VYPR

Maven package

com.vaadin/vaadin-spreadsheet-flow

pkg:maven/com.vaadin/vaadin-spreadsheet-flow

Vulnerabilities (1)

  • CVE-2025-15022MedJan 5, 2026
    affected >= 23.1.0, < 23.6.6fixed 23.6.6

    Action captions in Vaadin accept HTML by default but were not sanitized, potentially allowing Cross-site Scripting (XSS) if caption content is derived from user input. In Vaadin Framework 7 and 8, the Action class is a general-purpose class that may be used by multiple component