Browse all 95 CVE security advisories affecting Eclipse Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.
The Eclipse Foundation operates as a non-profit organization managing an open-source ecosystem, primarily hosting the Eclipse Integrated Development Environment (IDE) and related tooling. Its infrastructure supports a vast array of plugins and projects, creating a complex attack surface that has historically resulted in numerous security vulnerabilities. Recorded Common Vulnerabilities and Exposures (CVEs) frequently involve remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from input validation errors or insecure default configurations within specific plugins rather than the core platform itself. While the Foundation maintains rigorous governance and security advisory processes, the decentralized nature of its project portfolio means individual components may lag in patching. Notable incidents have highlighted risks associated with supply chain dependencies and outdated libraries within the broader ecosystem. Consequently, users must prioritize regular updates and strict plugin vetting to mitigate exposure to these historically common vulnerability classes.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-1188 | Eclipse OMR 安全漏洞 — Eclipse OMRCWE-131 | 9.8AI | CriticalAI | 2026-01-29 |
| CVE-2025-1471 | Eclipse OMR: Buffer overflow vulnerability — Eclipse OMRCWE-787 | 9.8 | - | 2025-02-21 |
| CVE-2025-1470 | Eclipse OMR: Null pointer dereference vulnerability — Eclipse OMRCWE-476 | 7.5 | - | 2025-02-21 |
This page lists every published CVE security advisory associated with Eclipse Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.