What happens if team members leave or join after we’ve purchased licenses?

Licenses are purchased on annual terms, and there is no penalty if they are over-provisioned or unused. Additional licenses can be added after an agreement has started, and can be scaled back during each Support Agreement’s renewal period.

How are licenses tracked? Do you install a license server?

Our Support Agreements require customers to perform a 'good faith' internal audit to ensure compliance with licensing, but how this is done is up to you. We keep it simple, both for your sake AND compliance/security reasons: our products are offered free of any kind of license tracking, termination switches, or 'phone home' functionality of any kind.

Do you offer discounts for nonprofits, open source companies, or educational institutions?

Yes, contact sales to help us understand how we can support the causes that are important to you.

How hard is it to get this through our InfoSec and Legal procurement process?

Even at small organizations, procurement can be a lengthy & frustrating process for everyone involved. We’ve taken that into consideration at every step of our journey, and the end result is that we are a viable option for any organization. We’re confident that even the most rigorous business units will be able to onboard NES with ease.

What makes onboarding so easy?

- Our products are patched versions of what you’re already running, so they are familiar and behave identically (just more secure and compatible) - Our software contains no tracking, license enforcement mechanisms, nor 'phone home' functionality of any kind. We never receive information about your users, products, development practices, systems, environments, or any other sensitive information. - Our deliverables are neither On Premise nor Software As A Service and thus do not require a runtime environment. True to our love of Open Source, the source code is included for all products making security reviews a breeze. - Other than standard sales and procurement information (contact details, quotes, etc) our organization never receives nor retains sensitive information about your company. As such, we typically do not engage in NDAs or Data Sharing Agreements as there is simply no confidential information to protect.

Do I pay extra for development, staging, etc. environments?

No! You never pay an additional fee for any additional environment.

How does intellectual property for NES libraries work?

All NES libraries are offered for free with an active Support Agreement. This license is perpetual, meaning even after your Support Term ends you can continue using the latest version – no rollbacks required.

How does a license work?

When you buy a commercial license to one of our Never-Ending Support (NES) products, you choose the number of users that your team will need on that license. A user is any person committing code to the project repo. Users are unnamed and transferrable across team members.

Do you have multi-year license options?

Yes, we do offer multi-year terms if you need more than 12 months to migrate.

Get a Custom Quote
to Secure your End-of-Life Open Source

Angular NES

Core

Basic Edition

Foundations

Get security updates for the following versions of Angular beyond end-of-life:

v4 - v17

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible with all modern browsers

What is a “User”?

A user is any person committing Angular code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Essentials

Core

Get security updates for the following versions of Angular beyond end-of-life:

Custom Pricing

Billed annually. Multi-year options available.

v4 - v17

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

If your requirements go beyond what’s included in NES for Spring: Foundations, our Essentials Add-On offers the flexibility to customize your support package.
This allows you to select only the additional Spring packages you need, ensuring that your applications get the right level of security without paying for features you won’t use.

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Angular

dependencies:

RxJS
NgRX
Angular Material
Ngx-translate
Ngx-Bootstrap

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Angular code to the project repo. Users are unnamed and transferrable across team members.

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

Angular NES

Our latest version of

Angular NES

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Angular

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

Drupal 7 NES

Core

Basic Edition

Foundations

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Get Security Updates for Drupal 7 Core, Core Modules, and Core Themes as well as All Contributed Modules for Drupal 7 - with the guarantees of an Enterprise Grade SLA other high value features.

Our Drupal 7 NES Basic Edition covers all community-contributed (contrib) modules*

Installs within minutes
Compatible with all modern browsers
Email Support Only

‍

_{*Exclusions apply: Custom modules, modules that break due to third-party API changes, and closed-source or proprietary (closed-license) modules are not covered.}

‍

What is a “Site”?

A “site” means, (i) an individual dedicated website, and/or (ii) multiple websites co-located in a shared environment, and/or (iii) a deployment target, for which Subscription Services are deployed.

Essentials Add-On

Essentials

Core

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Get Security Updates for Drupal 7 Core, Core Modules, and Core Themes as well as All Contributed Modules for Drupal 7 - with the guarantees of an Enterprise Grade SLA other high value features.

Get security updates for common

Drupal 7

dependencies:

Our Drupal Essentials support coverage includes all contrib modules*.

*This excludes custom-modules, modules which break due to 3rd party APIs, closed-source / closed-license modules.

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “Site”?

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

Drupal 7 NES

Our latest version of

Drupal 7 NES

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Drupal 7

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

jQuery NES

Core

Basic Edition

Foundations

Get security updates for the following versions of jQuery beyond end-of-life:

1.3.x, 1.5.x, 1.6.x, 1.7.x, 1.12.x, 2.2.x, 3.5.x

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible with all modern browsers

What is a “User”?

A user is any person committing jQuery code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Essentials

Core

Compatible with Core Versions of jQuery

Custom Pricing

Billed annually. Multi-year options available.

1.3.x, 1.5.x, 1.6.x, 1.7.x, 1.12.x, 2.2.x, 3.5.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

jQuery

dependencies:

jQueryUI
jQuery-validation
jQuery Mobile

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing jQuery code to the project repo. Users are unnamed and transferrable across team members.

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

jQuery NES

Our latest version of

jQuery NES

include fixes for the vulnerabilities below. Our secure drop-in replacement for

jQuery

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

AngularJS NES

Core

Basic Edition

Foundations

Get security updates for the following versions of AngularJS beyond end-of-life:

1.5.x, 1.8.x

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible with all modern browsers

What is a “User”?

A user is any person committing AngularJS code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Essentials

Core

Get security updates for the following versions of AngularJS beyond end-of-life:

Custom Pricing

Billed annually. Multi-year options available.

1.5.x, 1.8.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

AngularJS

dependencies:

angular-filter
angular-local-storage
angular-material
angular-moment
angular-moment-picker
protractor
angular-translate
angular-translate-loader-static-files
ui-select
angular-ui-bootstrap
angular-ui-sortable
angular-ui-router
uirouter-core

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing AngularJS code to the project repo. Users are unnamed and transferrable across team members.

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

AngularJS NES

Our latest version of

AngularJS NES

include fixes for the vulnerabilities below. Our secure drop-in replacement for

AngularJS

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

Vue 2 NES

Core

Basic Edition

Foundations

Get security updates for the following versions of Vue 2 beyond end-of-life:

2.x

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible with all modern browsers

What is a “User”?

A user is any person committing Vue 2 code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Essentials

Core

Get security updates for the following versions of Vue 2 beyond end-of-life:

Custom Pricing

Billed annually. Multi-year options available.

2.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

dependencies:

Nuxt v2
Vue Router
Vuex
Vuetify 2
BootstrapVue 2

‍

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Vue 2 code to the project repo. Users are unnamed and transferrable across team members.

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

Vue 2 NES

Our latest version of

Vue 2 NES

include fixes for the vulnerabilities below. Our secure drop-in replacement for

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

Bootstrap NES

Core

Basic Edition

Foundations

Get security updates for the following versions of Bootstrap beyond end-of-life:

2.x, 3.x, 4.x

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible with all modern browsers

What is a “User”?

A user is any person committing Bootstrap code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Essentials

Core

Custom Pricing

Billed annually. Multi-year options available.

2.x, 3.x, 4.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Bootstrap

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Bootstrap code to the project repo. Users are unnamed and transferrable across team members.

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

Bootstrap NES

Our latest version of

Bootstrap NES

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Bootstrap

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

Nuxt NES

Core

Basic Edition

Foundations

Get security updates for the following versions of Nuxt beyond end-of-life:

2.x

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible with all modern browsers

What is a “User”?

A user is any person committing Nuxt code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Essentials

Core

Custom Pricing

Billed annually. Multi-year options available.

2.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Nuxt

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Nuxt code to the project repo. Users are unnamed and transferrable across team members.

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

Nuxt NES

Our latest version of

Nuxt NES

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Nuxt

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

NES for Spring

Core

Basic Edition

Foundations

5.3.x

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Our core subscription aimed at users needing basic, essential security coverage for Spring’s main framework and projects. Ideal for all enterprises needing reliable, core-level protection.

Get security updates on key packages, including but not limited to:

What is a “User”?

A user is any person committing Spring code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Essentials

Core

Custom Pricing

Billed annually. Multi-year options available.

5.3.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Our core subscription aimed at users needing basic, essential security coverage for Spring’s main framework and projects. Ideal for all enterprises needing reliable, core-level protection.

Get security updates for common

Spring

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Spring code to the project repo. Users are unnamed and transferrable across team members.

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

NES for Spring

Our latest version of

NES for Spring

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Spring

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

Protractor NES

Core

Basic Edition

Foundations

Get security updates for the following versions of Protractor beyond end-of-life:

7.0.0

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible with all modern browsers

What is a “User”?

A user is any person committing Protractor code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Essentials

Core

Custom Pricing

Billed annually. Multi-year options available.

7.0.0

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Protractor

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Protractor code to the project repo. Users are unnamed and transferrable across team members.

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

Protractor NES

Our latest version of

Protractor NES

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Protractor

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

ESLint NES

Core

Basic Edition

Foundations

Get security updates for the following versions of ESLint beyond end-of-life:

8.57.0

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible across all essential platforms and technologies

What is a “User”?

A user is any person committing ESLint code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Essentials

Core

Custom Pricing

Billed annually. Multi-year options available.

8.57.0

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

ESLint

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing ESLint code to the project repo. Users are unnamed and transferrable across team members.

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

ESLint NES

Our latest version of

ESLint NES

include fixes for the vulnerabilities below. Our secure drop-in replacement for

ESLint

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

Express NES

Core

Basic Edition

Foundations

Get security updates for the following versions of Express beyond end-of-life:

3.x

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible with all modern browsers

What is a “User”?

A user is any person committing Express code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Essentials

Core

Custom Pricing

Billed annually. Multi-year options available.

3.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Express

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Express code to the project repo. Users are unnamed and transferrable across team members.

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

Express NES

Our latest version of

Express NES

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Express

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

Node.js NES

Core

Basic Edition

Foundations

Get security updates for the following versions of Node.js beyond end-of-life:

12, 14, 16, 18

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible across essential platforms and technologies

What is a “User”?

A user is any person committing Node.js code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Essentials

Core

Custom Pricing

Billed annually. Multi-year options available.

12, 14, 16, 18

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Node.js

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Node.js code to the project repo. Users are unnamed and transferrable across team members.

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

Node.js NES

Our latest version of

Node.js NES

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Node.js

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

Rails NES

Core

Basic Edition

Foundations

Get security updates for the following versions Rails beyond end-of-life:

2.3, 3.2, 4.2, 5.2, and 6.1

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible with all modern browsers

What is a “User”?

A user is any person committing Rails code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Essentials

Core

Custom Pricing

Billed annually. Multi-year options available.

2.3, 3.2, 4.2, 5.2, and 6.1

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Rails

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Rails code to the project repo. Users are unnamed and transferrable across team members.

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

Rails NES

Our latest version of

Rails NES

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Rails

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

NES for .NET

Core

Basic Edition

Foundations

Get security updates for the following versions of .NET beyond end-of-life:

6, 8

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Includes 200 Endpoints
4 Developer Seats
Continuous vulnerability scanning
24/7 Support

What is a “User”?

A user is any person committing .NET code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Essentials

Core

Get security updates for essential frameworks of .NET beyond end-of-life

Custom Pricing

Billed annually. Multi-year options available.

6, 8

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

.NET

dependencies:

Get Never-Ending Support for:

Entity Framework
WPF
WinForms

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing .NET code to the project repo. Users are unnamed and transferrable across team members.

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

NES for .NET

Our latest version of

NES for .NET

include fixes for the vulnerabilities below. Our secure drop-in replacement for

.NET

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

PHP

Core

Basic Edition

Foundations

Get security updates for the following versions of PHP beyond end-of-life:

7.2, 7.3, 7.4, 8.0

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible with all modern browsers

What is a “User”?

A user is any person committing PHP code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Essentials

Core

Custom Pricing

Billed annually. Multi-year options available.

7.2, 7.3, 7.4, 8.0

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

PHP

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing PHP code to the project repo. Users are unnamed and transferrable across team members.

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

PHP

Our latest version of

PHP

include fixes for the vulnerabilities below. Our secure drop-in replacement for

PHP

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

Grunt NES

Core

Basic Edition

Foundations

Get security updates for the following versions of Grunt beyond end-of-life:

v0.4 - 1.5

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible across all essential platforms and technologies

What is a “User”?

A user is any person committing Grunt code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Essentials

Core

Custom Pricing

Billed annually. Multi-year options available.

v0.4 - 1.5

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Grunt

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Grunt code to the project repo. Users are unnamed and transferrable across team members.

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

Grunt NES

Our latest version of

Grunt NES

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Grunt

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

Fastify NES

Core

Basic Edition

Foundations

Get security updates for the following versions of Fastify beyond end-of-life:

3.x

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible across all essential platforms and technologies

What is a “User”?

A user is any person committing Fastify code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Essentials

Core

Custom Pricing

Billed annually. Multi-year options available.

3.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Fastify

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Fastify code to the project repo. Users are unnamed and transferrable across team members.

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

Fastify NES

Our latest version of

Fastify NES

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Fastify

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

NES for Apache Struts

Core

Basic Edition

Foundations

Get security updates for the following versions of Struts beyond end-of-life:

All versions

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible across all essential platforms and technologies

What is a “User”?

A user is any person committing Struts code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Essentials

Core

Custom Pricing

Billed annually. Multi-year options available.

All versions

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Struts

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Struts code to the project repo. Users are unnamed and transferrable across team members.

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

NES for Apache Struts

Our latest version of

NES for Apache Struts

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Struts

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

Apache Solr & Lucene NES

Core

Basic Edition

Foundations

Get security updates for the following versions of Apache Solr &Lucene beyond end-of-life:

8.11.x

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible across all essential platforms and technologies

What is a “User”?

A user is any person committing Apache Solr & Lucene code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Essentials

Core

Custom Pricing

Billed annually. Multi-year options available.

8.11.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Apache Solr & Lucene

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Apache Solr & Lucene code to the project repo. Users are unnamed and transferrable across team members.

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

Apache Solr & Lucene NES

Our latest version of

Apache Solr & Lucene NES

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Apache Solr & Lucene

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

Apache Tapestry NES

Core

Basic Edition

Foundations

Get security updates for the following versions of Apache Tapestry beyond end-of-life:

4.1.x

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible across all essential platforms and technologies

What is a “User”?

A user is any person committing Apache Tapestry code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Essentials

Core

Custom Pricing

Billed annually. Multi-year options available.

4.1.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Apache Tapestry

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Apache Tapestry code to the project repo. Users are unnamed and transferrable across team members.

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

Apache Tapestry NES

Our latest version of

Apache Tapestry NES

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Apache Tapestry

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

Apache Cocoon NES

Core

Basic Edition

Foundations

Get security updates for the following versions of Apache Cocoon beyond end-of-life:

2.3.x

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible across all essential platforms and technologies

What is a “User”?

A user is any person committing Apache Cocoon code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Essentials

Core

Custom Pricing

Billed annually. Multi-year options available.

2.3.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Apache Cocoon

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Apache Cocoon code to the project repo. Users are unnamed and transferrable across team members.

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

Apache Cocoon NES

Our latest version of

Apache Cocoon NES

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Apache Cocoon

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

Apache Camel NES

Core

Basic Edition

Foundations

Get security updates for the following versions of Apache Camel beyond end-of-life:

2.25.x, 3.22.x

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible across all essential platforms and technologies

What is a “User”?

A user is any person committing Apache Camel code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Essentials

Core

Custom Pricing

Billed annually. Multi-year options available.

2.25.x, 3.22.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Apache Camel

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Apache Camel code to the project repo. Users are unnamed and transferrable across team members.

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

Apache Camel NES

Our latest version of

Apache Camel NES

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Apache Camel

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

Apache Spark NES

Core

Basic Edition

Foundations

Get security updates for the following versions of Apache Spark beyond end-of-life:

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible across all essential platforms and technologies

What is a “User”?

A user is any person committing Apache Spark code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Essentials

Core

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Apache Spark

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Apache Spark code to the project repo. Users are unnamed and transferrable across team members.

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

Apache Spark NES

Our latest version of

Apache Spark NES

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Apache Spark

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

Next.js NES

Core

Basic Edition

Foundations

Get security updates for the following versions of Next.js beyond end-of-life:

12.3.5

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible across all essential platforms and technologies

What is a “User”?

A user is any person committing Next.js code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Essentials

Core

Custom Pricing

Billed annually. Multi-year options available.

12.3.5

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Next.js

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Next.js code to the project repo. Users are unnamed and transferrable across team members.

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

Next.js NES

Our latest version of

Next.js NES

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Next.js

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

Apache Tomcat NES

Core

Basic Edition

Foundations

Get security updates for the following versions of Apache Tomcat beyond end-of-life:

8.5

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible across all essential platforms and technologies

What is a “User”?

A user is any person committing Apache Tomcat code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Essentials

Core

Custom Pricing

Billed annually. Multi-year options available.

8.5

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Apache Tomcat

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Apache Tomcat code to the project repo. Users are unnamed and transferrable across team members.

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

Apache Tomcat NES

Our latest version of

Apache Tomcat NES

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Apache Tomcat

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

Quote Summary

Selected (0)

Number of Users

+ Add Technology

Get Custom Quote

No results found

Please clear filter tag to use the search option

Clear tags

Added to Quote

Medium

SA-CORE-2025-002

>= 7.x-3.0

May 16, 2025

Medium

CVE-2025-31689

>7.0.0 <=7.1.x-alpha12

May 16, 2025

Medium

CVE-2025-31687

>=7.0.0 <7.2.1

May 16, 2025

Low

CVE-2025-22233

>=4.3.0 <=4.3.30, >=5.3.0 <=5.3.42, >=6.0.0 <=6.0.27, >=6.1.0 <6.1.20, >=6.2.0 <6.2.7

May 15, 2025

Medium

CVE-2025-1647

Cross-Site Scripting

>=3.4.1 <4.0.0

May 15, 2025

High

CVE-2023-49735

Path Traversal

<1.3.10, >=2.0.0

May 12, 2025

Medium

CVE-2023-34396

Denial of Service

<1.3.10, >=2.0.5 <2.5.31, >=6.0.0 <6.1.2.1

May 12, 2025

Low

CVE-2008-2025

Cross-Site Scripting

<1.2.9

May 12, 2025

Low

CVE-2006-1548

Cross-Site Scripting

<1.2.9

May 12, 2025

High

CVE-2006-1547

Denial of Service

<1.2.9

May 12, 2025

High

CVE-2006-1546

Authorization Bypass

<1.2.9

May 12, 2025

High

CVE-2024-22257

>=5.7.0 <5.7.12, >=5.8.0 <5.8.11, >=6.0.0 <6.0.10, >=6.1.0 <6.1.8, >=6.2.0 <6.2.3

May 8, 2025

Medium

CVE-2025-0716

Content Spoofing

>=0.0.0

Apr 29, 2025

Medium

CVE-2025-22235

<2.7.0, >=2.7.0 <2.7.25, >=3.1.0 <3.1.16, >=3.2.0 <3.2.14, >=3.3.0 <3.3.11, >=3.4.0 <3.4.5

Apr 25, 2025

Medium

CVE-2025-22234

Information Exposure

=5.7.16, =5.8.18, =6.0.16, =6.1.14, =6.2.10, =6.3.8, =6.4.4

Apr 22, 2025

Low

CVE-2025-24859

>1.0.0 <=6.1.4

Apr 14, 2025

Medium

CVE-2025-22232

Authorization Bypass

>=2.2.0 <=2.2.8, >=3.0.0 <=3.0.7, >=3.1.0 <3.1.10, >=4.0.0 <=4.0.5, >=4.1.0 <4.1.6, >=4.2.0 <4.2.1

Apr 10, 2025

Medium

CVE-2022-31777

Cross-Site Scripting

3.3.0 <=3.2.1

Apr 9, 2025

Critical

CVE-2023-22946

<3.4.0 >=3.3.0 <=3.3.1 >=3.2.0 <=3.2.3 >=3.1.0 <=3.1.3 >=3.0.0 <=3.0.3 >=2.4.8

Apr 9, 2025

High

CVE-2023-32007

Command Injection

>=3.2.0 <=3.2.1 >=3.1.1 <=3.1.3 <=3.0.3

Apr 9, 2025

High

CVE-2023-46298

Denial of Service

>=13.0.0 <13.4.20-canary.13

Apr 9, 2025

High

CVE-2025-24070

Weak Authentication

ASP.NET Core: >= 6.0.0 <= 6.0.36 >= 8.0.0 <= 8.0.13 >= 9.0.0 <= 9.0.2 Microsoft.AspNetCore.Identity: <= 2.3.0

Apr 4, 2025

High

CVE-2025-21176

Buffer Over-read

>= 6.0.0 <= 6.0.36 >= 8.0.0 <= 8.0.11 <= 9.0.0

Apr 4, 2025

High

CVE-2025-21173

Creation of Temporary File in Directory with Insecure Permissions

>= 6.0.0 <= 6.0.36 >= 8.0.0 <= 8.0.11 <= 9.0.0

Apr 4, 2025

High

CVE-2025-21172

Heap-based Buffer Overflow

>= 6.0.0 <= 6.0.36 >= 8.0.0 <= 8.0.11 <= 9.0.0

Apr 4, 2025

High

CVE-2024-38229

Use After Free

>= 6.0.0 <= 6.0.36 >= 8.0.0 <= 8.0.8 >= 9.0.0-preview.1.24081.5 <= 9.0.0.RC.1

Apr 4, 2025

Critical

CVE-2024-35264

Use After Free

>= 6.0.0 <= 6.0.36 >= 8.0.0 <= 8.0.6

Apr 4, 2025

Critical

CVE-2025-29927

Authorization Bypass

>=11.1.4 <12.3.5, >=13.0.0 <13.5.9, >=14.0.0 <14.2.25, >=15.0.0 <15.2.3

Mar 23, 2025

Medium

CVE-2025-24814

Remote Code Execution

<9.8.0

Mar 21, 2025

Medium

CVE-2024-52012

Path Traversal

<=9.0.0 <9.8.0

Mar 21, 2025

Medium

CVE-2024-45772

Remote Code Execution

>=4.4.0 <9.12.0

Mar 21, 2025

High

CVE-2025-22228

Authorization Bypass

<=5.6.12, >=5.7.0 <5.7.16, >=5.8.0 <5.8.18, >=6.0.0 <=6.0.16, >=6.1.0 <6.1.14, >=6.2.0 <6.2.10, >=6.3.0 <6.3.8, >=6.4.0 <6.4.4

Mar 20, 2025

Medium

CVE-2023-34040

Remote Code Execution

<2.9.11, >=3.0.0 <3.0.10

Mar 3, 2025

Medium

CVE-2019-8331

Cross-Site Scripting

>=2.0.0 <=2.3.2, >=3.0.0-rc1 <3.4.1

Feb 28, 2025

Medium

CVE-2016-10735

Cross-Site Scripting

>=2.0.0 <=2.3.2, >=3.0.0-rc1 <3.4.0, >=4.0.0-alpha <4.0.0-beta.2

Feb 28, 2025

Medium

CVE-2018-14042

Cross-Site Scripting

>=2.3.0 <=2.3.2, >=3.0.0-rc1 <3.4.0, >=4.0.0-alpha <4.1.2

Feb 28, 2025

Medium

CVE-2018-14040

Cross-Site Scripting

>=2.3.0 <=2.3.2, >=3.0.0-rc1 <3.4.0, >=4.0.0-alpha <4.1.2

Feb 28, 2025

Medium

CVE-2025-25184

Improper Output Neutralization for Logs

<2.2.11, <3.0.12, <3.1.10

Feb 14, 2025

Medium

CVE-2025-23085

Denial of Service

4.0 < 18.20.6, 20 < 20.18.2

Feb 7, 2025

Medium

CVE-2025-23084

Path Traversal

4.0 < 18.20.6, 20 < 20.18.2

Jan 28, 2025

High

CVE-2024-29415

Server-Side Request Forgery

<=2.0.1

Jan 27, 2025

High

CVE-2024-21536

Denial of Service

<2.0.7, >=3.0.0 <3.0.3

Jan 27, 2025

High

CVE-2024-29180

Path Traversal

<5.3.4, >=6.0.0 <6.1.2, >=7.0.0 <7.1.0

Jan 27, 2025

High

CVE-2025-23083

Authorization Bypass

4.0 < 20.18.2, 22 < 22.13.1

Jan 22, 2025

High

CVE-2025-23089

Use of Unmaintained Third Party

<= 21.7.3

Jan 21, 2025

High

CVE-2025-23088

Use of Unmaintained Third Party

<= 19.9.0

Jan 21, 2025

High

CVE-2025-23087

Use of Unmaintained Third Party

<= 17.9.1

Jan 21, 2025

High

CVE-2024-27980

Command Injection

4.0 <= 18.20.2, 20 < 20.12.2

Jan 9, 2025

High

CVE-2024-51479

Authorization Bypass

<=14.2.14

Dec 17, 2024

Critical

CVE-2024-53677

Remote Code Execution

>=2.0.0 <=2.3.37, >=2.5.0 <=2.5.33, >=6.0.0 <=6.3.0.2

Dec 17, 2024

Low

CVE-2024-38829

Authorization Bypass

<=2.4.3, >=3.0.0 <=3.0.9, >=3.1.0 <=3.1.7, >=3.2.0 <3.2.7

Nov 20, 2024

Medium

CVE-2024-38827

Authorization Bypass

<=5.7.13, >=5.8.0 <=5.8.15, >=6.0.0 <=6.0.13, >=6.1.0 <=6.1.11, >=6.2.0 <=6.2.7, >=6.3.0 <=6.3.4

Nov 19, 2024

Medium

CVE-2024-38828

Denial of Service

<5.3.42

Nov 15, 2024

High

CVE-2024-38819

Path Traversal

<5.3.41, >=6.0.0 <6.0.25, >=6.1.0 <6.1.14

Oct 30, 2024

Medium

CVE-2024-10491

Resource Injection

>=3.0.0-alpha1 <=3.21.2

Oct 29, 2024

Critical

CVE-2024-38821

Authorization Bypass

>=5.7.0 <5.7.13, >=5.8.0 <5.8.15, >=6.0.0 <6.0.13, >=6.1.0 <6.1.11, >=6.2.0 <6.2.7, >=6.3.0 <6.3.4

Oct 25, 2024

Low

CVE-2024-38820

Authorization Bypass

<5.3.41, >=6.0.0 <6.0.25, >=6.1.0 <6.1.14

Oct 23, 2024

Medium

HD-2024-1410

Resource Injection

>=3.0.0-alpha1 <=3.21.2, >=4.0.0-rc1 <4.21.1, >=5.0.0-alpha.1 <5.0.1

Oct 17, 2024

High

HD-2024-1407

HTTP Request Smuggling

>=16.0.0 <16.20.1, >=18.0.0 <18.16.1, >=20.0.0 <20.3.1

Oct 16, 2024

Low

HD-2024-1408

Information Exposure

>=16.0.0 <=16.20.2

Oct 15, 2024

Medium

HD-2024-1409

Denial of Service

>=14.0.0 <=14.21.3, >=16.0.0 <=16.20.2

Oct 15, 2024

High

CVE-2024-47831

Denial of Service

<=14.2.6

Oct 14, 2024

Low

CVE-2024-9506

ReDoS Vulnerability

>=2.0.0 <3.0.0

Oct 14, 2024

High

HD-2024-2201

Command Injection

Vue 2.6, Vue 2.7, and Nuxt 2

Oct 8, 2024

Medium

CVE-2024-9266

URL Redirect/Open Redirect

>=3.4.5 <4.0.0

Oct 3, 2024

Critical

CVE-2024-4577

Content Spoofing

>=8.1.0 <8.1.29, >=8.2.0 <8.2.20, >=8.3.0 <8.3.8

Sep 30, 2024

High

CVE-2024-38816

Path Traversal

>=5.3.0 <=5.3.39, >=6.0.0 <=6.0.23, >=6.1.0 <=6.1.12

Sep 12, 2024

Medium

CVE-2024-43796

Cross-Site Scripting

>=3.0.0-alpha1, <=3.21.2, >=4.0.0-rc1, <4.20.0, >=5.0.0-alpha.1 <5.0.0

Sep 10, 2024

Medium

CVE-2024-8372

Content Spoofing

>=1.3.0-rc.4

Sep 9, 2024

Medium

CVE-2024-8373

Content Spoofing

>=0.0.0

Sep 9, 2024

Medium

CVE-2023-46809

Cryptographic Weakness

4.0 < 18.19.1, 20 < 20.11.1

Sep 7, 2024

High

CVE-2024-36138

Command Injection

4.0 < 18.20.4, 20.0 < 20.15.1, 22.0< 22.4.1

Sep 7, 2024

Low

CVE-2023-39333

Resource Injection

4.0 <= 18.18.1, 20.0 <= 20.8.1

Sep 7, 2024

Medium

CVE-2024-38809

Denial of Service

>=4.3.0 <=4.3.30, >=5.3.0 <5.3.38, >=6.0.0 <6.0.23, >=6.1.0 <6.1.12

Aug 27, 2024

Medium

CVE-2024-38807

Signature Forgery

>=2.7.0 <=2.7.21, >=3.0.0 <=3.0.16, >=3.1.0 <=3.1.12, >=3.2.0 <=3.2.8, >=3.3.0 <=3.3.2

Aug 23, 2024

Medium

CVE-2024-38808

Denial of Service

<5.3.39

Aug 20, 2024

Medium

CVE-2024-6783

Cross-Site Scripting

>=2.0.0 <3.0.0

Jul 23, 2024

Medium

CVE-2024-6485

Cross-Site Scripting

>=1.4.0 <=3.4.1

Jul 11, 2024

Medium

CVE-2024-6484

Cross-Site Scripting

>=3.2.0 <=3.4.1

Jul 11, 2024

Medium

CVE-2024-6531

Cross-Site Scripting

>=4.0.0 <=4.6.2

Jul 11, 2024

Medium

CVE-2024-22020

Remote Code Execution

4.0 < 18.20.4, 20 < 20.15.1, 22 < 22.4.1

Jul 9, 2024

High

CVE-2014-3482

Denial of Service

<=3.2.18 Only for instances using PostgreSQL

Jul 7, 2024

Medium

CVE-2024-27982

HTTP Request Smuggling

4.0 < 18.20.1, 20 < 20.12.1

May 7, 2024

Medium

CVE-2024-27982

HTTP Request Smuggling

<21.7.2, <20.12.1, <v18.20.1, <= 16.20.2, <=v14.21.3, <= v12.22.12

May 1, 2024

Medium

CVE-2024-33665

Cross-Site Scripting

>=2.19.1

Apr 25, 2024

High

CVE-2024-22262

URL Redirect/Open Redirect

>=4.3.0, >=5.3.0 <5.3.34, >=6.0.0 <6.0.19, >=6.1.0 <6.1.6

Apr 16, 2024

High

CVE-2024-27983

Uncontrolled Resource Consumption

4 <= 18.20.0, 20 <= 20.12.0

Apr 9, 2024

High

CVE-2024-22017

4.0 < 20.11.1

Mar 19, 2024

High

CVE-2024-22259

URL Redirect/Open Redirect

<=4.3.31, >=5.3.0 <5.3.33, >=6.0.0 <6.0.17, >=6.1.0 <6.1.5

Mar 16, 2024

High

CVE-2024-26142

Denial of Service

7.1.0.0 to 7.1.3.0

Feb 27, 2024

High

CVE-2024-22243

URL Redirect/Open Redirect

>=4.3.0 <=4.3.30, >=5.3.0 <5.3.32, >=6.0.0 <6.0.17, >=6.1.0 <6.1.4

Feb 23, 2024

High

CVE-2024-21892

4.0 < 18.19.1, 20 < 20.11.1

Feb 20, 2024

High

CVE-2024-22234

Authorization Bypass

<6.1.7, >=6.2.0 <6.2.2

Feb 19, 2024

Medium

CVE-2024-22025

Denial of Service

<21.6.2, <20.11.1, <v18.19.1, <= 16.20.2

Feb 14, 2024

High

CVE-2024-22019

Denial of Service

<21.6.2, <20.11.1, <v18.19.1, <= 16.20.2, <=v14.21.3, <= v12.22.12

Feb 14, 2024

High

CVE-2024-21490

ReDoS Vulnerability

>=1.3.0

Feb 10, 2024

High

CVE-2014-0114

Remote Code Execution

<=1.9.2

Feb 1, 2024

High

CVE-2016-1182

Cross-Site Scripting

>=1.0.0 <=1.3.10

Feb 1, 2024

High

CVE-2016-1181

Authorization Bypass

>=1.0.0 <=1.3.10

Feb 1, 2024

High

CVE-2015-0899

Authorization Bypass

>=1.1.0 <=1.3.10

Feb 1, 2024

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

Trusted by 600+ companies

Frequently Asked Questions

Get answers to some of our most commonly asked questions.
Of course, if you can't find the answer you're looking for, feel free to contact us.

By clicking "Accept", you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Preferences Reject Accept

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

Get a Custom Quote to Secure your End-of-Life Open Source

How can we reach out to you to send your custom quote?

Frequently Asked Questions

Get a Custom Quote
to Secure your End-of-Life Open Source