Browse all 3 CVE security advisories affecting Hibernate. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Hibernate is an open-source Java framework for object-relational mapping, primarily used to simplify database interactions in Java applications. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insecure deserialization, improper input validation, and access control flaws. While no major public incidents have been widely documented, the three recorded CVEs highlight potential risks in deserialization and input handling. Its security posture benefits from regular updates and community scrutiny, but developers must remain vigilant about proper configuration and usage to mitigate risks associated with its complex feature set.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2020-10693 | Hibernate Validator 输入验证错误漏洞 — hibernate-validatorCWE-20 | 5.3 | Medium | 2020-05-06 |
| CVE-2019-10219 | Hibernate Validator 跨站脚本漏洞 — hibernate-validatorCWE-79 | 5.4 | - | 2019-11-08 |
This page lists every published CVE security advisory associated with Hibernate. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.