VYPR

Maven package

net.sourceforge.pmd/pmd-core

pkg:maven/net.sourceforge.pmd/pmd-core

Vulnerabilities (3)

  • CVE-2026-28338Feb 27, 2026
    affected < 7.22.0fixed 7.22.0

    PMD is an extensible multilanguage static code analyzer. Prior to version 7.22.0, PMD's `vbhtml` and `yahtml` report formats insert rule violation messages into HTML output without escaping. When PMD analyzes untrusted source code containing crafted string literals, the generated

  • CVE-2025-23215CriJan 31, 2025
    affected >= 6.21.0, < 7.10.0fixed 7.10.0

    PMD is an extensible multilanguage static code analyzer. The passphrase for the PMD and PMD Designer release signing keys are included in jar published to Maven Central. The private key itself is not known to have been compromised itself, but given its passphrase is, it must also

  • CVE-2019-7722Feb 11, 2019
    affected < 6.0.0fixed 6.0.0

    PMD 5.8.1 and earlier processes XML external entities in ruleset files it parses as part of the analysis process, allowing attackers tampering it (either by direct modification or MITM attacks when using remote rulesets) to perform information disclosure, denial of service, or re