Oracle Opengrok
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Oracle Opengrok.
By the Year
In 2026 there have been 0 vulnerabilities in Oracle Opengrok. Last year, in 2025 Opengrok had 2 security vulnerabilities published. Right now, Opengrok is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 2 | 6.10 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 8.80 |
It may take a day or so for new Opengrok vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Oracle Opengrok Security Vulnerabilities
OpenGrok 1.14.1 XSS Reflected via unsanitized revision param
CVE-2025-30755
6.1 - Medium
- September 18, 2025
OpenGrok 1.14.1 has a reflected Cross-Site Scripting (XSS) issue when producing the cross reference page. This happens through improper handling of the revision parameter. The application reflects unsanitized user input into the HTML output.
XSS
OpenGrok 1.13.25 Reflected XSS in History View via Path Segments
CVE-2025-21572
6.1 - Medium
- May 02, 2025
OpenGrok 1.13.25 has a reflected Cross-Site Scripting (XSS) issue when producing the history view page. This happens through improper handling of path segments. The application reflects unsanitized user input into the HTML output.
Vulnerability in OpenGrok (component: Web App)
CVE-2021-2322
8.8 - High
- June 23, 2021
Vulnerability in OpenGrok (component: Web App). Versions that are affected are 1.6.7 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise OpenGrok. Successful attacks of this vulnerability can result in takeover of OpenGrok. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
aka Blind XPath Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Oracle Opengrok or by Oracle? Click the Watch button to subscribe.
