Vulnerability Database
296,621
Total vulnerabilities in the database
CVE-2023-25499
When adding non-visible components to the UI in server side, content is sent to the browser in Vaadin 10.0.0 through 10.0.22, 11.0.0 through 14.10.0, 15.0.0 through 22.0.28, 23.0.0 through 23.3.12, 24.0.0 through 24.0.5 and 24.1.0.alpha1 to 24.1.0.beta1, resulting in potential information disclosure.
| Software | From | Fixed in |
|---|---|---|
com.vaadin / vaadin
|
10.0.0 | 10.0.23 |
|
com.vaadin / vaadin
|
11.0.0 | 14.10.1 |
|
com.vaadin / vaadin
|
23.0.0 | 23.3.13 |
|
com.vaadin / vaadin
|
24.0.0 | 24.0.6 |
|
com.vaadin / vaadin
|
24.1.0.alpha1 | 24.1.0 |
|
com.vaadin / flow-server
|
1.0.0 | 1.0.20 |
|
com.vaadin / flow-server
|
1.1.0 | 2.8.10 |
|
com.vaadin / flow-server
|
3.0.0 | 9.1.1 |
|
com.vaadin / flow-server
|
23.0.0 | 23.3.11 |
|
com.vaadin / flow-server
|
24.0.0 | 24.0.8 |
|
com.vaadin / flow-server
|
24.1.0.alpha1 | 24.1.0 |
| vaadin / vaadin | 24.1.0-alpha2 | 24.1.0-alpha2.x |
| vaadin / vaadin | 24.1.0-alpha3 | 24.1.0-alpha3.x |
| vaadin / vaadin | 24.1.0-alpha4 | 24.1.0-alpha4.x |
| vaadin / vaadin | 24.1.0-alpha5 | 24.1.0-alpha5.x |
| vaadin / vaadin | 24.1.0-alpha6 | 24.1.0-alpha6.x |
| vaadin / vaadin | 24.1.0-beta1 | 24.1.0-beta1.x |
| vaadin / vaadin | 24.0.0 | 24.0.6 |
| vaadin / vaadin | 23.0.0 | 23.3.13 |
| vaadin / vaadin | 11.0.0 | 14.10.1 |
| vaadin / vaadin | 10.0.0 | 10.0.23 |
| vaadin / vaadin | 24.1.0-alpha1 | 24.1.0-alpha1.x |
| vaadin / vaadin | 15.0.0 | 22.0.28.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime