CVE Daily
← All tags

Tag: JHipster

All CVEs associated with "JHipster". Page 1/1 • 6 CVEs.

About “JHipster”

A curated feed of “JHipster”-related CVEs appears below. We currently track 6 CVEs for this tag (all time). In the last 365 days, 1 were published. Average CVSS is 6.9 (all time; 2.9 over 365d), and 67% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-451 - User Interface (UI) Misrepresentation of Critical Information.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: jhipster

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

CycleReleaseLatestEOLLTS
99.1.0-
88.11.0 Expired
77.9.4 Expired
66.10.5 Expired
55.8.2 Expired
44.14.5 Expired
33.12.2 Expired
22.27.2 Expired
11.10.2 Expired
00.18.1 Expired

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS  ·  RSS (expired)  ·  ICS

Subscribe CVEs: RSS for “JHipster”  ·  RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2025-07-25
Low

CVE-2025-43712

JHipster before v.8.9.0 allows privilege escalation via a modified authorities parameter. Upon registering in the JHipster portal and logging in as a standard user, the authorities parameter in the r…

CVSS: 2.9 CWE: CWE-451 - User Interface (UI) Misrepresentation of Critical Information View on NVD
2025-04-03
High

CVE-2025-31119

generator-jhipster-entity-audit is a JHipster module to enable entity audit and audit log page. Prior to 5.9.1, generator-jhipster-entity-audit allows unsafe reflection when having Javers selected as…

CVSS: 7.6 CWE: CWE-470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') View on NVD
2023-10-31
High

CVE-2015-20110

JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by br…

CVSS: 7.5 CWE: CWE-307 - Improper Restriction of Excessive Authentication Attempts View on NVD
2022-04-11
High

CVE-2022-24815

JHipster is a development platform to quickly generate, develop, & deploy modern web applications & microservice architectures. SQL Injection vulnerability in entities for applications generated with…

CVSS: 8.1 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2020-06-25
Medium

CVE-2020-4072

In generator-jhipster-kotlin version 1.6.0 log entries are created for invalid password reset attempts. As the email is provided by a user and the api is public this can be used by an attacker to for…

CVSS: 5.3 CWE: CWE-117 - Improper Output Neutralization for Logs View on NVD
2019-09-14
Critical

CVE-2019-16303

A class generated by the Generator in JHipster before 6.3.0 and JHipster Kotlin through 1.1.0 produces code that uses an insecure source of randomness (apache.commons.lang3 RandomStringUtils). This a…

CVSS: 9.8 CWE: CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) View on NVD
CVE Daily Lookup — auto-links CVE IDs on any page you visit. GitHub, Jira, Confluence & more. Free.
Chrome Firefox