Launch Week Day 1: Announcing Security Design Review
Start for Free
maven

org.apache.struts:struts2-core

View on maven registry
60 Total advisories
60 Vulnerabilities
0 Malware

Vulnerabilities

CRITICAL 9.8
Maven KEV

CVE-2012-0391

Apache Struts Remote Java Code Execution
HIGH 8.1
Maven

CVE-2025-68493

Apache Struts 2 is Missing XML Validation
HIGH 8.2
Maven

CVE-2025-66675

Apache Struts has a Denial of Service vulnerability
HIGH 7.5
Maven

CVE-2025-64775

Apache Struts is Vulnerable to DoS via File Leak
HIGH 7.5
Maven

CVE-2023-41835

Apache Struts Improper Control of Dynamically-Managed Code Resources vulnerability
CRITICAL 9.8
Maven KEV

CVE-2013-2251

Code injection in Apache Struts
CRITICAL 9.8
Maven KEV

CVE-2020-17530

Remote code execution in Apache Struts
HIGH 8.1
Maven KEV

CVE-2018-11776

Apache Struts vulnerable to remote command execution (RCE) due to improper input validation
CRITICAL 10.0
Maven KEV

CVE-2017-5638

Apache Struts vulnerable to remote arbitrary command execution due to improper input validation
HIGH 7.5
Maven

CVE-2023-34396

Apache Struts vulnerable to memory exhaustion
CRITICAL 9.8
Maven

CVE-2024-53677

Apache Struts file upload logic is flawed
HIGH 8.8
Maven

CVE-2016-4461

Apache Struts forced double OGNL evaluation
CRITICAL 9.8
Maven

CVE-2023-50164

Apache Struts vulnerable to path traversal
MEDIUM 6.5
Maven

CVE-2023-34149

Apache Struts vulnerable to memory exhaustion
UNKNOWN
Maven

CVE-2013-6348

Apache Struts is vulnerable to Cross-site Scripting
UNKNOWN
Maven

CVE-2013-4310

Apache Struts2 Broken Access Control Vulnerability
UNKNOWN
Maven

CVE-2012-4386

Cross-Site Request Forgery in Apache Struts
UNKNOWN
Maven

CVE-2013-2135

Arbitrary code execution in Apache Struts 2
UNKNOWN
Maven

CVE-2014-0116

ClassLoader manipulation in Apache Struts
UNKNOWN
Maven

CVE-2013-4316

Code injection in Apache Struts
UNKNOWN
Maven

CVE-2014-0112

ClassLoader manipulation in Apache Struts
UNKNOWN
Maven

CVE-2015-1831

Incomplete exclude pattern in Apache Struts
UNKNOWN
Maven

CVE-2013-2248

Open redirect in Apache Struts
UNKNOWN
Maven

CVE-2008-6682

Apache Struts is vulnerable to Cross-site Scripting
UNKNOWN
Maven

CVE-2014-0094

ClassLoader manipulation in Apache Struts
UNKNOWN
Maven

CVE-2008-6505

Apache Struts directory traversal vulnerability
UNKNOWN
Maven

CVE-2014-7809

Cross-Site Request Forgery in Apache Struts
UNKNOWN
Maven

CVE-2012-0838

Apache Struts Code injection due to conversion error
CRITICAL 9.8
Maven

CVE-2016-4436

Apache Struts improper action name cleanup
UNKNOWN
Maven

CVE-2012-0392

Apache Struts's CookieInterceptor component does not use the parameter-name whitelist
UNKNOWN
Maven

CVE-2013-1966

Arbitrary code execution in Apache Struts
UNKNOWN
Maven

CVE-2013-2134

Arbitrary code execution in Apache Struts 2
HIGH 7.5
Maven

CVE-2017-9787

Spring AOP functionality (Struts) vulnerable to DoS attack
UNKNOWN
Maven

CVE-2011-1772

Cross-site Scripting in Apache Struts
UNKNOWN
Maven

CVE-2014-0113

ClassLoader manipulation in Apache Struts
UNKNOWN
Maven

CVE-2015-2992

Cross-site Scripting in Apache Struts
UNKNOWN
Maven

CVE-2013-1965

Improper Control of Generation of Code in Apache Struts
UNKNOWN
Maven

CVE-2012-0393

Apache Struts's ParameterInterceptor component does not prevent access to public constructors
UNKNOWN
Maven

CVE-2010-1870

Server side object manipulation in Apache Struts
MEDIUM 5.3
Maven

CVE-2016-3093

Denial of service in Apache Struts
CRITICAL 9.8
Maven

CVE-2016-3087

Apache Struts vulnerable to arbitrary remote code execution due to improper input validation
CRITICAL 9.8
Maven

CVE-2021-31805

Expression Language Injection in Apache Struts
MEDIUM 5.9
Maven

CVE-2016-8738

Apache Struts vulnerable to possible DoS attack when using URLValidator
HIGH 7.5
Maven

CVE-2017-9804

Apache Struts allows entering a custom URL in a form field if built-in URLValidator is used
MEDIUM 5.9
Maven

CVE-2017-7672

Apache Struts Improper Input Validation vulnerability
MEDIUM 6.1
Maven

CVE-2015-5169

Cross-site Scripting in Apache Struts
HIGH 7.5
Maven

CVE-2015-5209

Special top object can be used to access Struts' internals
CRITICAL 9.8
Maven

CVE-2011-3923

Struts ParameterInterceptor vulnerability allows remote command execution
CRITICAL 9.8
Maven

CVE-2016-3082

Remote Code Execution in Apache Struts
HIGH 8.8
Maven

CVE-2016-0785

Apache Struts RCE Vulnerability
CRITICAL 9.8
Maven

CVE-2016-4438

Arbitrary code execution in Apache Struts 2
MEDIUM 6.1
Maven

CVE-2016-4003

Cross-site Scripting in Apache Struts
MEDIUM 6.1
Maven

CVE-2016-2162

Apache Struts XSS Vulnerability
CRITICAL 9.8
Maven

CVE-2017-12611

Apache Struts 2.0.1 uses an unintentional expression in a Freemarker tag instead of string literal
HIGH 8.1
Maven

CVE-2016-3081

Apache Struts RCE Vulnerability
HIGH 8.1
Maven

CVE-2013-2115

Code injection in Apache Struts
MEDIUM 5.3
Maven

CVE-2016-4465

Apache Struts vulnerable to possible DoS attack when using URLValidator
HIGH 7.5
Maven

CVE-2019-0233

Improper Preservation of Permissions in Apache Struts
CRITICAL 9.8
Maven

CVE-2019-0230

Improperly Controlled Modification of Dynamically-Determined Object Attributes in Apache Struts
HIGH 8.8
Maven

CVE-2012-1592

Unrestricted Upload of File with Dangerous Type in Apache Struts2

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes