Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

y_project — Vulnerabilities & Security Advisories 10

Browse all 10 CVE security advisories affecting y_project. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Y_project serves as a core enterprise collaboration platform, enabling document management and team communication workflows. Historically, the project has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, accounting for its 10 recorded CVEs. Notable security characteristics include insufficient input validation in web components and inconsistent access controls. While no major public incidents have been widely documented, the consistent pattern of vulnerabilities across multiple versions suggests ongoing challenges in secure coding practices and timely patch management, potentially exposing deployments to significant compromise risks.

Top products by y_project: RuoYi RuoYi-Cloud
CVE IDTitleCVSSSeverityPublished
CVE-2025-14856 y_project RuoYi getnames code injection — RuoYiCWE-94 6.3 Medium2025-12-18
CVE-2025-4819 y_project RuoYi Offline Logout batchForceLogout improper authorization — RuoYiCWE-285 3.1 Low2025-05-17
CVE-2025-0734 y_project RuoYi Whitelist getBeanName deserialization — RuoYiCWE-502 4.7 Medium2025-01-27
CVE-2024-9048 y_project RuoYi Backend User Import SysUserServiceImpl.java SysUserServiceImpl cross site scripting — RuoYiCWE-79 3.1 Low2024-09-21
CVE-2024-6511 y_project RuoYi Content-Type isJsonRequest cross site scripting — RuoYiCWE-79 3.5 Low2024-07-04
CVE-2023-7133 y_project RuoYi HTTP POST Request login cross site scripting — RuoYiCWE-79 4.3 Medium2023-12-28
CVE-2023-3815 y_project RuoYi File Upload uploadFilesPath cross site scripting — RuoYiCWE-79 3.5 Low2023-07-21
CVE-2023-3163 y_project RuoYi filterKeyword resource consumption — RuoYiCWE-400 3.5 Low2023-06-08
CVE-2022-4566 y_project RuoYi GenController sql injection — RuoYiCWE-707 5.5 Medium2022-12-16
CVE-2022-4348 y_project RuoYi-Cloud JSON cross site scripting — RuoYi-CloudCWE-707 3.5 Low2022-12-08

This page lists every published CVE security advisory associated with y_project. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.