dotcms core Vulnerabilities: CVEs, CISA KEV & Security Advisories

This page aggregates every publicly disclosed vulnerability (CVE) affecting dotcms core, with a severity breakdown, the affected and patched versions, the most common weakness types, and the full CVE list.

Affected versions and CVEs

Browse every dotcms core version named in a CVE, then pick one to see only the CVEs that affect it.

Specific versions

3.021 CVEs
3.221 CVEs
3.2.121 CVEs
pre3.5buildrevert20 CVEs
3.518 CVEs
3.5_Preview0118 CVEs
3.5_Preview0218 CVEs
3.6.018 CVEs
3.6.118 CVEs
3.7.117 CVEs
5.3.28 CVEs
v5.3.48 CVEs
v5.3.4.18 CVEs
v5.3.58 CVEs
v5.3.68 CVEs
v5.3.6.18 CVEs
v5.3.78 CVEs
v5.3.88 CVEs
v20.10.16 CVEs
v21.025 CVEs
v21.045 CVEs
v21.055 CVEs
v21.05.15 CVEs
v22.034 CVEs
23.033 CVEs
pre-release.07.13.233 CVEs
v22.03.13 CVEs
v23.023 CVEs
v23.033 CVEs
v23.053 CVEs
v23.063 CVEs
v23.09-pre3 CVEs
v23.09.73 CVEs
v23.10.243 CVEs
v23.10.24_lts_v13 CVEs
v23.10.24_lts_v23 CVEs
v23.10.24_lts_v33 CVEs
v23.10.24_lts_v43 CVEs
v23.10.24_lts_v53 CVEs
v23.10.24_lts_v63 CVEs
v23.10.24_lts_v73 CVEs
5.0.02 CVEs
5.0.12 CVEs
5.1.52 CVEs
5.2.02 CVEs
5.2.12 CVEs
v21.062 CVEs
v21.102 CVEs
v22.03.22 CVEs
v22.03.32 CVEs
v23.012 CVEs
5.2.31 CVE
release_candidate1 CVE
v20.111 CVE
v22.021 CVE
v22.061 CVE
v22.091 CVE
v23.10.24_lts_v01 CVE
v23.10.24_lts_v101 CVE
v23.10.24_lts_v81 CVE
v23.10.24_lts_v91 CVE
v24.01.261 CVE
v24.02.201 CVE
v24.03.011 CVE
v24.03.111 CVE
v24.03.221 CVE
v24.04.231 CVE
v24.04.241 CVE

Fixed in

364c910b8beb762a74d2780c64e43a69d54553b42 CVEs
42b7b5d96dc181f72e7182e5e6b1f9889c13f0932 CVEs
48f1f38a195794dc0e7c40136aa319c1a13f7c5f2 CVEs
4d47a41b27d9e50ad799b37b2f7cfc8fe99f02e12 CVEs
67371d2759506de60b7fdc312cdf6ec1d780699d2 CVEs
80ee268510783cef77379f5a6edf521360f62e412 CVEs
cc51d80d4145ee517c981a5e9b7b5399ca3dfca32 CVEs
0910570e42f9f0bc39bba29d446098e826b1bb6e1 CVE
11042a81859b31ac599335a6649b2d6fb616d52b1 CVE
155eca8cfe7e67fa92cf5d0a132245b689702c2e1 CVE
35bc8bd322ad45b3736557fae2b181646d0fd765

Find a version

53 CVEs

Sort

Critical vulnerability · 2026-02-24
CVE-2025-11165
Patch
CWE-89
Critical · CVSS 9.4
EPSS 0.1% (22th pct)2026-02-24
Medium vulnerability · 2024-07-25
CVE-2024-3938
Patch
CWE-20
Medium · CVSS 5.4
EPSS 0.7% (72th pct)2024-07-25
Medium vulnerability · 2024-04-01
CVE-2024-3165
Patch
CWE-532
Medium · CVSS 4.5
EPSS 0.2% (36th pct)2024-04-01
Medium vulnerability · 2024-04-01
CVE-2024-3164
Patch
CWE-284
Medium · CVSS 4.5
EPSS 0.2% (45th pct)2024-04-01
CNA SHORTNAME: dotCMSORG UUID: 5b9d93f2-25c7-46b4-ab60-d201718c9dd8
CVE-2023-3042CWE-79
Medium · CVSS 5.3
EPSS 0.2% (39th pct)2023-10-17
Medium vulnerability · 2023-02-01
CVE-2022-45783CWE-22
Medium · CVSS 6.5
EPSS 0.2% (48th pct)2023-02-01
High vulnerability · 2023-02-01
CVE-2022-45782CWE-338
High · CVSS 8.8
EPSS 0.4% (59th pct)2023-02-01
Medium vulnerability · 2023-02-01
CVE-2022-37034
Patch
CWE-674
Medium · CVSS 5.3
EPSS 0.4% (60th pct)2023-02-01
Medium vulnerability · 2023-02-01
CVE-2022-37033
Patch
CWE-918
Medium · CVSS 6.5
EPSS 0.2% (40th pct)2023-02-01
Medium vulnerability · 2022-11-10
CVE-2022-35740
Patch
CWE-79
Medium · CVSS 6.1
EPSS 1.0% (78th pct)2022-11-10
Vulnerability · 2022-08-05
CVE-2022-37431
Unscored
EPSS 0.2% (48th pct)2022-08-05
High vulnerability · 2022-07-17
CVE-2022-26352
CISA KEV
Public exploit
Added to CISA KEV 2022-08-25
High · CVSS 8.9
EPSS 94.3% (100th pct)2022-07-17
Vulnerability · 2021-09-08
CVE-2020-19138
Unscored
EPSS 9.3% (93th pct)2021-09-08
Vulnerability · 2021-08-18
CVE-2020-18875
Patch
Unscored
EPSS 1.3% (80th pct)2021-08-18
Vulnerability · 2021-07-09
CVE-2021-35358
Unscored
EPSS 0.4% (61th pct)2021-07-09
Vulnerability · 2021-07-09
CVE-2021-35361
Unscored
EPSS 0.4% (61th pct)2021-07-09
Vulnerability · 2021-07-09
CVE-2021-35360
Unscored
EPSS 0.4% (58th pct)2021-07-09
Vulnerability · 2021-04-23
CVE-2020-17542
Unscored
EPSS 0.3% (53th pct)2021-04-23
Vulnerability · 2020-12-30
CVE-2020-27848
Patch
Unscored
EPSS 0.4% (64th pct)2020-12-30
Vulnerability · 2020-12-21
CVE-2020-35274
Public exploit
Unscored
EPSS 0.2% (43th pct)2020-12-21
Vulnerability · 2020-02-05
CVE-2020-6754
Patch
Unscored
EPSS 73.5% (99th pct)2020-02-05
Vulnerability · 2019-06-18
CVE-2019-12872
Patch
Unscored
EPSS 0.4% (59th pct)2019-06-18
Vulnerability · 2019-05-23
CVE-2019-12309
Patch
Unscored
EPSS 0.3% (56th pct)2019-05-23
Vulnerability · 2019-05-14
CVE-2019-11846
Public exploit
Unscored
EPSS 0.2% (44th pct)2019-05-14
Vulnerability · 2019-03-07
CVE-2018-17422
Patch
Unscored
EPSS 10.8% (93th pct)2019-03-07
Vulnerability · 2018-11-26
CVE-2018-19554
Unscored
EPSS 0.2% (37th pct)2018-11-26
Vulnerability · 2018-09-12
CVE-2018-16980
Unscored
EPSS 0.2% (40th pct)2018-09-12
Vulnerability · 2018-07-24
CVE-2017-3189
Patch
CWE-434
Unscored
EPSS 6.8% (91th pct)2018-07-24
Vulnerability · 2018-07-24
CVE-2017-3188
Patch
CWE-22
Unscored
EPSS 1.7% (83th pct)2018-07-24
Vulnerability · 2018-07-24
CVE-2017-3187
Patch
CWE-352
Unscored
EPSS 0.3% (51th pct)2018-07-24

Showing 30 of 53

dotcms core Vulnerabilities

Overview

Severity and exploitation

Affected versions and CVEs

Specific versions

Fixed in

Common weakness types

Disclosure activity by year

Other dotcms products

Frequently asked questions

How many CVEs does dotcms core have?

How many dotcms core CVEs are in CISA KEV?

Are there public exploits for dotcms core vulnerabilities?

Which versions of dotcms core are affected?

What are the most common weakness types in dotcms core CVEs?

How many critical dotcms core vulnerabilities are there?

What is the average severity of dotcms core CVEs?

References

Track dotcms core vulnerabilities