CVE security advisories and vulnerability history for jetty.project by eclipse.
30
Total CVEs
Published
0
In CISA KEV
Exploited in the wild
2
Public exploits
With known exploit
5.6
Avg CVSS
2017–2026
Last updated
Overview
eclipse jetty.project has 30 published CVE records since 2017, of which 0 are in CISA's Known Exploited Vulnerabilities catalog and 2 have a known public exploit. The average CVSS base score across scored CVEs is 5.6.
This page aggregates every publicly disclosed vulnerability (CVE) affecting eclipse jetty.project, with a severity breakdown, the affected and patched versions, the most common weakness types, and the full CVE list.
Severity and exploitation
How the CVSS severity of eclipse jetty.project's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.
Critical0
High8
Medium5
Low6
11 additional CVEs have no CVSS severity score.
In CISA’s Known Exploited Vulnerabilities catalog
0
None of eclipse jetty.project's CVEs are currently listed in CISA's KEV catalog.
Public exploits
2
2 of eclipse jetty.project's CVEs have a known public exploit available.
Affected versions and CVEs
Browse every eclipse jetty.project version named in a CVE, then pick one to see only the CVEs that affect it.
Common questions about eclipse jetty.project vulnerabilities.
How many CVEs does eclipse jetty.project have?
eclipse jetty.project has 30 published CVE records since 2017.
How many eclipse jetty.project CVEs are in CISA KEV?
None of eclipse jetty.project's CVEs are currently listed in CISA's Known Exploited Vulnerabilities catalog.
Are there public exploits for eclipse jetty.project vulnerabilities?
Yes — 2 of eclipse jetty.project's CVEs have a known public exploit.
Which versions of eclipse jetty.project are affected?
1,711 distinct eclipse jetty.project versions are named across its CVEs. Use the version filter above to see the CVEs affecting a specific version.
What are the most common weakness types in eclipse jetty.project CVEs?
eclipse jetty.project's CVEs most often map to these CWE weakness types: CWE-400 (Uncontrolled Resource Consumption), CWE-444 (Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')), CWE-404 (Improper Resource Shutdown or Release), CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor).
What is the average severity of eclipse jetty.project CVEs?
The average CVSS base score across eclipse jetty.project's scored CVEs is 5.6.
