261 CVEs

1 in CISA KEV

eclipse Vulnerabilities

CVE security advisories and vulnerability history for eclipse.

261

Total CVEs

Published

1

In CISA KEV

Exploited in the wild

27

Public exploits

With known exploit

6.4

Avg CVSS

2009–2026

Overview

eclipse has 261 published CVE records since 2009, of which 1 are in CISA's Known Exploited Vulnerabilities catalog and 27 have a known public exploit. The average CVSS base score across scored CVEs is 6.4.

This page aggregates every publicly disclosed vulnerability (CVE) affecting eclipse products, with severity breakdowns, the most-affected products, the most common weakness types, and the latest disclosures.

Severity and exploitation

How the CVSS severity of eclipse's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical11

High42

Medium73

Low17

118 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

1

One of eclipse's CVEs is confirmed exploited in the wild.

Public exploits

27

27 of eclipse's CVEs have a known public exploit available.

Most affected products

The eclipse products with the most published CVEs.

jetty47 CVEs
jetty.project34 CVEs
debian linux31 CVEs
Eclipse Jetty28 CVEs
mosquitto26 CVEs
org.eclipse.jetty:jetty-server24 CVEs
openj921 CVEs
threadx netx duo20 CVEs

Common weakness types

The CWE weakness categories most often found in eclipse CVEs. Follow any weakness for its full explanation.

CNAs that assign these CVEs

The CVE Numbering Authorities that publish eclipse CVE records.

Disclosure activity by year

How many eclipse CVEs were published each year.

2019

37

2020

13

2021

39

2022

22

2023

29

2024

24

2025

50

2026

16

Latest eclipse CVEs

The most recently disclosed vulnerabilities affecting eclipse.

Critical vulnerability · 2026-05-19
CWE-94
Critical · CVSS 9.1
EPSS 0.3%2026-05-19
Critical vulnerability · 2026-05-19
CWE-917
Critical · CVSS 9.6
EPSS 0.1%2026-05-19
Medium vulnerability · 2026-05-06
CWE-295
Medium · CVSS 6.9
EPSS 0.0%2026-05-06
High vulnerability · 2026-05-05
CWE-125
High · CVSS 8.7
EPSS 0.1%2026-05-05
HTTP Request Smuggling via Chunked Extension Quoted-String Parsing
CWE-444
High · CVSS 7.4
EPSS 0.0%2026-04-14
High vulnerability · 2026-04-08
CWE-287
High · CVSS 7.4
EPSS 0.0%2026-04-08
Critical vulnerability · 2026-03-05
CWE-22
Critical · CVSS 9.1
EPSS 0.1%2026-03-05
High vulnerability · 2026-03-05
CWE-400
High · CVSS 7.5
EPSS 0.0%2026-03-05
Low vulnerability · 2026-03-05
CWE-20
Low · CVSS 3.7
EPSS 0.1%2026-03-05
Critical vulnerability · 2026-03-03
CWE-1392
Critical · CVSS 9.8
EPSS 0.3%2026-03-03
Critical vulnerability · 2026-01-30
CWE-829
Critical · CVSS 10.0
EPSS 0.0%2026-01-30
Medium vulnerability · 2026-01-29
CWE-131
Medium · CVSS 6.9
EPSS 0.0%2026-01-29

Track new eclipse CVEs as they are disclosed and get AI-written analysis and remediation guidance.

Monitor eclipse CVEs

Other vendors

Browse vulnerabilities for other tracked vendors.

phpmyadmin272 CVEs Rockwell Automation267 CVEs libtiff266 CVEs artifex259 CVEs isc259 CVEs sgi259 CVEs org.jenkins-ci.main258 CVEs Elastic252 CVEs

Browse all vendors

Frequently asked questions

Common questions about eclipse vulnerabilities.

How many CVEs does eclipse have?

eclipse has 261 published CVE records since 2009, including 66 in the last two years.

How many eclipse CVEs are in CISA KEV?

Yes — 1 of eclipse's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.

Which eclipse products have the most CVEs?

The eclipse products with the most published CVEs are jetty, jetty.project, debian linux, Eclipse Jetty, mosquitto.

What are the most common weakness types in eclipse CVEs?

eclipse's CVEs most often map to these CWE weakness types: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-20 (Improper Input Validation), CWE-400 (Uncontrolled Resource Consumption), CWE-125 (Out-of-bounds Read).

Are there public exploits for eclipse vulnerabilities?

Yes — 27 of eclipse's CVEs have a known public exploit.

How many critical eclipse vulnerabilities are there?

eclipse has 11 critical and 42 high-severity CVEs.

What is the average severity of eclipse CVEs?

The average CVSS base score across eclipse's scored CVEs is 6.4.

References

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track eclipse vulnerabilities

Monitor new eclipse vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing