Known Vulnerabilities for products from Alibaba
Listed below are 11 of the newest known vulnerabilities associated with the vendor "Alibaba".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-39974 json | Not Provided | 2026-04-09 | 2026-04-13 | |
| CVE-2022-25845 json | The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default a... | 9.8 - CRITICAL | 2022-06-10 | 2023-02-23 |
| CVE-2021-44667 json | A Cross Site Scripting (XSS) vulnerability exists in Nacos 2.0.3 in auth/users via the (1) pageSize and (2) pageNo parameters... | 6.1 - MEDIUM | 2022-03-11 | 2022-03-18 |
| CVE-2021-43116 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2022-07-05 | 2023-04-03 |
| CVE-2021-33800 json | In Druid 1.2.3, visiting the path with parameter in a certain function can lead to directory traversal. | 7.5 - HIGH | 2021-11-03 | 2021-11-05 |
| CVE-2021-29442 json | Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version ... | 7.5 - HIGH | 2021-04-27 | 2021-05-07 |
| CVE-2021-29441 json | Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version ... | 9.8 - CRITICAL | 2021-04-27 | 2021-05-07 |
| CVE-2020-21699 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2023-08-22 | 2023-11-07 |
| CVE-2020-19676 json | Nacos 1.1.4 is affected by: Incorrect Access Control. An environment can be set up locally to get the service details interfa... | 5.3 - MEDIUM | 2020-09-30 | 2021-07-21 |
| CVE-2017-18349 json | parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers ... | 9.8 - CRITICAL | 2018-10-23 | 2019-01-28 |
| CVE-2014-5976 json | The alibaba (aka com.alibaba.wireless) application 4.1.0.0 for Android does not verify X.509 certificates from SSL servers, w... | 5.4 - MEDIUM | 2014-09-20 | 2014-09-23 |
| CVE-2007-0827 json | The Alibaba Alipay PTA Module ActiveX control (PTA.DLL) allows remote attackers to execute arbitrary code via a JavaScript fu... | 6.8 - MEDIUM | 2007-02-07 | 2017-10-19 |