fasterxml
Security Risk Profile
33
/100
lowSecurity Risk Score
Comprehensive risk assessment based on 83 vulnerabilities, EPSS scores, exploitation status, and remediation availability.
📅 Data spans from April 19, 2016 to present
83
Total CVEs
76
Critical+High
0
Exploited
1
Unpatched
Threat Assessment
Avg CVSS
8.4
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
1
Critical/High
Risk Level
33/100
low
Severity Distribution
Critical
27High
49Medium
7Low
0Exploit Likelihood
>50% chance
020-50%
05-20%
0<5%
2Age Distribution
Common Weaknesses (CWE)
1
Infoleak
10
2
Input Validation
5
3
XEE
5
4
SSRF
4
5
Code Injection
1
Most Affected Products
1. fasterxml jackson-databind220
2. Oracle Primavera Unifier176
3. Oracle Retail Xstore Point of Service146
4. maven/com.fasterxml.jackson.core:jackson-databind134
5. Oracle Banking Platform116
Recent Vulnerabilities
See more →CVE-2026-29062
CVSS 8.7EPSS 0%high
jackson-core: Nesting Depth Constraint Bypass in `UTF8DataInputJsonParser` potentially allowing Resource Exhaustion
3/4/2026
REDHAT-BUG-2374804
CVSS 7.0high
6/25/2025🔧 No Patch
CVE-2025-52999
CVSS 8.7EPSS 0%high
jackson-core Has Potential for StackoverflowError if user parses an input file that contains very deeply nested data
6/25/2025
CVE-2023-3894
CVSS 8.6high
DOS in jackson-dataformats-text
8/8/2023
CVE-2023-35116
CVSS 4.7medium
6/14/2023
CVE-2021-46877
CVSS 7.5high
3/18/2023
REDHAT-BUG-2135247
CVSS 4.0medium
10/17/2022🔧 No Patch
REDHAT-BUG-2135244
CVSS 4.0medium
10/17/2022🔧 No Patch
CVE-2022-42003
CVSS 7.5high
10/2/2022
CVE-2022-42004
CVSS 7.5high
10/2/2022
Monitor fasterxml in Real-Time
Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.