Browse all 4 CVE security advisories affecting jhipster. AI-powered Chinese analysis, POCs, and references for each vulnerability.
JHipster is an open-source development platform for building modern web applications and microservices with Spring Boot and Angular/React. Historically, it has been associated with vulnerabilities like remote code execution (RCE) through misconfigured endpoints, cross-site scripting (XSS) in generated templates, and privilege escalation due to improper access controls. The platform's auto-generated code sometimes introduces security flaws if not properly customized. While no major public security incidents have been widely reported, the four CVEs on record highlight potential risks in default configurations, particularly around authentication and input validation. Developers must carefully review and secure auto-generated components to mitigate these inherent risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-43712 | JHipster 安全漏洞 — JHipsterCWE-451 | 2.9 | Low | 2025-07-25 |
| CVE-2025-31119 | CWE-470 in generator-jhipster-entity-audit when having Javers selected as Entity Audit Framework — generator-jhipster-entity-auditCWE-470 | 7.7 | High | 2025-04-03 |
| CVE-2022-24815 | SQL Injection when creating an application with Reactive SQL backend — generator-jhipsterCWE-89 | 8.1 | High | 2022-04-11 |
| CVE-2020-4072 | Log Forging in generator-jhipster-kotlin — jhipster-kotlinCWE-117 | 5.3 | Medium | 2020-06-25 |
This page lists every published CVE security advisory associated with jhipster. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.