Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.7
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.7
Next non-vulnerable version 2.12.7.1
Latest non-vulnerable version 2.16.0
Risk 4.0
Vulnerabilities affecting this package (10)
Vulnerability Summary Fixed by
VCID-9h46-72hw-bkcr
Aliases:
CVE-2022-42003
GHSA-jjjh-jjxp-wpff
Multiple vulnerabilities have been found in FasterXML jackson-databind, the worst of which could result in denial of service.
2.12.7.1
Affected by 0 other vulnerabilities.
2.13.4.2
Affected by 0 other vulnerabilities.
VCID-cytp-mr4h-g3ds
Aliases:
CVE-2020-36184
GHSA-m6x4-97wx-4q27
Unsafe Deserialization in jackson-databind FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.
2.9.10.8
Affected by 3 other vulnerabilities.
VCID-jcgb-bewy-4kff
Aliases:
CVE-2020-36185
GHSA-8w26-6f25-cm9x
Unsafe Deserialization in jackson-databind FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.
2.9.10.8
Affected by 3 other vulnerabilities.
VCID-swqd-uk56-wkat
Aliases:
CVE-2020-35491
GHSA-r3gr-cxrf-hg25
Serialization gadgets exploit in jackson-databind FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.
2.9.10.8
Affected by 3 other vulnerabilities.
VCID-u87p-2xgz-e3fj
Aliases:
CVE-2020-36187
GHSA-r695-7vr9-jgc2
Unsafe Deserialization in jackson-databind FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.
2.9.10.8
Affected by 3 other vulnerabilities.
VCID-ukwd-7rkh-sfhj
Aliases:
CVE-2020-35728
GHSA-5r5r-6hpj-8gg9
Deserialization of Untrusted Data FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).
2.9.10.8
Affected by 3 other vulnerabilities.
VCID-v2pq-1qhm-4qb9
Aliases:
CVE-2022-42004
GHSA-rgv9-q543-rqg4
Multiple vulnerabilities have been found in FasterXML jackson-databind, the worst of which could result in denial of service.
2.12.7.1
Affected by 0 other vulnerabilities.
2.13.4
Affected by 1 other vulnerability.
VCID-v6ek-y7cn-kycd
Aliases:
CVE-2020-36518
GHSA-57j2-w4cx-62h2
Uncontrolled Resource Consumption jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
2.12.6.1
Affected by 2 other vulnerabilities.
2.13.2.1
Affected by 2 other vulnerabilities.
VCID-wds4-urpb-euby
Aliases:
CVE-2020-36186
GHSA-v585-23hc-c647
Unsafe Deserialization in jackson-databind FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.
2.9.10.8
Affected by 3 other vulnerabilities.
VCID-ypbt-p34k-hfbc
Aliases:
CVE-2020-35490
GHSA-wh8g-3j2c-rqj5
Serialization gadgets exploit in jackson-databind FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.
2.9.10.8
Affected by 3 other vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-ec58-s3nd-7yaz Deserialization of untrusted data in jackson-databind A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVE-2021-20190
GHSA-5949-rw7g-wx7w
VCID-w51e-ntqd-8bbg XML External Entity (XXE) Injection in Jackson Databind A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity. CVE-2020-25649
GHSA-288c-cq4h-88gq

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T22:11:54.355724+00:00 GitLab Importer Affected by VCID-v2pq-1qhm-4qb9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2022-42004.yml 38.4.0
2026-04-16T22:11:53.578293+00:00 GitLab Importer Affected by VCID-9h46-72hw-bkcr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2022-42003.yml 38.4.0
2026-04-16T21:42:19.252339+00:00 GitLab Importer Affected by VCID-v6ek-y7cn-kycd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-36518.yml 38.4.0
2026-04-16T21:36:06.669692+00:00 GitLab Importer Affected by VCID-cytp-mr4h-g3ds https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-36184.yml 38.4.0
2026-04-16T21:36:05.419652+00:00 GitLab Importer Affected by VCID-ukwd-7rkh-sfhj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-35728.yml 38.4.0
2026-04-16T21:36:03.879994+00:00 GitLab Importer Affected by VCID-jcgb-bewy-4kff https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-36185.yml 38.4.0
2026-04-16T21:34:57.646184+00:00 GitLab Importer Affected by VCID-wds4-urpb-euby https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-36186.yml 38.4.0
2026-04-16T21:16:14.197240+00:00 GitLab Importer Fixing VCID-ec58-s3nd-7yaz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2021-20190.yml 38.4.0
2026-04-16T21:15:38.227111+00:00 GitLab Importer Affected by VCID-u87p-2xgz-e3fj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-36187.yml 38.4.0
2026-04-16T21:15:19.084107+00:00 GitLab Importer Affected by VCID-swqd-uk56-wkat https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-35491.yml 38.4.0
2026-04-16T21:15:18.338150+00:00 GitLab Importer Affected by VCID-ypbt-p34k-hfbc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-35490.yml 38.4.0
2026-04-16T21:14:46.037060+00:00 GitLab Importer Fixing VCID-w51e-ntqd-8bbg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-25649.yml 38.4.0
2026-04-11T23:28:43.130501+00:00 GitLab Importer Affected by VCID-v2pq-1qhm-4qb9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2022-42004.yml 38.3.0
2026-04-11T23:28:42.321731+00:00 GitLab Importer Affected by VCID-9h46-72hw-bkcr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2022-42003.yml 38.3.0
2026-04-11T22:57:49.189736+00:00 GitLab Importer Affected by VCID-v6ek-y7cn-kycd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-36518.yml 38.3.0
2026-04-11T22:49:47.256297+00:00 GitLab Importer Affected by VCID-cytp-mr4h-g3ds https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-36184.yml 38.3.0
2026-04-11T22:49:45.866060+00:00 GitLab Importer Affected by VCID-ukwd-7rkh-sfhj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-35728.yml 38.3.0
2026-04-11T22:49:44.380622+00:00 GitLab Importer Affected by VCID-jcgb-bewy-4kff https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-36185.yml 38.3.0
2026-04-11T22:48:30.286556+00:00 GitLab Importer Affected by VCID-wds4-urpb-euby https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-36186.yml 38.3.0
2026-04-11T22:28:21.762757+00:00 GitLab Importer Fixing VCID-ec58-s3nd-7yaz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2021-20190.yml 38.3.0
2026-04-11T22:27:46.427225+00:00 GitLab Importer Affected by VCID-u87p-2xgz-e3fj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-36187.yml 38.3.0
2026-04-11T22:27:27.223881+00:00 GitLab Importer Affected by VCID-swqd-uk56-wkat https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-35491.yml 38.3.0
2026-04-11T22:27:26.566490+00:00 GitLab Importer Affected by VCID-ypbt-p34k-hfbc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-35490.yml 38.3.0
2026-04-11T22:26:53.501416+00:00 GitLab Importer Fixing VCID-w51e-ntqd-8bbg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-25649.yml 38.3.0
2026-04-02T23:34:27.089894+00:00 GitLab Importer Affected by VCID-v2pq-1qhm-4qb9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2022-42004.yml 38.1.0
2026-04-02T23:34:26.334822+00:00 GitLab Importer Affected by VCID-9h46-72hw-bkcr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2022-42003.yml 38.1.0
2026-04-02T23:06:41.145078+00:00 GitLab Importer Affected by VCID-v6ek-y7cn-kycd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-36518.yml 38.1.0
2026-04-02T22:59:13.424760+00:00 GitLab Importer Affected by VCID-cytp-mr4h-g3ds https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-36184.yml 38.1.0
2026-04-02T22:59:12.189968+00:00 GitLab Importer Affected by VCID-ukwd-7rkh-sfhj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-35728.yml 38.1.0
2026-04-02T22:59:10.550165+00:00 GitLab Importer Affected by VCID-jcgb-bewy-4kff https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-36185.yml 38.1.0
2026-04-02T22:58:04.164480+00:00 GitLab Importer Affected by VCID-wds4-urpb-euby https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-36186.yml 38.1.0
2026-04-02T22:39:58.894631+00:00 GitLab Importer Fixing VCID-ec58-s3nd-7yaz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2021-20190.yml 38.1.0
2026-04-02T22:39:26.369313+00:00 GitLab Importer Affected by VCID-u87p-2xgz-e3fj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-36187.yml 38.1.0
2026-04-02T22:39:07.239899+00:00 GitLab Importer Affected by VCID-swqd-uk56-wkat https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-35491.yml 38.1.0
2026-04-02T22:39:06.673792+00:00 GitLab Importer Affected by VCID-ypbt-p34k-hfbc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-35490.yml 38.1.0
2026-04-02T22:38:36.501089+00:00 GitLab Importer Fixing VCID-w51e-ntqd-8bbg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-25649.yml 38.1.0
2026-04-02T16:56:10.892840+00:00 GHSA Importer Fixing VCID-w51e-ntqd-8bbg https://github.com/advisories/GHSA-288c-cq4h-88gq 38.1.0
2026-04-02T16:56:08.373873+00:00 GHSA Importer Fixing VCID-ec58-s3nd-7yaz https://github.com/advisories/GHSA-5949-rw7g-wx7w 38.1.0
2026-04-01T17:56:28.557516+00:00 GitLab Importer Affected by VCID-v2pq-1qhm-4qb9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2022-42004.yml 38.0.0
2026-04-01T17:56:27.749262+00:00 GitLab Importer Affected by VCID-9h46-72hw-bkcr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2022-42003.yml 38.0.0
2026-04-01T17:25:55.431731+00:00 GitLab Importer Affected by VCID-v6ek-y7cn-kycd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-36518.yml 38.0.0
2026-04-01T17:17:54.393335+00:00 GitLab Importer Affected by VCID-cytp-mr4h-g3ds https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-36184.yml 38.0.0
2026-04-01T17:17:53.025147+00:00 GitLab Importer Affected by VCID-ukwd-7rkh-sfhj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-35728.yml 38.0.0
2026-04-01T17:17:51.470951+00:00 GitLab Importer Affected by VCID-jcgb-bewy-4kff https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-36185.yml 38.0.0
2026-04-01T17:16:35.767066+00:00 GitLab Importer Affected by VCID-wds4-urpb-euby https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-36186.yml 38.0.0
2026-04-01T16:57:27.649216+00:00 GitLab Importer Fixing VCID-ec58-s3nd-7yaz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2021-20190.yml 38.0.0
2026-04-01T16:56:51.120879+00:00 GitLab Importer Affected by VCID-u87p-2xgz-e3fj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-36187.yml 38.0.0
2026-04-01T16:56:33.956663+00:00 GitLab Importer Affected by VCID-swqd-uk56-wkat https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-35491.yml 38.0.0
2026-04-01T16:56:33.309096+00:00 GitLab Importer Affected by VCID-ypbt-p34k-hfbc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-35490.yml 38.0.0
2026-04-01T16:56:01.345255+00:00 GitLab Importer Fixing VCID-w51e-ntqd-8bbg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-25649.yml 38.0.0
2026-04-01T15:59:06.037616+00:00 GHSA Importer Affected by VCID-ukwd-7rkh-sfhj https://github.com/advisories/GHSA-5r5r-6hpj-8gg9 38.0.0
2026-04-01T15:59:05.985319+00:00 GHSA Importer Affected by VCID-swqd-uk56-wkat https://github.com/advisories/GHSA-r3gr-cxrf-hg25 38.0.0
2026-04-01T15:59:05.936166+00:00 GHSA Importer Affected by VCID-ypbt-p34k-hfbc https://github.com/advisories/GHSA-wh8g-3j2c-rqj5 38.0.0
2026-04-01T13:01:15.987758+00:00 GithubOSV Importer Fixing VCID-w51e-ntqd-8bbg https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/02/GHSA-288c-cq4h-88gq/GHSA-288c-cq4h-88gq.json 38.0.0
2026-04-01T13:01:04.891663+00:00 GithubOSV Importer Fixing VCID-ec58-s3nd-7yaz https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/01/GHSA-5949-rw7g-wx7w/GHSA-5949-rw7g-wx7w.json 38.0.0