org.hibernate:hibernate-core

Maven3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.hibernate:hibernate-corepage 1 of 1

CVE-2019-14900MEDIUMCVSS 6.5EG 6.5✓ Fixed in 5.5.0.Beta1
2020-07-06
vulnerable: 5.5.0.Alpha1
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of th…
CVE-2020-25638HIGHCVSS 7.4EG 7.4✓ Fixed in 5.3.20.Final
2020-12-02
vulnerable: 3.3.0.CR1 ... 5.3.9.Final (193 versions)
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This…
CVE-2026-0603HIGHCVSS 8.3EG 8.3
2026-01-23
vulnerable: 5.2.10.Final ... 5.6.9.Final (124 versions)
A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClau…

Check whether org.hibernate:hibernate-core is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.hibernate:hibernate-core CVEs against the assets you own.

Start Free Scan →