org.apache.jackrabbit:jackrabbit-core

Maven3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.apache.jackrabbit:jackrabbit-corepage 1 of 1

CVE-2015-1833NONECVSS 0.0EG 0.0✓ Fixed in 2.10.1
2015-05-29
vulnerable: 2.10.0
XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send r…
CVE-2025-53689HIGHCVSS 8.8EG 8.8✓ Fixed in 2.23.2-beta
2025-07-14
vulnerable: 2.23.0-beta, 2.23.1-beta
Blind XXE Vulnerabilities in jackrabbit-spi-commons and jackrabbit-core in Apache Jackrabbit < 2.23.2 due to usage of an unsecured document build to load privileges. Users are recommended to upgrade to versions 2.20.17 (Java 8), 2.22.1 (J…
CVE-2025-58782MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2.22.2
2025-09-08
vulnerable: 1.0 ... 2.9.1 (246 versions)
Deserialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. …

Check whether org.apache.jackrabbit:jackrabbit-core is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.apache.jackrabbit:jackrabbit-core CVEs against the assets you own.

Start Free Scan →