Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.grails/grails-core@2.4.2
purl pkg:maven/org.grails/grails-core@2.4.2
Next non-vulnerable version 3.3.6
Latest non-vulnerable version 6.1.0
Risk 3.1
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-fbhx-m96w-6ycw
Aliases:
CVE-2019-12728
GHSA-pmxf-4v8c-rwr7
MITM vulnerability Grails uses cleartext HTTP to resolve the SDKMan notification service.
3.3.10
Affected by 0 other vulnerabilities.
VCID-km5j-a2bt-hfhq
Aliases:
CVE-2018-1000529
GHSA-q25j-gcmv-5qpp
Stored Cross Site Scripting in Grails Fields Plugin Grails Fields plugin version 2.2.7 contains a Cross Site Scripting (XSS) vulnerability in using the display tag that can result in XSS. This vulnerability has been fixed in version 2.2.8.
3.3.6
Affected by 0 other vulnerabilities.
3.3.10
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-05-31T09:57:00.326551+00:00 GitLab Importer Affected by VCID-fbhx-m96w-6ycw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.grails/grails-core/CVE-2019-12728.yml 38.6.0
2026-05-31T09:51:30.806800+00:00 GitLab Importer Affected by VCID-km5j-a2bt-hfhq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.grails/grails-core/CVE-2018-1000529.yml 38.6.0