Skip to main content
  • 317055 Platform: [Webapp][Security] URLEncode url requests from local users
  • 319344 Platform: [Webapp][Security] Phishing on help application
  • 320547 Platform: [Webapp][Security] Misuse of /topic/file
  • 320548 Platform: [Webapp][Security] Ability to read files not in bundles
  • 320967 Platform: [Test][Security] Tests for security related bugs
  • 325902 Equinox: [launcher] Windows LoadLibrary search cwd DLL exploit
  • 328795 Equinox: [Webapp] Possible security issue with JSP code exposure.
  • 328975 Equinox: [Webapp] Possible security issue with JSP code exposure.
  • 329193 Equinox: [Webapp] Possible security issue with JSP code exposure.
  • 329582 Platform: [Webapp][Security] Eclipse Help Server XSS
  • 330026 Platform: [Webapp][Security] Fix for Eclipse 3.6.2 Eclipse Help Server XSS
  • 333959 Virgo: cross-site scripting vulnerability
  • 336767 z_Archived: Security Issue in BIRT Viewer
  • 361316 Jetty: DoS attack from similar hash values
  • 367533 Community: Reset Password allows to hijack accounts for SSH access (and other options)
  • 367638 Jetty: Denial of Service attack ocert-2011-003 / CVE-2011-4461
  • 378977 Equinox: [Webapp] Possible security issue with JSP code exposure. - backport to 3.5.2+
  • 378979 Equinox: [Webapp] Possible security issue with JSP code exposure. backport for 3.4.2+
  • 390491 Equinox: [Webapp] Possible security issue with JSP code exposure.
  • 395246 Gemini.Web: Access to forbidden directories can be granted
  • 421097 Community: Open redirect
  • 421700 Community: Reflected XSS - https://dev.eclipse.org/portal/myfoundation/tests/explore.php
  • 421726 Community: [Security] SQL injection in http://www.eclipse.org/membership/scripts/get_image.php
  • 421759 Community: [security] SQL injection in [http://eclipse.org/membership/showMember.php] By Shahmeer Amir and Rafay Baloch
  • 421875 Community: Vulnerabilities on http://www.eclipse.org/‏
  • 424827 Community: Potential XSS vulnerability on /downloads page.
  • 427830 Community: XSS vulnerability on www.eclipse.org
  • 428032 Community: Multiple XSS on site_login
  • 429494 Community: https://bugs.eclipse.org/bugs/ is vulnerable to CVE-2009-3555
  • 435095 Data Tools: HIPP jobs are SSHing to build.eclipse.org and storing passwords in config files
  • 438006 ECF: [XMPP] Update to Smack 4
  • 438901 Platform: Style PASSWORD | READ_ONLY without BORDER displays plain text password
  • 443883 Community: [site_login] Password change should invalidate all active sessions
  • 458571 WTP Source Editing: XXE in DTD Parser/Validator (CVE-2019-17637)
  • 463809 EMFStore: [Security] addInitialParticipant remote method allows privilege escalation
  • 474575 Community: The website may allow automated account creation.
  • 509799 EPP: Symantec reports a Trojan SONAR.AM.C!g24 in eclipse
  • 510249 Kura: Eclipse Kura uses a vulnerable version of Apache Commons Fileupload
  • 513268 Community: Open Redirection vulnerability in wiki.eclipse.org
  • 516765 Community: CVE-2017-7650: Eclipse Mosquitto ACL security issue (CVE-2017-7650)
  • 526392 Platform: JSP source is shown if extension is not matching exactly (case-sensitive)
  • 529754 Community: Mosquitto Server Shutdown Attack (CVE-2017-7651)
  • 530102 Community: Reloading Mosquitto configuration may fail if no file descriptors are available (CVE-2017-7652)
  • 530629 Community: Security vulnerability found in OpenJ9 project (CVE-2018-1417)
  • 532113 Community: CVE-2017-7653: Eclipse Mosquitto does not validate topic strings (CVE-2017-7653)
  • 533258 Community: Californium/Leshan DTLS PSK identity oracle
  • 533493 Community: CVE-2017-7654: Mosquitto Broker DoS through a Memory Leak vulnerability (CVE-2017-7654)
  • 533775 Community: CVE-2017-7655: Potential NULL Dereference vulnerability in Mosquitto Library (CVE-2017-7655)
  • 534108 Community: The site marketplace.eclipse.org only supports TLS 1.0 security
  • 534589 Community: OpenJ9 Vulnerabilities (CVE-2018-12539)
  • 535667 Community: Jetty: CVE Request: HTTP/0.9 Request Smuggling (CVE-2017-7656)
  • 536018 Community: Jetty: CVE Request: FileBasedSessionStore Session Stealing (CVE-2018-12538)
  • 536038 Community: CVE-2018-12537: vert.x: Improper neutralization of CRLF sequences allows remote attackers to inject arbitrary HTTP response headers (CVE-2018-12537)
  • 538142 z_Archived: Security bug - RCE in BIRT viewer example (CVE-2021-34427)
  • 539170 Community: WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake (CVE-2018-12541)
  • 539171 Community: The StaticHandler does not properly neutralize forward slashes (CVE-2018-12542)
  • 539295 Community: Remote crash in Mosquitto 1.5 to 1.5.2 (CVE-2018-12543)
  • 539568 Community: The OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks (CVE-2018-12544)
  • 540550 Community: Password change should invalidate all user sessions
  • 540989 Community: Che build incorporates binaries downloaded over http -- potential MITM risk. (CVE-2021-41034)
  • 541870 Community: mosquitto: An empty ACL file grant all permissions to clients (CVE-2018-12550)
  • 543127 Community: Access Control Violation via Retained Message in Eclipse Mosquitto (CVE-2018-12546)
  • 543401 Community: Blank username allows Mosquitto Security Bypass (CVE-2018-12551)
  • 543626 Paho: Possible Vulnerabilities in Eclipse paho.mqtt.c
  • 543792 Community: OpenJ9 OpenSSL natives are public (CVE-2018-12548)
  • 544019 Community: OpenJ9 may fail to null check the receiver of an unsafe call (CVE-2018-12549)
  • 544819 Community: DTLS server - buffer overflow leading to crash (dtls_create_cookie)
  • 544824 Community: DTLS server - buffer overflow leading to crash (dtls_update_parameters)
  • 545588 openj9: Crash on unverifiable bytecode (CVE-2019-10245)
  • 546053 Community: Eclipse hawkBit: New CVE Request (CVE-2019-10240)
  • 546121 Community: Jetty CVE Request: DefaultServlet / ResourceHandler XSS (CVE-2019-10241)
  • 546576 Community: Jetty CVE Request: Information Reveal - Windows Directory Listings (CVE-2019-10246)
  • 546577 Community: Jetty CVE Request: Information Reveal - DefaultHandler (CVE-2019-10247)
  • 546622 Community: Eclipse Vorto: New CVE Request (CVE-2019-10248)
  • 546816 z_Archived: Reflected XSS vulnerability in the __format URL parameter (CVE-2019-11776)
  • 546996 Community: Eclipse Xtext/Xtend: New CVE Request (CVE-2019-10249)
  • 547734 Community: Eclipse Buildship: New CVE Request (CVE-2019-11770)
  • 549191 OMR: RPATHs on AIX (CVE-2019-11773)
  • 549192 OMR: Loop Versioner (CVE-2019-11774)
  • 549601 openj9: Loop Versioner (CVE-2019-11775)
  • 549934 Paho: Request for CVE in known hostname validation vulnerability in the MQTT library (CVE-2019-11777)
  • 550943 Community: Mojarra multiple directory traversal issues
  • 551423 Community: repo.locationtech.org Only Supports TLS 1.1 Which is Unsecure
  • 551596 Che: Remote Code Execution Vulnerability in Web Interface (CVE-2019-17633)
  • 551680 Platform: [Webapp][Security] XSS in query param of webapp war file
  • 551747 Community: Arbitrary File Read Abusing The `mini-browser` Extension (CVE-2019-17636)
  • 552129 openj9: Dump creation (CVE-2019-17631)
  • 552542 Community: XSS in Memory Analyzer plugin for Eclipse (CVE-2019-17634)
  • 553067 RAP: Accidental XSS possible with HTML MARKUP_ENABLED in RAP
  • 558633 MAT: Deserialization issues (CVE-2019-17635)
  • 561109 Community: Javascript injection via notification messages in Theia IDE (CVE-2021-28162)
  • 563882 Community: Unauthorized retained message
  • 563998 openj9: Undefined return value (CVE-2019-17639)
  • 564984 Community: CVE Request: Jetty Corrupt Response Buffer (CVE-2019-17638)
  • 565671 Community: Mosquitto Windows Service Unquoted Path vulnerability
  • 567068 Community: Hono's AMQP adapter does not check/limit incoming message size (CVE-2020-27217)
  • 567213 Community: Vulnerability in Mosquitto configuration file parsing
  • 567416 Community: Eclipse Vert.x StaticHandler doesn't correctly process back slashes (CVE-2019-17640)
  • 567921 Community: Jetty vulnerable to temporary directory hijacking (CVE-2020-27216)
  • 568018 Community: Theia "mini-browser" extension RCE exploit (CVE-2021-34435)
  • 569763 openj9: Stack buffer overflow (CVE-2020-27221)
  • 569855 Platform: Vulnerability in Eclipse livehelp. (CVE-2020-27225)
  • 570090 Community: OBB-1677065 - XSS vuln for eclipse.org
  • 570105 Wakaama: A null pointer reference exists in the wakaama project.
  • 570289 Community: Eclipse hawkBit CVE request: Improper escaping of JSON response field (CVE-2020-27219)
  • 570582 z_Archived: Update bundled guava and any guava dependencies to 30.0+
  • 571233 Community: Security Leak Information: Maven Password‏
  • 571411 Community: security - LFI on eclipse.org/mylyn
  • 571428 Community: [Security] Unauthorized users could access agent logs
  • 571477 Platform: API key in build job definition shell script
  • 571856 openj9: Use of ConstantPool may not initialize class
  • 572218 Community: Jetty 100% CPU upon receiving a large invalid TLS Frame (CVE-2021-28165)
  • 572219 Community: Jetty Ambiguous Paths can access WEB-INF (CVE-2021-28164)
  • 572220 Community: Jetty Symlink Directory Exposes Webapp Directory Contents (CVE-2021-28163)
  • 572608 Community: Mosquitto: CVE request - NULL pointer dereference on crafted CONNACK (CVE-2021-28166)
  • 572718 MAT: 4th party library issue
  • 573389 Community: Jetty Utility Servlets Double Decoding Information Disclosure Vulnerability (CVE-2021-28169)
  • 573743 Community: The Eclipse Security Mailing list is publicly accessible!
  • 573993 Viatra: Username Compromised using jenkins
  • 574141 Community: Remote crash in Mosquitto 2.0.7 when publish topic length is 0 (CVE-2021-34432)
  • 574146 Community: Jetty SessionListener can prevent a session from being invalidated breaking logout. (CVE-2021-34428)
  • 574386 z_Archived: Vulnerabilities discovered in third-party content
  • 575281 Californium: 2.0 - 2.6 : DTLS vulnerability not verifying the server certificate, when ServerKeyExchange is not signed (CVE-2021-34433)
  • 575924 Community: XSS in @theia/plugin-ext webview (CVE-2021-41038)
  • 576395 openj9: OpenJ9 must throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods
  • 577157 MAT: Jetty CVE-2021-34429
  • 579744 openj9: OpenJ9 allows unverified methods to be invoked using MethodHandles
  • 580460 Community: Xss vulnerability - /downloads-viewer.php?s=
  • 580566 Community: Description : You are using Swagger ui to share api docs, which uses DomPurify which is vulnerable to insecure input validation and overall your domain becomes vulnerable to Reflected XSS

Back to the top