net.sourceforge.pmd:pmd-core

Maven2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting net.sourceforge.pmd:pmd-corepage 1 of 1

CVE-2019-7722HIGHCVSS 8.1EG 8.1✓ Fixed in 6.0.0
2019-02-11
vulnerable: 5.2.0 ... 5.8.1 (33 versions)
PMD 5.8.1 and earlier processes XML external entities in ruleset files it parses as part of the analysis process, allowing attackers tampering it (either by direct modification or MITM attacks when using remote rulesets) to perform informa…
CVE-2025-23215CRITICALCVSS 9.3EG 0.0✓ Fixed in 7.10.0
2025-01-31
vulnerable: 6.21.0 ... 7.9.0 (49 versions)
PMD is an extensible multilanguage static code analyzer. The passphrase for the PMD and PMD Designer release signing keys are included in jar published to Maven Central. The private key itself is not known to have been compromised itself, …

Check whether net.sourceforge.pmd:pmd-core is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for net.sourceforge.pmd:pmd-core CVEs against the assets you own.

Start Free Scan →