com.xuxueli:xxl-job-core (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package com.xuxueli:xxl-job-core, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (6)
CVE-2022-40929 — CVSS 9.8 (critical): XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks. NOTE: this is disputed because the issues/4929 report is about an…
CVE-2022-43183 — CVSS 8.8 (high): XXL-Job before v2.3.1 contains a Server-Side Request Forgery (SSRF) via the component /admin/controller/JobLogController.java.
CVE-2024-42681 — CVSS 8.8 (high): Insecure Permissions vulnerability in xxl-job v.2.4.1 allows a remote attacker to execute arbitrary code via the Sub-Task ID component.
CVE-2025-7787 — CVSS 6.3 (medium): A vulnerability, which was classified as critical, was found in Xuxueli xxl-job up to 3.1.1. Affected is the function httpJobHandler of the…
CVE-2020-29204 — CVSS 6.1 (medium): XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-character limit via xxl-job-admin/src/main/java/com/xxl/job/admin/controller/…
CVE-2024-3366 — CVSS 3.5 (low): A vulnerability classified as problematic was found in Xuxueli xxl-job up to 2.4.1. This vulnerability affects the function deserialize of…