Oracle Opengrok
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Oracle Opengrok.
By the Year
In 2025 there have been 2 vulnerabilities in Oracle Opengrok with an average score of 6.1 out of ten. Opengrok did not have any published security vulnerabilities last year. That is, 2 more vulnerabilities have already been reported in 2025 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 2 | 6.10 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 8.80 |
It may take a day or so for new Opengrok vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Oracle Opengrok Security Vulnerabilities
OpenGrok 1.14.1 XSS Reflected via unsanitized revision param
CVE-2025-30755
6.1 - Medium
- September 18, 2025
OpenGrok 1.14.1 has a reflected Cross-Site Scripting (XSS) issue when producing the cross reference page. This happens through improper handling of the revision parameter. The application reflects unsanitized user input into the HTML output.
XSS
OpenGrok 1.13.25 Reflected XSS in History View via Path Segments
CVE-2025-21572
6.1 - Medium
- May 02, 2025
OpenGrok 1.13.25 has a reflected Cross-Site Scripting (XSS) issue when producing the history view page. This happens through improper handling of path segments. The application reflects unsanitized user input into the HTML output.
Vulnerability in OpenGrok (component: Web App)
CVE-2021-2322
8.8 - High
- June 23, 2021
Vulnerability in OpenGrok (component: Web App). Versions that are affected are 1.6.7 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise OpenGrok. Successful attacks of this vulnerability can result in takeover of OpenGrok. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
aka Blind XPath Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Oracle Opengrok or by Oracle? Click the Watch button to subscribe.
