Org.apache.synapse:synapse-core
This hub aggregates every CVE we track for Org.apache.synapse:synapse-core, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
2
CVEs tracked
1
Critical
1
High
0
In CISA KEV
Severity distribution
HIGH1CRITICAL1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 2 most recently published vulnerabilities affecting Org.apache.synapse:synapse-core.
- CVE-2025-11093Arbitrary Code Execution with higher privileged users in Multiple WSO2 Products via Script Mediator Engines (GraalJS and NashornJS)8.4
- CVE-2017-15708In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows...9.8
Product normalization is registry-driven with AI assist and human review. How it works