CVE-2020-7647

All versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2 of io.jooby:jooby and org.jooby:jooby are vulnerable to Directory Traversal via two separate vectors...

EUVD-2019-0631

Malware in sbrugna...

EUVD-2025-9309

Malicious code in bioql PyPI...

CVE-2019-15477

Jooby before 1.6.4 has XSS via the default error handler...

CVE-2025-31129

Jooby is a web framework for Java and Kotlin. The pac4j io.jooby.internal.pac4j.SessionStoreImplget module deserializes untrusted data. This vulnerability is fixed in 2.17.0 2.x and 3.7.0 3.x...

CVE-2025-31129

Jooby is a web framework for Java and Kotlin. The pac4j io.jooby.internal.pac4j.SessionStoreImplget module deserializes untrusted data. This vulnerability is fixed in 2.17.0 2.x and 3.7.0 3.x...

CVE-2025-31129 jooby-pac4j: deserialization of untrusted data

Jooby is a web framework for Java and Kotlin. The pac4j io.jooby.internal.pac4j.SessionStoreImplget module deserializes untrusted data. This vulnerability is fixed in 2.17.0 2.x and 3.7.0 3.x...

CVE-2025-31129 jooby-pac4j: deserialization of untrusted data

Jooby is a web framework for Java and Kotlin. The pac4j io.jooby.internal.pac4j.SessionStoreImplget module deserializes untrusted data. This vulnerability is fixed in 2.17.0 2.x and 3.7.0 3.x...

CVE-2025-31129

Summary: CVE-2025-31129 affects the Jooby pac4j integration. In io.jooby.internal.pac4j.SessionStoreImpl#get, values are deserialized from untrusted data (notably for payloads starting with “b64~”), which can enable code execution. The issue is fixed in Jooby releases 2.17.0 (2.x stream) and 3.7....

CVE-2025-31129 jooby-pac4j: deserialization of untrusted data

Jooby is a web framework for Java and Kotlin. The pac4j io.jooby.internal.pac4j.SessionStoreImplget module deserializes untrusted data. This vulnerability is fixed in 2.17.0 2.x and 3.7.0 3.x...

jooby 代码问题漏洞

jooby is a modular web framework for Java and Kotlin from jooby open source. A code issue vulnerability exists in jooby version 2.17.0 and versions prior to 3.7.0, which stems from deserializing untrusted data...

PT-2025-13818 · Jooby +1 · Jooby +1

Name of the Vulnerable Software and Affected Versions: Jooby versions prior to 2.17.0 Jooby versions prior to 3.7.0 Description: The issue concerns the deserialization of untrusted data by the SessionStoreImplget module in the pac4j library of the Jooby web framework for Java and Kotlin...

dk.mada.jaxrs:openapi-jaxrs-client (>=0.9.12 <=0.9.17), io.jooby:jooby-jstachio (>=3.0.0.M7 <=3.0.0.M9) +6 more potentially affected by CVE-2023-33962 via io.jstach:jstachio (>=0.10.0 <=1.0.0)

io.jstach:jstachio MAVEN version =0.10.0, =0.9.12, =3.0.0.M7, =0.6.0, =0.8.0, =0.8.0, =0.10.0, =0.10.0, =0.10.0, =1.0.0 Source cves: CVE-2023-33962 Source advisory: OSV:GHSA-GWXV-JV83-6QJR...

com.github.philippefichet:asciidoc4netbeans (>=1.0.0 <=1.0.1), com.macdservices:jmacd-server (>=1.1.1.1 <=1.1.1.7) +52 more potentially affected by CVE-2020-7647 via io.jooby:jooby (>=2.0.0 <=2.8.10)

io.jooby:jooby MAVEN version =2.0.0, =1.0.0, =1.1.1.1, =1.1.1.1, =2.7.0, =2.7.0, =2.7.0, =2.1.0, =2.6.0, =2.0.6, =2.8.10, =2.8.10, =2.10.0, =2.6.1, =2.0.0, =2.17.0 and more Source cves: CVE-2020-7647 Source advisory: OSV:GHSA-PX9H-X66R-8MPC...

GHSA-PX9H-X66R-8MPC path traversal in Jooby

Impact Access to sensitive information available from classpath. Patches Patched version: 1.6.7 and 2.8.2 Commit 1.x: https://github.com/jooby-project/jooby/commit/34f526028e6cd0652125baa33936ffb6a8a4a009 Commit 2.x:...

path traversal in Jooby

Impact Access to sensitive information available from classpath. Patches Patched version: 1.6.7 and 2.8.2 Commit 1.x: https://github.com/jooby-project/jooby/commit/34f526028e6cd0652125baa33936ffb6a8a4a009 Commit 2.x:...

io.github.juspay.hyperswitchplugin:hyperswitch-killbill-plugin (=0.1.0), org.jooby:coverage-report (>=0.5.0 <=1.1.2) +113 more potentially affected by CVE-2020-7647 via org.jooby:jooby (>=0.10.0 <=1.6.9)

org.jooby:jooby MAVEN version =0.10.0, =0.5.0, =0.10.0, =1.2.0, =0.11.0, =1.0.0, =0.12.0, =0.11.0, =0.11.0, =0.11.0, =0.11.0, =1.0.0, =0.11.0, =0.11.0, =0.11.0, =1.6.9 and more Source cves: CVE-2020-7647 Source advisory: OSV:GHSA-PX9H-X66R-8MPC...

Directory Traversal

jooby is vulnerable to directory traversal. Lack of path validation allows an attacker to inject ../ characters and access files outside of the web root directory...

CVE-2020-7647

All versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2 of io.jooby:jooby and org.jooby:jooby are vulnerable to Directory Traversal via two separate vectors...

Directory traversal

All versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2 of io.jooby:jooby and org.jooby:jooby are vulnerable to Directory Traversal via two separate vectors...