Vulnerability Directory

If you’re currently using these frameworks in your application’s tech stack, your application could be vulnerable.

Secure drop-in replacements for open source software from HeroDevs helps you stay secure, compliant, and compatible while you migrate.

Switch to Never-Ending Support (NES) from HeroDevs to immediately mitigate these vulnerabilities.

Talk to Our Experts
Get Pricing
Codey gradient
Filter by Severity
Filter by Technology
Filter by Category
Filtering by:
Severity
=
Text for Severity
Close icon
Clear Filters
Severity
ID
Technology
Libraries Affected
Category
Version(s) Affected
Published Date
Critical
Open in new tab icon
CVE-2019-17571
Apache Log4j
Apache Log4j
Code Injection
>= 1.2, <= 1.2.17
Jan 7, 2026
High
Open in new tab icon
CVE-2022-45868
H2
H2 Database
Information Exposure
>= 1.4.198, < 2.2.220
Jan 5, 2026
Low
Open in new tab icon
CVE-2020-8908
Google Guava
Google Guava
Incorrectly Configured Access Control
<32.0.0
Jan 5, 2026
Medium
Open in new tab icon
CVE-2023-2976
Google Guava
Google Guava
Incorrectly Configured Access Control
<32.0.0
Jan 5, 2026
Medium
Open in new tab icon
CVE-2024-40094
GraphQL Java
GraphQL Java
Improper Input Validation (4.16)
<19.11, >=20.0 <20.9, >=21.0 <21.5
Jan 5, 2026
High
Open in new tab icon
CVE-2022-23302
Apache Log4j
Apache Log4j
Code Injection
>= 1.0.1, <= 1.2.17
Jan 5, 2026
Critical
Open in new tab icon
CVE-2020-9493
Apache Log4j
Apache Log4j
Code Injection
>= 1.2, <= 1.2.17
Jan 5, 2026
High
Open in new tab icon
CVE-2022-23305
Apache Log4j
Apache Log4j
SQL Injection
>= 1.2, <= 1.2.17
Jan 5, 2026
Low
Open in new tab icon
CVE-2020-9488
Apache Log4j
Apache Log4j
Improper Certificate Validation
>= 1.0, <= 1.2.17
Jan 5, 2026
High
Open in new tab icon
CVE-2021-4104
Apache Log4j
Apache Log4j
Code Injection
>= 1.2, <= 1.2.17
Jan 5, 2026
High
Open in new tab icon
CVE-2022-23307
Apache Log4j
Apache Log4j
Code Injection
>= 1.2, <= 1.2.17
Jan 5, 2026
High
Open in new tab icon
CVE-2022-1471
SnakeYAML
SnakeYAML
Remote Code Execution
>=1.0, <=1.33
Dec 18, 2025
High
Open in new tab icon
CVE-2023-25194
Spring
Apache Kafka
Remote Code Execution
>=2.3.0 <=3.3.2
Dec 16, 2025
Medium
Open in new tab icon
CVE-2024-31141
Spring
Apache Kafka
Inconsistent Interpretation of HTTP Requests
>=2.3.0 <=3.5.2 >=3.6.0 <=3.6.2 =3.7.0
Dec 16, 2025
High
Open in new tab icon
CVE-2025-27817
Spring
Apache Kafka
Server-Side Request Forgery
>=3.1.0 <3.9.1
Dec 16, 2025
Exclamation icon
No results found

Please enter a valid Vulnerability ID number or Technology name.

Sign up for the latest vulnerability alerts
Rss feed icon
Subscribe via RSS
or
Thanks for signing up for our Newsletter! We look forward to connecting with you.
Oops! Something went wrong while submitting the form.