Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/com.h2database/h2@1.3.167
purl pkg:maven/com.h2database/h2@1.3.167
Next non-vulnerable version 2.2.220
Latest non-vulnerable version 2.2.220
Risk 10.0
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-6tyr-1gfy-fua1
Aliases:
CVE-2022-23221
GHSA-45hx-wfhj-473x
Improper Control of Generation of Code ('Code Injection') H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.
2.1.210
Affected by 1 other vulnerability.
VCID-furu-at6b-nbez
Aliases:
CVE-2021-23463
GHSA-7rpj-hg47-cx62
Improper Restriction of XML External Entity Reference The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.
2.0.202
Affected by 3 other vulnerabilities.
VCID-jstt-6zs3-ybew
Aliases:
CVE-2021-42392
GHSA-h376-j262-vhq6
GMS-2022-7
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in com.h2database:h2.
2.0.206
Affected by 2 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T21:37:52.954634+00:00 GitLab Importer Affected by VCID-6tyr-1gfy-fua1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.h2database/h2/CVE-2022-23221.yml 38.4.0
2026-04-16T21:36:58.386814+00:00 GitLab Importer Affected by VCID-jstt-6zs3-ybew https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.h2database/h2/GMS-2022-7.yml 38.4.0
2026-04-16T21:36:34.599148+00:00 GitLab Importer Affected by VCID-furu-at6b-nbez https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.h2database/h2/CVE-2021-23463.yml 38.4.0
2026-04-11T22:52:12.825133+00:00 GitLab Importer Affected by VCID-6tyr-1gfy-fua1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.h2database/h2/CVE-2022-23221.yml 38.3.0
2026-04-11T22:50:55.325229+00:00 GitLab Importer Affected by VCID-jstt-6zs3-ybew https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.h2database/h2/GMS-2022-7.yml 38.3.0
2026-04-11T22:50:20.328998+00:00 GitLab Importer Affected by VCID-furu-at6b-nbez https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.h2database/h2/CVE-2021-23463.yml 38.3.0
2026-04-02T23:01:37.450968+00:00 GitLab Importer Affected by VCID-6tyr-1gfy-fua1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.h2database/h2/CVE-2022-23221.yml 38.1.0
2026-04-02T23:00:18.988931+00:00 GitLab Importer Affected by VCID-jstt-6zs3-ybew https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.h2database/h2/GMS-2022-7.yml 38.1.0
2026-04-02T22:59:44.373846+00:00 GitLab Importer Affected by VCID-furu-at6b-nbez https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.h2database/h2/CVE-2021-23463.yml 38.1.0
2026-04-01T17:20:28.336147+00:00 GitLab Importer Affected by VCID-6tyr-1gfy-fua1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.h2database/h2/CVE-2022-23221.yml 38.0.0
2026-04-01T17:19:04.125182+00:00 GitLab Importer Affected by VCID-jstt-6zs3-ybew https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.h2database/h2/GMS-2022-7.yml 38.0.0
2026-04-01T17:18:28.421073+00:00 GitLab Importer Affected by VCID-furu-at6b-nbez https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.h2database/h2/CVE-2021-23463.yml 38.0.0