Vulnerability Directory

If you’re currently using these frameworks in your application’s tech stack, your application could be vulnerable.

Secure drop-in replacements for open source software from HeroDevs helps you stay secure, compliant, and compatible while you migrate.

Switch to Never-Ending Support (NES) from HeroDevs to immediately mitigate these vulnerabilities.

Talk to Our Experts
Get Pricing
Codey gradient
Filtering by:
Severity
=
Text for Severity
Close icon
Clear Filters
Severity
ID
Technology
Libraries Affected
Category
Version(s) Affected
Published Date
High
Open in new tab icon
CVE-2026-2818
Spring
Spring Data Geode
Path Traversal
>= 2.0.0 <= 2.7.18, >= 1.7.0 <= 2.2.13
Feb 20, 2026
Medium
Open in new tab icon
CVE-2026-2817
Spring
Spring Data Geode
Creation of Temporary File in Directory with Insecure Permissions
>= 2.0.0 < 2.7.18, >= 1.7.0 <= 2.2.13
Feb 19, 2026
Low
Open in new tab icon
CVE-2025-13083
Drupal 7
Drupal core
Information Exposure
>=7.0 <=7.103
Feb 13, 2026
Medium
Open in new tab icon
CVE-2025-59471
Next.js
>=10.0.0 <15.5.10, >=15.6.0-canary.0 <16.1.5
Denial of Service
NES for Next.js
Feb 13, 2026
Medium
Open in new tab icon
CVE-2026-1556
Drupal 7
File Field Paths
Information Exposure
>=7.1.0 <=7.1.2
Feb 2, 2026
Medium
Open in new tab icon
CVE-2025-31675
Drupal 7
Link
Cross-Site Scripting
>=7.1.0 <=7.1.12
Feb 2, 2026
Medium
Open in new tab icon
CVE-2025-3573
jQuery
jQuery Validation
Cross-Site Scripting
<1.20.0
Jan 30, 2026
Medium
Open in new tab icon
CVE-2026-0748
Drupal 7
i18n_node in i18n
Broken Access
>=7.1.0 <=7.1.35
Jan 29, 2026
Medium
Open in new tab icon
CVE-2021-41183
jQuery
jQuery UI
Cross-Site Scripting
<1.13.0
Jan 27, 2026
Medium
Open in new tab icon
CVE-2021-41184
jQuery
jQuery UI
Cross-Site Scripting
<1.13.0
Jan 27, 2026
Medium
Open in new tab icon
CVE-2010-5312
jQuery
jQuery UI
Cross-Site Scripting
>=1.7.0 <1.10.0
Jan 27, 2026
Medium
Open in new tab icon
CVE-2021-41182
jQuery
NES for jQuery UI
Cross-Site Scripting
<1.13.0
Jan 27, 2026
High
Open in new tab icon
CVE-2023-22102
MySQL Connector/J
mysql-connector-j
Authorization Bypass
< 8.2.0
Jan 21, 2026
High
Open in new tab icon
CVE-2026-0603
Hibernate
Hibernate ORM
Command Injection
>= 5.6.0 <= 5.6.15
Jan 20, 2026
High
Open in new tab icon
CVE-2025-68493
Struts
Apache Struts
Remote Code Execution
>=2.0.0 <=2.3.37, >=2.5.0 <=2.5.33, >=6.0.0 <6.1.1,
Jan 16, 2026
Exclamation icon
No results found

Please enter a valid Vulnerability ID number or Technology name.

Thanks for signing up for our Newsletter! We look forward to connecting with you.
Oops! Something went wrong while submitting the form.

By clicking "Accept", you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

PreferencesRejectAccept
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.