbox:pdfbox | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2018-11802 | medium | — | org.apache.solr:solr-core | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2018-1324 | medium | — | org.apache.commons:commons-compress | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2018-1338 | medium | — | org.apache.tika:tika-core | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2018-3721 | medium | — | lodash | 3.10.1 | xwiki-platform-18.4.0-rc-1 |
| CVE-2018-8010 | medium | — | org.apache.solr:solr-core | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2018-8017 | medium | — | org.apache.tika:tika-core | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2018-8026 | medium | — | org.apache.solr:solr-core | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2018-8036 | medium | — | org.apache.pdfbox:pdfbox | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2019-10219 | medium | — | org.hibernate.validator:hibernate-validator | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2019-12384 | medium | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2019-12415 | medium | — | org.apache.poi:poi | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2019-12814 | medium | — | com.fasterxml.jackson.core:jackson-databind | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2019-14900 | medium | — | org.hibernate:hibernate-core | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-10693 | medium | — | org.hibernate.validator:hibernate-validator | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-13956 | medium | — | org.apache.httpcomponents:httpclient | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-13959 | medium | — | org.apache.velocity:velocity-tools | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-14338 | medium | — | xerces:xercesImpl | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-28500 | medium | — | lodash | 4.6.1 | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-7608 | medium | — | yargs-parser | 10.1.0 | xwiki-platform-18.4.0-rc-1 |
| CVE-2021-22145 | medium | — | org.elasticsearch.client:elasticsearch-rest-client | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2021-23382 | medium | — | postcss | 5.2.18 | xwiki-platform-18.4.0-rc-1 |
| CVE-2021-27807 | medium | — | org.apache.pdfbox:pdfbox | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2021-27906 | medium | — | org.apache.pdfbox:pdfbox | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2021-28168 | medium | — | org.glassfish.jersey.core:jersey-common | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2021-29425 | medium | — | commons-io:commons-io | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2021-31811 | medium | — | org.apache.pdfbox:pdfbox | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2021-31812 | medium | — | org.apache.pdfbox:pdfbox | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2021-37533 | medium | — | commons-net:commons-net | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2021-43841 | medium | — | org.xwiki.platform:xwiki-platform-oldcore | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2022-23437 | medium | — | xerces:xercesImpl | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2022-23615 | medium | — | org.xwiki.platform:xwiki-platform-oldcore | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2022-23617 | medium | — | org.xwiki.platform:xwiki-platform-oldcore | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2022-23618 | medium | — | org.xwiki.platform:xwiki-platform-oldcore | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2022-23621 | medium | — | org.xwiki.platform:xwiki-platform-oldcore | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2022-24898 | medium | — | org.xwiki.commons:xwiki-commons-xml | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2022-30126 | medium | — | org.apache.tika:tika-core | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2022-30973 | medium | — | org.apache.tika:tika-core | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2022-3171 | medium | — | com.google.protobuf:protobuf-java | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2022-36033 | medium | — | org.jsoup:jsoup | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2022-41929 | medium | — | org.xwiki.platform:xwiki-platform-oldcore | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2022-41935 | medium | — | org.xwiki.platform:xwiki-platform-livetable-ui | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2022-41936 | medium | — | org.xwiki.platform:xwiki-platform-rest-server | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-1932 | medium | — | org.hibernate.validator:hibernate-validator | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-26056 | medium | — | org.xwiki.platform:xwiki-platform-rendering-macro-context | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-26470 | medium | — | org.xwiki.platform:xwiki-platform-oldcore | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-29204 | medium | — | org.xwiki.platform:xwiki-platform-oldcore | 14.7-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-29520 | medium | — | org.xwiki.platform:xwiki-platform-localization-source-wiki | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-2976 | medium | — | com.google.guava:guava | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-32068 | medium | — | org.xwiki.platform:xwiki-platform-oldcore | 14.7-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-33201 | medium | — | org.bouncycastle:bcprov-jdk18on | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-33202 | medium | — | org.bouncycastle:bcpkix-jdk18on | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-33202 | medium | — | org.bouncycastle:bcprov-jdk18on | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-37911 | medium | — | org.xwiki.platform:xwiki-platform-oldcore | 14.7-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-38509 | medium | — | org.xwiki.platform:xwiki-platform-livetable-ui | 14.10-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-40167 | medium | — | org.eclipse.jetty:jetty-http | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-41046 | medium | — | org.xwiki.platform:xwiki-platform-oldcore | 14.7-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-42503 | medium | — | org.apache.commons:commons-compress | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-44270 | medium | — | postcss | 5.2.18 | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-44487 | medium | KEV | org.eclipse.jetty.http2:http2-common | — | xwiki-platform-18.4.0 |
| CVE-2023-50290 | medium | — | org.apache.solr:solr-core | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-50298 | medium | — | org.apache.solr:solr-solrj | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2024-25710 | medium | — | org.apache.commons:commons-compress | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2024-26308 | medium | — | org.apache.commons:commons-compress | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2024-29131 | medium | — | org.apache.commons:commons-configuration2 | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2024-29133 | medium | — | org.apache.commons:commons-configuration2 | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2024-29857 | medium | — | org.bouncycastle:bcprov-jdk18on | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2024-30171 | medium | — | org.bouncycastle:bcprov-jdk18on | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2024-30172 | medium | — | org.bouncycastle:bcprov-jdk18on | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2024-31464 | medium | — | org.xwiki.platform:xwiki-platform-oldcore | 14.7-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2024-31985 | medium | — | org.xwiki.platform:xwiki-platform-scheduler-ui | 15.5-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2024-34447 | medium | — | org.bouncycastle:bcprov-jdk18on | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2024-37898 | medium | — | org.xwiki.platform:xwiki-platform-oldcore | 14.7-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2024-4067 | medium | — | micromatch | 2.3.11 | xwiki-platform-18.4.0-rc-1 |
| CVE-2024-45591 | medium | — | org.xwiki.platform:xwiki-platform-rest-server | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2024-46979 | medium | — | org.xwiki.platform:xwiki-platform-notifications-ui | 15.1-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2024-52012 | medium | — | org.apache.solr:solr-core | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2024-55876 | medium | — | org.xwiki.platform:xwiki-platform-scheduler-ui | 15.5-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2024-6763 | medium | — | org.eclipse.jetty:jetty-http | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-13465 | medium | — | lodash | 4.6.1 | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-15104 | medium | — | vnu-jar | 23.4.11 | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-15284 | medium | — | qs | 6.13.0 | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-27789 | medium | — | @babel/helpers | 7.25.6 | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-32430 | medium | — | org.xwiki.platform:xwiki-platform-web-templates | 17.0.0-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-35036 | medium | — | org.hibernate.validator:hibernate-validator | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-46554 | medium | — | org.xwiki.platform:xwiki-platform-rest-server | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-48924 | medium | — | org.apache.commons:commons-lang3 | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-49583 | medium | — | org.xwiki.platform:xwiki-platform-notifications-notifiers-default | 15.5-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-57283 | medium | — | browserstack-local | 1.5.5 | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-64718 | medium | — | js-yaml | 3.4.6 | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-66472 | medium | — | org.xwiki.platform:xwiki-platform-flamingo-skin-resources | 16.5.0-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-66472 | medium | — | org.xwiki.platform:xwiki-platform-web-templates | 17.3.0-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-69873 | medium | — | ajv | 6.12.6 | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-7962 | medium | — | com.sun.mail:jakarta.mail | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-8885 | medium | — | org.bouncycastle:bcprov-jdk18on | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-8916 | medium | — | org.bouncycastle:bcpkix-jdk18on | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-0636 | medium | — | org.bouncycastle:bcprov-jdk18on | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-2327 | medium | — | markdown-it | 14.1.0 | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-24128 | medium | — | org.xwiki.platform:xwiki-platform-web-templates | 17.3.0-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-2950 | medium | — | lodash | 3.10.1 | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-33532 | medium | — | yaml | 2.8.0 | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-33672 | medium | — | picomatch | 2.3.1 | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-33750 | medium | — | brace-expansion | 1.1.11 | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-39365 | medium | — | vite | 6.4.1 | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-40104 | medium | — | org.xwiki.platform:xwiki-platform-oldcore | 14.7-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-40105 | medium | — | org.xwiki.platform:xwiki-platform-web-templates | 17.3.0-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-41305 | medium | — | postcss | 5.2.18 | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-42034 | medium | — | axios | 1.15.0 | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-42036 | medium | — | axios | 1.15.0 | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-42037 | medium | — | axios | 1.15.0 | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-42038 | medium | — | axios | 1.15.0 | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-42039 | medium | — | axios | 1.15.0 | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-42041 | medium | — | axios | 1.15.0 | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-42042 | medium | — | axios | 1.15.0 | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-42044 | medium | — | axios | 1.15.0 | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-5588 | medium | — | org.bouncycastle:bcpkix-jdk18on | — | xwiki-platform-18.4.0-rc-1 |
| GHSA-2pr6-76vf-7546 | medium | — | js-yaml | 3.4.6 | xwiki-platform-18.4.0-rc-1 |
| GHSA-r4q5-vmmm-2653 | medium | — | follow-redirects | 1.15.9 | xwiki-platform-18.4.0-rc-1 |
| CVE-2013-0248 | low | — | commons-fileupload:commons-fileupload | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-15171 | low | — | org.xwiki.platform:xwiki-platform-oldcore | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2020-8908 | low | — | com.google.guava:guava | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2021-21379 | low | — | org.xwiki.platform:xwiki-platform-rendering-wikimacro-store | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2022-2047 | low | — | org.eclipse.jetty:jetty-http | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2022-29253 | low | — | org.xwiki.platform:xwiki-platform-oldcore | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-41329 | low | — | org.wiremock:wiremock-standalone | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2023-50292 | low | — | org.apache.solr:solr-core | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2024-47764 | low | — | cookie | 0.4.2 | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-11143 | low | — | org.eclipse.jetty:jetty-http | — | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-32971 | low | — | org.xwiki.platform:xwiki-platform-search-solr-api | 16.5.0-SNAPSHOT | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-54798 | low | — | tmp | 0.2.3 | xwiki-platform-18.4.0-rc-1 |
| CVE-2025-5889 | low | — | brace-expansion | 1.1.11 | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-2391 | low | — | qs | 6.13.0 | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-24001 | low | — | diff | 3.5.0 | xwiki-platform-18.4.0-rc-1 |
| CVE-2026-42040 | low | — | axios | 1.15.0 | xwiki-platform-18.4.0-rc-1 |
Showing 462 of 462