Oracle Graalvm vulnerabilities
180 known vulnerabilities affecting oracle/graalvm.
Total CVEs
180
CISA KEV
1
actively exploited
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL6HIGH53MEDIUM79LOW42
Vulnerabilities
Page 4 of 9
CVE-2023-21938LOWCVSS 3.7v20.3.8v21.3.4+1 more2023-04-18
CVE-2023-21938 [LOW] CVE-2023-21938: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network ac
nvd
CVE-2023-21937LOWCVSS 3.7v20.3.9v21.3.5+1 more2023-04-18
CVE-2023-21937 [LOW] CVE-2023-21937: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network a
nvd
CVE-2023-21968LOWCVSS 3.7v20.3.9v21.3.5+1 more2023-04-18
CVE-2023-21968 [LOW] CVE-2023-21968: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network ac
nvd
CVE-2023-21835MEDIUMCVSS 5.3v20.3.8v21.3.4+1 more2023-01-18
CVE-2023-21835 [MEDIUM] CVE-2023-21835: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to co
nvd
CVE-2023-21830MEDIUMCVSS 5.3v20.3.8v21.3.4+1 more2023-01-18
CVE-2023-21830 [MEDIUM] CVE-2023-21830: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and 21.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protoc
nvd
CVE-2023-21843LOWCVSS 3.7v20.3.8v21.3.4+1 more2023-01-18
CVE-2023-21843 [LOW] CVE-2023-21843: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network ac
nvd
CVE-2022-21634HIGHCVSS 7.5v20.3.7v21.3.3+1 more2022-10-18
CVE-2022-21634 [HIGH] CVE-2022-21634: Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: LLVM In
Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: LLVM Interpreter). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterpris
nvd
CVE-2022-21628MEDIUMCVSS 5.3v20.3.7v21.3.3+1 more2022-10-18
CVE-2022-21628 [MEDIUM] CVE-2022-21628: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attac
nvd
CVE-2022-21618MEDIUMCVSS 5.3v21.3.3v22.2.02022-10-18
CVE-2022-21618 [MEDIUM] CVE-2022-21618: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Oracle
nvd
CVE-2022-21626MEDIUMCVSS 5.3v20.3.7v21.3.3+1 more2022-10-18
CVE-2022-21626 [MEDIUM] CVE-2022-21626: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via H
nvd
CVE-2022-21597MEDIUMCVSS 5.3v20.3.7v21.3.3+1 more2022-10-18
CVE-2022-21597 [MEDIUM] CVE-2022-21597: Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaScr
Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaScript). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GraalVM Enterprise Edition. Success
nvd
CVE-2022-39399LOWCVSS 3.7v20.3.7v21.3.3+1 more2022-10-18
CVE-2022-39399 [LOW] CVE-2022-39399: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP
nvd
CVE-2022-21624LOWCVSS 3.7v20.3.7v21.3.3+1 more2022-10-18
CVE-2022-21624 [LOW] CVE-2022-21624: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network acc
nvd
CVE-2022-21619LOWCVSS 3.7v20.3.7v21.3.3+1 more2022-10-18
CVE-2022-21619 [LOW] CVE-2022-21619: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network
nvd
CVE-2022-34169HIGHCVSS 7.5v20.3.6v21.3.2+1 more2022-07-19
CVE-2022-34169 [HIGH] CWE-681 CVE-2022-34169: The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing mali
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include r
nvd
CVE-2022-21540MEDIUMCVSS 5.3v20.3.6v21.3.2+1 more2022-07-19
CVE-2022-21540 [MEDIUM] CVE-2022-21540: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with networ
nvd
CVE-2022-21541MEDIUMCVSS 5.9v20.3.6v21.3.2+1 more2022-07-19
CVE-2022-21541 [MEDIUM] CVE-2022-21541: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with netw
nvd
CVE-2022-21549MEDIUMCVSS 5.3v21.3.2v22.1.02022-07-19
CVE-2022-21549 [MEDIUM] CVE-2022-21549: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compro
nvd
CVE-2022-25647HIGHCVSS 7.5v20.3.6v21.3.2+1 more2022-05-01
CVE-2022-25647 [HIGH] CWE-502 CVE-2022-25647: The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Da
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.
nvd
CVE-2022-21449HIGHCVSS 7.5v21.3.1v22.0.0.22022-04-19
CVE-2022-21449 [HIGH] CVE-2022-21449: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to c
nvd