Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/net.sourceforge.pmd/pmd-core@5.5.1
purl pkg:maven/net.sourceforge.pmd/pmd-core@5.5.1
Next non-vulnerable version 7.22.0
Latest non-vulnerable version 7.22.0
Risk
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-eatk-tj8f-t7gr
Aliases:
CVE-2019-7722
GHSA-57qj-79gh-69w8
6.0.0
Affected by 1 other vulnerability.
VCID-jw3k-5qtj-zqb4
Aliases:
CVE-2026-28338
GHSA-8rr6-2qw5-pc7r
PMD is an extensible multilanguage static code analyzer. Prior to version 7.22.0, PMD's `vbhtml` and `yahtml` report formats insert rule violation messages into HTML output without escaping. When PMD analyzes untrusted source code containing crafted string literals, the generated HTML report contains executable JavaScript that runs when opened in a browser. Practical impact is limited because `vbhtml` and `yahtml` are legacy formats rarely used in practice. The default `html` format is properly escaped and not affected. Version 7.22.0 contains a fix for the issue.
7.22.0
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-12T21:11:21.985837+00:00 GitLab Importer Affected by VCID-jw3k-5qtj-zqb4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/net.sourceforge.pmd/pmd-core/CVE-2026-28338.yml 38.6.0
2026-06-12T18:12:43.742084+00:00 GitLab Importer Affected by VCID-eatk-tj8f-t7gr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/net.sourceforge.pmd/pmd-core/CVE-2019-7722.yml 38.6.0