Jeecg Security Vulnerabilities (CVEs)
Track 37 security vulnerabilities affecting Jeecg products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in JeecgBoot 3.9.0 that allows attackers to make the server send HTTP requests t...
Feb 22, 2026A deserialization vulnerability in JeecgBoot 3.9.1 allows remote attackers to execute arbitrary code by manipulating the importDocumentFromZip functio...
Feb 16, 2026JeecgBoot versions up to 3.9.0 contain a path traversal vulnerability in the Retrieval-Augmented Generation Module's /airag/knowledge/doc/edit endpoin...
Feb 7, 2026This CVE describes an improper authorization vulnerability in JeecgBoot's getPositionUserList function. Attackers can manipulate the positionId parame...
Dec 28, 2025This vulnerability in JeecgBoot allows attackers to bypass authorization checks by manipulating the departId parameter in the /sys/sysDepartPermission...
Dec 28, 2025This CVE describes an improper authorization vulnerability in JeecgBoot's queryDepartPermission function. Attackers can manipulate the departId parame...
Dec 28, 2025JeecgBoot up to version 3.9.0 contains an improper authorization vulnerability in the /sys/sysDepartPermission/datarule/ endpoint. This allows remote ...
Dec 28, 2025This CVE describes an improper authorization vulnerability in JeecgBoot's loadDatarule function that allows attackers to manipulate departId/roleId pa...
Dec 28, 2025This vulnerability in JeecgBoot allows attackers to exploit the getDeptRoleByUserId function by manipulating the departId parameter, leading to unauth...
Dec 28, 2025This CVE describes an improper authorization vulnerability in JeecgBoot's getDeptRoleList function. Attackers can manipulate the departId parameter to...
Dec 28, 2025This vulnerability in JeecgBoot allows attackers to bypass authorization checks by manipulating the deptId parameter in the /sys/sysDepartRole/list en...
Dec 28, 2025This vulnerability in JeecgBoot allows attackers to remotely manipulate user sessions through the SysUserOnlineController function. It affects JeecgBo...
Dec 19, 2025CVE-2025-14908 is an authentication bypass vulnerability in JeecgBoot's multi-tenant management module that allows attackers to manipulate tenant ID p...
Dec 19, 2025Jeecgboot versions 3.8.2 and earlier contain a path traversal vulnerability in the /sys/comment/addFile endpoint that allows attackers to upload files...
Oct 1, 2025This vulnerability in JeecgBoot allows unauthorized access to the tenant export function via the /sys/tenant/exportXls endpoint. Attackers can remotel...
Sep 26, 2025JeecgBoot up to version 3.8.2 contains an improper authorization vulnerability in the /sys/position/exportXls endpoint that allows remote attackers to...
Sep 26, 2025This vulnerability in JeecgBoot allows unauthorized access to the user export functionality via the /sys/user/exportXls endpoint. Attackers can exploi...
Sep 25, 2025JeecgBoot up to version 3.8.2 has an improper authorization vulnerability in the /sys/role/exportXls endpoint that allows unauthorized access to role ...
Sep 25, 2025This vulnerability in jeecgboot JimuReport allows remote attackers to execute arbitrary code through deserialization attacks via the DB2 JDBC Handler ...
Sep 21, 2025This vulnerability allows remote attackers to exploit a deserialization flaw in jeecgboot JimuReport's MySQL JDBC handler. Attackers can execute arbit...
Sep 21, 2025A remote deserialization vulnerability exists in jeecgboot JimuReport up to version 2.1.1, specifically in the Data Large Screen Template component's ...
Aug 14, 2025This vulnerability in JimuReport v1.7.8 allows attackers to escalate privileges via a crafted GET request to the /jeecg-boot/jmreport/dict/list endpoi...
Sep 10, 2024This vulnerability allows remote attackers to execute arbitrary code on JEECG systems by sending specially crafted POST requests to the jeecgFormDemoC...
Jan 3, 2024This is a Server-Side Template Injection (SSTI) vulnerability in jeecg-boot version 3.5.3 that allows remote attackers to execute arbitrary code via c...
Dec 30, 2023This SQL injection vulnerability in jeecg-boot version 3.5.3 allows remote attackers to execute arbitrary SQL commands via the jmreport/qurestSql comp...
Dec 30, 2023Jeecg Boot up to version 3.5.3 contains an arbitrary file read vulnerability in the /testConnection interface. This allows attackers to read sensitive...
Sep 8, 2023Jeecg Boot versions up to 3.5.3 contain a SQL injection vulnerability in the /jeecg-boot/jmreport/show component. This allows attackers to execute arb...
Sep 8, 2023JeecgBoot versions up to 3.5.1 contain a SQL injection vulnerability in the queryTableDictItemsByCode component of the SystemApiController. This allow...
Jun 19, 2023Jeecg-Boot versions 3.5.0 and 3.5.1 contain a SQL injection vulnerability in the id parameter of the /jeecg-boot/jmreport/show interface. This allows ...
Jun 16, 2023CVE-2023-24789 is an authenticated SQL injection vulnerability in jeecg-boot's building block report component. Attackers with valid credentials can e...
Mar 6, 2023CVE-2021-37304 is an insecure permissions vulnerability in jeecg-boot 2.4.5 that allows unauthenticated remote attackers to access the httptrace inter...
Feb 3, 2023CVE-2021-37306 is an insecure permissions vulnerability in jeecg-boot that allows remote attackers to check if a username exists without authenticatio...
Feb 3, 2023Jeecg-boot v3.0 contains a SQL injection vulnerability in the /jeecg-boot/sys/user/queryUserByDepId endpoint via the code parameter. This allows attac...
Feb 16, 2022CVE-2021-46089 is a critical SQL injection vulnerability in JeecgBoot 3.0 that allows attackers to execute arbitrary SQL commands with root database p...
Jan 25, 2022CVE-2020-20948 is an arbitrary file download vulnerability in JEECG v3.8 that allows attackers to access sensitive server files by manipulating the 'l...
Dec 27, 2021This vulnerability allows attackers to upload arbitrary files to the jeecg-boot CMS system through the /jeecg-boot/sys/common/upload endpoint. Attacke...
Aug 6, 2021This SQL injection vulnerability in jeecg-boot CMS allows attackers to execute arbitrary SQL commands through the /jeecg boot/sys/dict/loadtreedata en...
Aug 6, 2021Why Monitor Jeecg Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 37+ known vulnerabilities affecting Jeecg products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Jeecg packages in under 60 seconds. No agents required - completely agentless scanning that works across Jeecg deployments.
Free vulnerability database: Access detailed information about every Jeecg CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Jeecg CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
