VulnerableCode Package Details - pkg:maven/org.apache.xmlgraphics/batik-script@1.6.1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/org.apache.xmlgraphics/batik-script@1.6.1

purl	pkg:maven/org.apache.xmlgraphics/batik-script@1.6.1

Next non-vulnerable version	1.17
Latest non-vulnerable version	1.17
Risk	4.0

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-hmf4-tru4-x7aj Aliases: CVE-2022-42890 GHSA-rwqr-m72q-v6cm	A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.	1.16 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-q3pc-1rx9-8khw Aliases: CVE-2022-44730 GHSA-2474-2566-3qxp	Apache Batik information disclosure vulnerability Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL.	1.17 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T04:03:14.774741+00:00	GitLab Importer	Affected by	VCID-q3pc-1rx9-8khw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.xmlgraphics/batik-script/CVE-2022-44730.yml	38.6.0
2026-06-06T03:07:59.248574+00:00	GitLab Importer	Affected by	VCID-hmf4-tru4-x7aj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.xmlgraphics/batik-script/CVE-2022-42890.yml	38.6.0