cn.hippo4j:hippo4j-core

Maven2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting cn.hippo4j:hippo4j-corepage 1 of 1

CVE-2023-27095MEDIUMCVSS 6.5EG 6.5
2023-03-16
vulnerable: 1.1.0 ... 1.4.3 (29 versions)
Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module.
CVE-2025-51606HIGHCVSS 8.8EG 8.8
2025-08-21
vulnerable: 1.1.0 ... 1.5.0 (32 versions)
hippo4j 1.0.0 to 1.5.0, uses a hard-coded secret key in its JWT (JSON Web Token) creation. This allows attackers with access to the source code or compiled binary to forge valid access tokens and impersonate any user, including privileged …

Check whether cn.hippo4j:hippo4j-core is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for cn.hippo4j:hippo4j-core CVEs against the assets you own.

Start Free Scan →