VYPR
Vendor

Jhipster

Products
3
CVEs
5
Across products
5
Status
Private

Products

3

Recent CVEs

5
  • CVE-2022-24815HigApr 11, 2022
    risk 0.46cvss 8.1epss 0.01

    JHipster is a development platform to quickly generate, develop, & deploy modern web applications & microservice architectures. SQL Injection vulnerability in entities for applications generated with the option "reactive with Spring WebFlux" enabled and an SQL database using…

  • CVE-2025-31119HigApr 3, 2025
    risk 0.42cvss 7.6epss 0.00

    generator-jhipster-entity-audit is a JHipster module to enable entity audit and audit log page. Prior to 5.9.1, generator-jhipster-entity-audit allows unsafe reflection when having Javers selected as Entity Audit Framework. If an attacker manages to place some malicious classes…

  • CVE-2015-20110HigOct 31, 2023
    risk 0.42cvss 7.5epss 0.01

    JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course…

  • CVE-2020-4072MedJun 25, 2020
    risk 0.28cvss 5.3epss 0.01

    In generator-jhipster-kotlin version 1.6.0 log entries are created for invalid password reset attempts. As the email is provided by a user and the api is public this can be used by an attacker to forge log entries. This is vulnerable to https://cwe.mitre.org/data/definitions/117.…

  • CVE-2025-43712LowJul 25, 2025
    risk 0.12cvss 2.9epss 0.00

    JHipster before v.8.9.0 allows privilege escalation via a modified authorities parameter. Upon registering in the JHipster portal and logging in as a standard user, the authorities parameter in the response from the api/account endpoint contains the value ROLE_USER. By…