High
CVE-2025-31129
Jooby is a web framework for Java and Kotlin. The pac4j io.jooby.internal.pac4j.SessionStoreImpl#get module deserializes untrusted data. This vulnerability is fixed in 2.17.0 (2.x) and 3.7.0 (3.x).
Tag: Kotlin
All CVEs associated with "Kotlin". Page 1/1 • 18 CVEs.
About “Kotlin”
A curated feed of “Kotlin”-related CVEs appears below. We currently track 18 CVEs for this tag (all time). In the last 365 days, 0 were published. Average CVSS is 7.0 (all time), and 50% are rated High/Critical (all time). Top CWEs (all time): CWE-319 - Cleartext Transmission of Sensitive Information, CWE-502 - Deserialization of Untrusted Data, CWE-532 - Insertion of Sensitive Information into Log File.
In our taxonomy this topic maps to a LOW impact class. Language runtimes and libraries cascade through dependency graphs. Upgrade runtime and toolchain, pin versions, rebuild images, and enable SAST or DAST and linters. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
Support & lifecycle: kotlin
This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.
| Cycle | Release | Latest | EOL | LTS |
|---|---|---|---|---|
| 2.3 | 2.3.21 | - | ||
| 2.2 | 2.2.21 | Expired | ||
| 2.1 | 2.1.21 | Expired | ||
| 2.0 | 2.0.21 | Expired | ||
| 1.9 | 1.9.25 | Expired | ||
| 1.8 | 1.8.22 | Expired | ||
| 1.7 | 1.7.22 | Expired | ||
| 1.6 | 1.6.21 | Expired | ||
| 1.5 | 1.5.32 | Expired | ||
| 1.4 | 1.4.32 | Expired | ||
| 1.3 | 1.3.72 | Expired |
Maintained Soon (≤ 180 days) Expired
Subscribe lifecycle: RSS · RSS (expired) · ICS
Subscribe CVEs: RSS for “Kotlin” · RSS (High+Critical only)
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-03-31
2025-01-24
High
CVE-2025-24362
In some circumstances, debug artifacts uploaded by the CodeQL Action after a failed code scanning workflow run may contain the environment variables from the workflow run, including any secrets that…
2025-01-13
Medium
CVE-2025-23026
jte (Java Template Engine) is a secure and lightweight template engine for Java and Kotlin. In affected versions Jte HTML templates with `script` tags or script attributes that include a Javascript t…
2024-12-12
Critical
CVE-2024-55875
http4k is a functional toolkit for Kotlin HTTP applications. Prior to version 5.41.0.0, there is a potential XXE (XML External Entity Injection) vulnerability when http4k handling malicious XML conte…
2024-02-09
Medium
CVE-2024-23639
Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled bu…
2024-02-06
Medium
CVE-2024-24938
In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation
2023-12-06
Medium
CVE-2023-26154
Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before 6.19.0; all versions of the package github.com/pubnub/go; versions of…
2022-02-25
Medium
CVE-2022-24329
In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.
2022-01-18
Medium
CVE-2022-21700
Micronaut is a JVM-based, full stack Java framework designed for building JVM web applications with support for Java, Kotlin and the Groovy language. In affected versions sending an invalid Content T…
2021-04-13
High
CVE-2021-29428
In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds c…
2021-02-03
Medium
CVE-2020-29582
In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permis…
2020-08-08
High
CVE-2020-15824
In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cac…
2020-06-25
Medium
CVE-2020-4072
In generator-jhipster-kotlin version 1.6.0 log entries are created for invalid password reset attempts. As the email is provided by a user and the api is public this can be used by an attacker to for…
2019-09-14
Critical
CVE-2019-16303
A class generated by the Generator in JHipster before 6.3.0 and JHipster Kotlin through 1.1.0 produces code that uses an insecure source of randomness (apache.commons.lang3 RandomStringUtils). This a…
2019-07-03
Medium
CVE-2019-12845
The generated Kotlin DSL settings allowed usage of an unencrypted connection for resolving artifacts. The issue was fixed in JetBrains TeamCity 2018.2.3.
High
CVE-2019-10103
JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/JVM Server) IDE Template were resolving Gradle artifacts using an http connection, potentially allowing an MITM attack. This issue…
High
CVE-2019-10102
JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack.…
High
CVE-2019-10101
JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack.