- How many CVEs does Eclipse Foundation have?
- Eclipse Foundation has 290 published CVE records since 2009, including 94 in the last two years.
- How many Eclipse Foundation CVEs are in CISA KEV?
- Yes — 1 of Eclipse Foundation's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.
- Which Eclipse Foundation products have the most CVEs?
- The Eclipse Foundation products with the most published CVEs are Jetty, Eclipse Jetty, jetty.project, mosquitto, OpenJ9.
- What are the most common weakness types in Eclipse Foundation CVEs?
- Eclipse Foundation's CVEs most often map to these CWE weakness types: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-400 (Uncontrolled Resource Consumption), CWE-20 (Improper Input Validation), CWE-125 (Out-of-bounds Read).
- Are there public exploits for Eclipse Foundation vulnerabilities?
- Yes — 33 of Eclipse Foundation's CVEs have a known public exploit.
- How many critical Eclipse Foundation vulnerabilities are there?
- Eclipse Foundation has 54 critical and 113 high-severity CVEs.
- What is the average severity of Eclipse Foundation CVEs?
- The average CVSS base score across Eclipse Foundation's scored CVEs is 7.2.