org.apache.struts:struts2-core vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2025-68493Highorg.apache.struts:struts2-core: Apache Struts 2 is Missing XML ValidationCVE-2025-66675Highorg.apache.struts:struts2-core: Apache Struts has a Denial of Service vulnerabilityCVE-2025-64775Highorg.apache.struts:struts2-core: Apache Struts is Vulnerable to DoS via File LeakCVE-2024-53677Criticalorg.apache.struts:struts2-core: Apache Struts file upload logic is flawedCVE-2023-50164Criticalorg.apache.struts:struts2-core: Apache Struts vulnerable to path traversalCVE-2023-41835Highorg.apache.struts:struts2-core: Apache Struts Improper Control of Dynamically-Managed Code Resources vulnerabilityCVE-2023-34396Highorg.apache.struts:struts2-core: Apache Struts vulnerable to memory exhaustionCVE-2023-34149Mediumorg.apache.struts:struts2-core: Apache Struts vulnerable to memory exhaustionCVE-2019-0233Highorg.apache.struts:struts2-core: Improper Preservation of Permissions in Apache StrutsCVE-2015-2992Mediumorg.apache.struts:struts2-core: Cross-site Scripting in Apache StrutsCVE-2008-6682Mediumorg.apache.struts:struts2-core: Apache Struts is vulnerable to Cross-site ScriptingCVE-2008-6505Mediumorg.apache.struts:struts2-core: Apache Struts directory traversal vulnerabilityCVE-2011-1772Loworg.apache.struts:struts2-core: Cross-site Scripting in Apache StrutsCVE-2013-6348Mediumorg.apache.struts:struts2-core: Apache Struts is vulnerable to Cross-site ScriptingCVE-2013-4310Mediumorg.apache.struts:struts2-core: Apache Struts2 Broken Access Control VulnerabilityCVE-2016-2162Mediumorg.apache.struts:struts2-core: Apache Struts XSS VulnerabilityCVE-2016-3082Criticalorg.apache.struts:struts2-core: Remote Code Execution in Apache StrutsCVE-2016-3093Mediumorg.apache.struts:struts2-core: Denial of service in Apache StrutsCVE-2013-4316Highorg.apache.struts:struts2-core: Code injection in Apache StrutsCVE-2013-2248Mediumorg.apache.struts:struts2-core: Open redirect in Apache StrutsCVE-2016-4436Criticalorg.apache.struts:struts2-core: Apache Struts improper action name cleanupCVE-2016-4465Mediumorg.apache.struts:struts2-core: Apache Struts vulnerable to possible DoS attack when using URLValidatorCVE-2012-4386Mediumorg.apache.struts:struts2-core: Cross-Site Request Forgery in Apache StrutsCVE-2015-1831Highorg.apache.struts:struts2-core: Incomplete exclude pattern in Apache StrutsCVE-2015-5209Highorg.apache.struts:struts2-core: Special top object can be used to access Struts' internals

Stop the waste.
Protect your environment with Kodem.