pkg:Maven/com.vaadin:flow-server

10 total CVEsHIGH1MEDIUM5LOW3

✅ Check your installed version

All known vulnerabilities

  • HIGH8.6CVE-2021-31407OSGi applications using Vaadin 12-14 and 19 vulnerable to server classes and resources exposure
    >= 1.2.0, < 2.4.8
  • MEDIUM6.1CVE-2019-25027Reflected cross-site scripting in default RouteNotFoundError view in Vaadin 10 and 11-13
    >= 1.0.0, < 1.0.11
  • MEDIUM5.9CVE-2020-36321Directory traversal in development mode handler in Vaadin 14 and 15-17
    >= 3.0.0, < 5.0.0
  • MEDIUM5.7CVE-2023-25499Vaadin vulnerable to possible information disclosure in non visible components.
    >= 1.0.0, < 1.0.20
  • MEDIUM4.0CVE-2021-31404Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18
    >= 1.0.0, < 1.0.14
  • MEDIUM4.0CVE-2021-31406Timing side channel vulnerability in endpoint request handler in Vaadin 15-19
    >= 3.0.0, < 5.0.4
  • LOW3.5CVE-2023-25500Vaadin vulnerable to possible information disclosure of class and method names in RPC response
    >= 1.0.0, < 1.0.21
  • LOW3.1CVE-2020-36319Potential sensitive data exposure in applications using Vaadin 15
    >= 3.0.0, < 3.0.6
  • LOW2.6CVE-2018-25007Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11
    >= 1.0.0, < 1.0.6
  • CVE-2026-2742Vaadin Vulnerable to Authentication Bypass When Accessing the /VAADIN Endpoint Without a Trailing Slash
    from 0, < 14.14.1