eclipse openj9 Vulnerabilities: CVEs, CISA KEV & Security Advisories

Severity and exploitation

How the CVSS severity of eclipse openj9's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical0

High3

Medium3

Low1

14 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

None of eclipse openj9's CVEs are currently listed in CISA's KEV catalog.

Public exploits

2 of eclipse openj9's CVEs have a known public exploit available.

Affected versions and CVEs

Browse every eclipse openj9 version named in a CVE, then pick one to see only the CVEs that affect it.

Specific versions

openj9-0.8.018 CVEs
openj9-0.8.0-rc218 CVEs
openj9-0.10.0-rc117 CVEs
openj9-0.11.017 CVEs
openj9-0.11.0-rc117 CVEs
openj9-0.11.0-rc217 CVEs
openj9-0.9.0-rc117 CVEs
openj9-0.016 CVEs
openj9-0.0M116 CVEs
openj9-0.0RC216 CVEs
openj9-0.8.0-rc116 CVEs
openj9-0.12.0-m115 CVEs
openj9-0.12.0-m215 CVEs
openj9-0.12.0-rc115 CVEs
openj9-0.16.0-m110 CVEs
openj9-0.17.0-m110 CVEs
openj9-0.18.0-m110 CVEs
openj9-0.19.0-m110 CVEs
openj9-0.20.0-m110 CVEs
openj9-0.21.0-m110 CVEs
openj9-0.22.0-m19 CVEs
openj9-0.23.0-m19 CVEs
openj9-0.24.0-m18 CVEs
openj9-0.26.0-m17 CVEs
openj9-0.27.0-m17 CVEs
openj9-0.29.0-m17 CVEs
openj9-0.30.0-m16 CVEs
openj9-0.30.0-m1a6 CVEs
openj9-0.33.0-m15 CVEs
openj9-0.35.0-m15 CVEs
openj9-0.15.0-m13 CVEs
openj9-0.14.0-m11 CVE
openj9-0.20.01 CVE
openj9-0.20.0-m21 CVE
openj9-0.21.01 CVE
openj9-0.21.0-m21 CVE
openj9-0.23.01 CVE
openj9-0.23.0-m21 CVE
openj9-0.25.01 CVE
openj9-0.25.0-m11 CVE
openj9-0.25.0-m21 CVE
openj9-0.25.0-m31 CVE
openj9-0.29.0-m21 CVE
openj9-0.29.0-m2a1 CVE
openj9-0.32.0-m11 CVE
openj9-0.32.0-m1a1 CVE
openj9-0.32.0-m21 CVE
openj9-0.35.0-m21 CVE
openj9-0.35.0-m2a1 CVE
openj9-0.35.0-m2b1 CVE
openj9-0.51.01 CVE

Fixed in

0.15.03 CVEs
4a7a6b2b1e74c15ddbe8fea47e3d3fba21f91cd63 CVEs
0.12.01 CVE
0.14.01 CVE
0.29.01 CVE
0.32.01 CVE
0.35.01 CVE
0.38.01 CVE
0.41.01 CVE
0.44.01 CVE
0.48.01 CVE
0.59.01 CVE
04890c30076872e4c5286727d4d63473c41674e81 CVE

Find a version

21 CVEs

Sort

High vulnerability · 2026-05-05
CVE-2026-6918
Public exploit
Patch
CWE-125
High · CVSS 8.7
EPSS 0.1% (18th pct)2026-05-05
Buffer Overflow in Eclipse OpenJ9
CVE-2025-4447
Patch
CWE-121
High · CVSS 7.0
EPSS 0.2% (46th pct)2025-05-09
Eclipse OpenJ9 might return an incorrect value in JNI function GetStringUTFLength
CVE-2024-10917
Patch
CWE-190
Low · CVSS 3.7
EPSS 0.3% (54th pct)2024-11-11
Eclipse Open J9 With -Xgc:concurrentScavenge on IBM Z, could write/read outside of a buffer
CVE-2024-3933
Patch
CWE-787
Medium · CVSS 5.3
EPSS 0.1% (21th pct)2024-05-27
Medium vulnerability · 2023-11-15
CVE-2023-5676
Patch
CWE-364
Medium · CVSS 4.1
EPSS 0.0% (14th pct)2023-11-15
High vulnerability · 2023-05-22
CVE-2023-2597
Patch
CWE-120
High · CVSS 7.0
EPSS 0.0% (13th pct)2023-05-22
Medium vulnerability · 2022-10-24
CVE-2022-3676
Patch
CWE-20
Medium · CVSS 6.5
EPSS 0.3% (57th pct)2022-10-24
Vulnerability · 2022-04-27
CVE-2021-41041
Patch
CWE-843
Unscored
EPSS 0.1% (24th pct)2022-04-27
Vulnerability · 2021-10-25
CVE-2021-41035
Patch
CWE-250
Unscored
EPSS 0.2% (36th pct)2021-10-25
Vulnerability · 2021-04-21
CVE-2021-28167
Public exploit
Patch
CWE-909
Unscored
EPSS 0.2% (40th pct)2021-04-21
Vulnerability · 2021-01-21
CVE-2020-27221
Patch
CWE-121
Unscored
EPSS 0.7% (73th pct)2021-01-21
Vulnerability · 2020-07-15
CVE-2019-17639CWE-843
Unscored
EPSS 0.6% (71th pct)2020-07-15
Vulnerability · 2019-10-17
CVE-2019-17631CWE-285
Unscored
EPSS 0.5% (66th pct)2019-10-17
Vulnerability · 2019-07-30
CVE-2019-11775
Patch
CWE-367
Unscored
EPSS 1.5% (81th pct)2019-07-30
Vulnerability · 2019-07-17
CVE-2019-11772
Patch
CWE-787
Unscored
EPSS 0.9% (75th pct)2019-07-17
Vulnerability · 2019-07-17
CVE-2019-11771
Patch
CWE-264
Unscored
EPSS 0.0% (13th pct)2019-07-17
Vulnerability · 2019-04-19
CVE-2019-10245
Patch
CWE-20
Unscored
EPSS 1.5% (82th pct)2019-04-19
Vulnerability · 2019-02-11
CVE-2018-12549CWE-111
Unscored
EPSS 0.7% (73th pct)2019-02-11
Vulnerability · 2019-02-11
CVE-2018-12547
Patch
CWE-20
Unscored
EPSS 0.8% (74th pct)2019-02-11
Vulnerability · 2019-01-31
CVE-2018-12548CWE-822
Unscored
EPSS 0.4% (62th pct)2019-01-31
Vulnerability · 2018-08-14
CVE-2018-12539CWE-419
Unscored
EPSS 0.0% (15th pct)2018-08-14

Severity and exploitation

eclipse openj9 Vulnerabilities

Overview

Severity and exploitation

Affected versions and CVEs

Specific versions

Fixed in

Common weakness types

Disclosure activity by year

Other eclipse products

Frequently asked questions

How many CVEs does eclipse openj9 have?

How many eclipse openj9 CVEs are in CISA KEV?

Are there public exploits for eclipse openj9 vulnerabilities?

Which versions of eclipse openj9 are affected?

What are the most common weakness types in eclipse openj9 CVEs?

What is the average severity of eclipse openj9 CVEs?

References

Track eclipse openj9 vulnerabilities