Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

The Eclipse Foundation — Vulnerabilities & Security Advisories 101

Browse all 101 CVE security advisories affecting The Eclipse Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

The Eclipse Foundation operates as a non-profit organization managing open-source software projects, primarily serving developers through widely adopted frameworks like Eclipse IDE, Jakarta EE, and OSGi. Its core business involves stewarding these technologies, which are integral to enterprise Java development and IoT ecosystems. Historically, vulnerabilities within its ecosystem have frequently involved remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from complex plugin architectures or legacy codebases. While the Foundation itself does not develop all software, its projects have faced notable security incidents, including critical flaws in Eclipse IDE components that allowed unauthorized access or system compromise. With 101 CVEs currently on record, the organization emphasizes community-driven security reviews and transparent disclosure processes to mitigate risks. These efforts aim to maintain trust among millions of users who rely on its tools for mission-critical applications, ensuring that security patches are distributed promptly to address identified weaknesses in its extensive portfolio of open-source solutions.

Top products by The Eclipse Foundation: Eclipse Jetty Eclipse Mosquitto Eclipse OpenJ9 Eclipse Vert.x Eclipse Theia Eclipse Californium Eclipse Kura Eclipse OMR Eclipse BIRT Eclipse Hono Eclipse Memory Analyzer Eclipse Che Eclipse hawkBit Eclipse Lyo Eclipse BIRT (Business Intelligence Reporting Tool) Eclipse GlassFish @theia/plugin-ext Eclipse Sphinx Eclipse Equinox p2 Eclipse Paho MQTT C Client Eclipse Equinox Eclipse TinyDTLS Jakarta Expression Language Implementation Eclipse Jersey Eclipse Platform Eclipse Web Tools Platform Eclipse Paho Eclipse Buildship Eclipse Xtext Eclipse Vorto
CVE IDTitleCVSSSeverityPublished
CVE-2018-12539 Eclipse OpenJ9 代码问题漏洞 — Eclipse OpenJ9CWE-419 8.8 -2018-08-14
CVE-2018-12540 Eclipse Vert.x 跨站请求伪造漏洞 — Eclipse Vert.xCWE-352 8.8 -2018-07-12
CVE-2018-12536 Eclipse Jetty Server 信息泄露漏洞 — Eclipse JettyCWE-209 5.3 -2018-06-27
CVE-2017-7658 Eclipse Jetty Server 环境问题漏洞 — Eclipse JettyCWE-444 9.8 -2018-06-26
CVE-2017-7657 Eclipse Jetty 环境问题漏洞 — Eclipse JettyCWE-444 9.8 -2018-06-26
CVE-2017-7656 Eclipse Jetty 安全漏洞 — Eclipse JettyCWE-444 6.5 -2018-06-26
CVE-2018-12538 Eclipse Jetty 授权问题漏洞 — Eclipse JettyCWE-6 8.3 -2018-06-22
CVE-2017-7653 Eclipse Mosquitto broker 安全漏洞 — Eclipse MosquittoCWE-20 7.5 -2018-06-05
CVE-2017-7654 Eclipse Mosquitto 安全漏洞 — Eclipse MosquittoCWE-401 7.5 -2018-06-05
CVE-2017-7652 Eclipse Mosquitto 安全漏洞 — Eclipse MosquittoCWE-789 6.8 -2018-04-25
CVE-2017-7651 Eclipse Mosquitto 安全漏洞 — Eclipse MosquittoCWE-789 7.5 -2018-04-24

This page lists every published CVE security advisory associated with The Eclipse Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.