Mybatis
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Mybatis product.
RSS Feeds for Mybatis security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Mybatis products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Mybatis Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2026 there have been 0 vulnerabilities in Mybatis. Mybatis did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 1 | 9.80 |
| 2022 | 1 | 9.80 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 8.10 |
It may take a day or so for new Mybatis vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Mybatis Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2023-25330 | Apr 05, 2023 |
Mybatis-plus <3.5.3.1 SQLi via tenant ID valueA SQL injection vulnerability in Mybatis plus below 3.5.3.1 allows remote attackers to execute arbitrary SQL commands via the tenant ID valuer. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications that avoid SQL injection. |
Mybatis
|
| CVE-2022-36594 | Sep 02, 2022 |
SQLi in Mapper v4.0.0v4.2.0 via ids in selectByIdsMapper v4.0.0 to v4.2.0 was discovered to contain a SQL injection vulnerability via the ids parameter at the selectByIds function. |
Mapper
|
| CVE-2020-26945 | Oct 10, 2020 |
MyBatis before 3.5.6 mishandles deserialization of object streams.MyBatis before 3.5.6 mishandles deserialization of object streams. |
Mybatis
|