org.jeecgframework.boot:jeecg-boot-base-core (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.jeecgframework.boot:jeecg-boot-base-core, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (6)
CVE-2021-46089 — CVSS 9.8 (critical): In JeecgBoot 3.0, there is a SQL injection vulnerability that can operate the database with root privileges.
CVE-2022-22880 — CVSS 9.8 (critical): Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /jeecg-boot/sys/user/queryUserByDepId.
CVE-2022-22881 — CVSS 9.8 (critical): Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /sys/user/queryUserComponentData.
CVE-2022-47105 — CVSS 9.8 (critical): Jeecg-boot v3.4.4 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData.
CVE-2025-51825 — CVSS 6.5 (medium): JeecgBoot versions from 3.4.3 up to 3.8.0 were found to contain a SQL injection vulnerability in the /jeecg-boot/online/cgreport/head/parseS…
CVE-2021-44585 — CVSS 6.1 (medium): A Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event.