Oracle Java Virtual Machine

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Oracle Java Virtual Machine.

By the Year

In 2025 there have been 2 vulnerabilities in Oracle Java Virtual Machine with an average score of 5.8 out of ten. Last year, in 2024 Java Virtual Machine had 1 security vulnerability published. That is, 1 more vulnerability have already been reported in 2025 as compared to last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.50.

Year	Vulnerabilities	Average Score
2025	2	5.80
2024	1	5.30
2023	1	4.30
2022	1	4.30
2021	2	5.70
2020	1	3.10
2019	0	0.00
2018	0	0.00

It may take a day or so for new Java Virtual Machine vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Oracle Java Virtual Machine Security Vulnerabilities

Vulnerability in the Java VM component of Oracle Database Server

CVE-2025-30736 7.4 - High - April 15, 2025

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.26, 21.3-21.17 and 23.4-23.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data as well as unauthorized access to critical data or complete access to all Java VM accessible data. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

Vulnerability in the Java VM component of Oracle Database Server

CVE-2025-21553 4.2 - Medium - January 21, 2025

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.25, 21.3-21.16 and 23.4-23.6. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data as well as unauthorized read access to a subset of Java VM accessible data. CVSS 3.1 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N).

Vulnerability in the Java VM component of Oracle Database Server

CVE-2024-21093 5.3 - Medium - April 16, 2024

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java VM accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).

Vulnerability in the Java VM component of Oracle Database Server

CVE-2022-39429 4.3 - Medium - January 18, 2023

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java VM. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).

Vulnerability in the Java VM component of Oracle Database Server

CVE-2022-39419 4.3 - Medium - October 18, 2022

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java VM accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Vulnerability in the Java VM component of Oracle Database Server

CVE-2021-35619 7.1 - High - October 20, 2021

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 19c and 21c. Difficult to exploit vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.1 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H).

Vulnerability in the Java VM component of Oracle Database Server

CVE-2021-2438 4.3 - Medium - July 21, 2021

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java VM. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).

Vulnerability in the Java VM component of Oracle Database Server

CVE-2020-14743 3.1 - Low - October 21, 2020

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data. CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Oracle Java Virtual Machine or by Oracle? Click the Watch button to subscribe.

Oracle
Vendor

Oracle Java Virtual Machine
Product

Oracle Java Virtual Machine

Don't miss out!

By the Year

Recent Oracle Java Virtual Machine Security Vulnerabilities

Vulnerability in the Java VM component of Oracle Database Server CVE-2025-30736 7.4 - High - April 15, 2025

Vulnerability in the Java VM component of Oracle Database Server CVE-2025-21553 4.2 - Medium - January 21, 2025

Vulnerability in the Java VM component of Oracle Database Server CVE-2024-21093 5.3 - Medium - April 16, 2024

Vulnerability in the Java VM component of Oracle Database Server CVE-2022-39429 4.3 - Medium - January 18, 2023

Vulnerability in the Java VM component of Oracle Database Server CVE-2022-39419 4.3 - Medium - October 18, 2022

Vulnerability in the Java VM component of Oracle Database Server CVE-2021-35619 7.1 - High - October 20, 2021

Vulnerability in the Java VM component of Oracle Database Server CVE-2021-2438 4.3 - Medium - July 21, 2021

Vulnerability in the Java VM component of Oracle Database Server CVE-2020-14743 3.1 - Low - October 21, 2020