edu.stanford.nlp:stanford-corenlp (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package edu.stanford.nlp:stanford-corenlp, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVE-2021-44550 — CVSS 9.8 (critical): An Incorrect Access Control vulnerability exists in CoreNLP 4.3.2 via the classifier in NERServlet.java (lines 158 and 159).