Every CVE whose affected-product data names Pmd Project Pmd, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2019-7722 — CVSS 8.1 (high): PMD 5.8.1 and earlier processes XML external entities in ruleset files it parses as part of the analysis process, allowing attackers…
CVE-2026-28338 — CVSS 6.8 (medium): PMD is an extensible multilanguage static code analyzer. Prior to version 7.22.0, PMD's `vbhtml` and `yahtml` report formats insert rule…