Jasperreports CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-6009	1 Jaspersoft	8 Jasperreports Io At-scale, Jasperreports Io Professional, Jasperreports Library Community Edition and 5 more	2026-05-20	N/A
Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution (RCE), potentially allowing code execution on the affected system
CVE-2025-10492	2 Cloud, Jaspersoft	6 Jasperreports Io, Jasperreports Library, Jasperreports Server and 3 more	2026-02-10	9.8 Critical
A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library
CVE-2017-14941	1 Jaspersoft	1 Jasperreports	2025-04-20	N/A
Jaspersoft JasperReports 4.7 suffers from a saved credential disclosure vulnerability, which allows a remote authenticated user to retrieve stored Data Source passwords by accessing flow.html and reading the HTML source code of the page reached in an Edit action for a Data Source connector.

Page 1 of 1.