VulnerableCode Package Details - pkg:maven/org.hibernate.validator/hibernate-validator@6.0.20.Final

Search for packages

Vulnerability	Summary	Fixed by
VCID-9uhp-vwce-j7bq Aliases: CVE-2025-35036 GHSA-7v6m-28jr-rg84	hibernate-validator: Hibernate Validator Expression Language Injection	6.2.0.CR1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 7.0.0.CR1 Affected by 0 other vulnerabilities.
VCID-bfcr-wj82-k3a6 Aliases: CVE-2023-1932 GHSA-x83m-pf6f-pf9g	hibernate-validator Cross-site Scripting vulnerability A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or Cross-Site-Scripting (XSS) attacks.	6.2.0.Final Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-9uhp-vwce-j7bq
Aliases:
CVE-2025-35036
GHSA-7v6m-28jr-rg84

hibernate-validator: Hibernate Validator Expression Language Injection

6.2.0.CR1
Affected by 1 other vulnerability.

7.0.0.CR1
Affected by 0 other vulnerabilities.

VCID-bfcr-wj82-k3a6
Aliases:
CVE-2023-1932
GHSA-x83m-pf6f-pf9g

hibernate-validator Cross-site Scripting vulnerability A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or Cross-Site-Scripting (XSS) attacks.

6.2.0.Final
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-mxfw-116e-m3f8	Improper Input Validation in Hibernate Validator A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.	CVE-2020-10693 GHSA-rmrm-75hp-phr2

Vulnerability

Summary

Aliases

VCID-mxfw-116e-m3f8

Improper Input Validation in Hibernate Validator A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.

CVE-2020-10693
GHSA-rmrm-75hp-phr2

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-30T07:28:21.703575+00:00	GitLab Importer	Affected by	VCID-9uhp-vwce-j7bq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.hibernate.validator/hibernate-validator/CVE-2025-35036.yml	38.6.0
2026-05-30T07:06:11.954864+00:00	GitLab Importer	Affected by	VCID-bfcr-wj82-k3a6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.hibernate.validator/hibernate-validator/CVE-2023-1932.yml	38.6.0
2026-05-30T04:44:14.075010+00:00	GitLab Importer	Fixing	VCID-mxfw-116e-m3f8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.hibernate.validator/hibernate-validator/CVE-2020-10693.yml	38.6.0
2026-05-29T09:16:22.346475+00:00	GithubOSV Importer	Fixing	VCID-mxfw-116e-m3f8	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/06/GHSA-rmrm-75hp-phr2/GHSA-rmrm-75hp-phr2.json	38.6.0