Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Eclipse Foundation — Vulnerabilities & Security Advisories 95

Browse all 95 CVE security advisories affecting Eclipse Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

The Eclipse Foundation operates as a non-profit organization managing an open-source ecosystem, primarily hosting the Eclipse Integrated Development Environment (IDE) and related tooling. Its infrastructure supports a vast array of plugins and projects, creating a complex attack surface that has historically resulted in numerous security vulnerabilities. Recorded Common Vulnerabilities and Exposures (CVEs) frequently involve remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from input validation errors or insecure default configurations within specific plugins rather than the core platform itself. While the Foundation maintains rigorous governance and security advisory processes, the decentralized nature of its project portfolio means individual components may lag in patching. Notable incidents have highlighted risks associated with supply chain dependencies and outdated libraries within the broader ecosystem. Consequently, users must prioritize regular updates and strict plugin vetting to mitigate exposure to these historically common vulnerability classes.

Top products by Eclipse Foundation: ThreadX NetX Duo Eclipse Glassfish Jetty Mosquitto Eclipse Jetty USBX Eclipse OMR Eclipse BaSyx Eclipse OpenMQ Vert.x NextX Duo Eclipse Vert.x Open J9 Eclipse OpenJ9 OpenJ9 Glassfish Parsson Eclipse Kura Installer Eclipse Ditto Eclipse KUKSA - Databroker Eclipse JGit Eclipse Theia - Website Eclipse ThreadX - USBX Eclipse ThreadX Eclipse ThreadX - NetX Duo BlueChi paho.mqtt.golang (Go MQTT v3.1 library) Jersey Eclipse RAP
CVE IDTitleCVSSSeverityPublished
CVE-2025-0728 Eclipse ThreadX NetX Duo HTTP server single PUT request integer underflow — ThreadXCWE-191 7.5 -2025-02-21
CVE-2025-0726 Eclipse ThreadX NetX Duo HTTP server denial of service — ThreadXCWE-459 7.5 -2025-02-21
CVE-2025-1007 Improper Authorization in /user/namespace/{namespace}/details — OpenVSXCWE-285 4.3 -2025-02-19
CVE-2024-10917 Eclipse OpenJ9 might return an incorrect value in JNI function GetStringUTFLength — Open J9CWE-190 3.7 Low2024-11-11
CVE-2024-3935 Eclipse Mosquito: Double free vulnerability — mosquittoCWE-415 9.8AICriticalAI2024-10-30
CVE-2024-10525 Eclipse Mosquito: Heap Buffer Overflow in my_subscribe_callback — mosquittoCWE-122 9.8 -2024-10-30
CVE-2024-8184 Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks — JettyCWE-400 5.9 Medium2024-10-14
CVE-2024-6762 Jetty PushSessionCacheFilter can cause remote DoS attacks — JettyCWE-400 3.1 Low2024-10-14
CVE-2024-6763 Jetty URI parsing of invalid authority — JettyCWE-1286 3.7 Low2024-10-14
CVE-2024-9823 Jetty DOS vulnerability on DosFilter — JettyCWE-400 5.3 Medium2024-10-14
CVE-2024-8376 Memory leak — MosquittoCWE-401 9.1 -2024-10-11
CVE-2024-9329 Glassfish redirect to untrusted site — GlassfishCWE-233 6.1 -2024-09-30
CVE-2024-9202 EDC DataSetResolver policy filtering missing — Eclipse Dataspace ComponentsCWE-862 4.3AIMediumAI2024-09-27
CVE-2024-8642 Eclipse EDC: Consumer pull transfer token validation checks not applied — Eclipse EDC ConnectorCWE-303 7.5AIHighAI2024-09-11
CVE-2024-8646 Eclipse Glassfish: URL redirection vulnerability to untrusted sites — Eclipse GlassfishCWE-601 6.1 Medium2024-09-11
CVE-2024-8391 Eclipse Vert.x gRPC server does not limit the maximum message size — Eclipse Vert.xCWE-770--AI2024-09-04
CVE-2023-7272 Eclipse Parsson stack overflow with deeply nested objects — ParssonCWE-787 8.6 High2024-07-17
CVE-2024-3933 Eclipse Open J9 With -Xgc:concurrentScavenge on IBM Z, could write/read outside of a buffer — Open J9CWE-805 5.3 Medium2024-05-27
CVE-2024-5165 Eclipse Ditto User Interface vulnerable to XSS due to Improper Neutralization of Input — Eclipse DittoCWE-79 6.5 Medium2024-05-23
CVE-2024-4536 Eclipse EDC: OAuth2 Credential Exfiltration Vulnerability — EDCCWE-201 6.8 Medium2024-05-07
CVE-2024-0740 Eclipse Target Management <= 4.5.500 Command Injection — Eclipse Target ManagementCWE-78 9.8 Critical2024-04-26
CVE-2024-3046 Eclipse Kura 安全漏洞 — KuraCWE-303 7.5 High2024-04-09
CVE-2024-2212 Integer wraparounds, under-allocations, and heap buffer overflows in Eclipse ThreadX xQueueCreate() and xQueueCreateSet() — ThreadXCWE-122 7.3 High2024-03-26
CVE-2024-2214 Missing array size check in _Mtxinit() in the Xtensa port — ThreadXCWE-129 7.0 High2024-03-26
CVE-2024-2452 Integer wraparound, under-allocation, and heap buffer overflow in Eclipse ThreadX NetX Duo __portable_aligned_alloc() — ThreadXCWE-120 7.0 High2024-03-26
CVE-2023-6194 Eclipse Memory Analyzer 代码问题漏洞 — Eclipse Memory Analyzer (tools.mat)CWE-611 2.8 Low2023-12-11
CVE-2023-5676 Eclipse OpenJ9 possible infinite busy hang — OpenJ9CWE-364 4.1 Medium2023-11-15
CVE-2023-4218 XXE in eclipse.platform / Eclipse IDE — Eclipse IDECWE-611 5.0 Medium2023-11-09
CVE-2023-4043 Parsson DoS when parsing numbers from untrusted sources — ParssonCWE-20 5.9 Medium2023-11-03
CVE-2023-5763 Glassfish remote code execution — GlassfishCWE-913 6.8 Medium2023-11-03

This page lists every published CVE security advisory associated with Eclipse Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.