Jetty Security

Reporting Security Issues

There are a couple of avenues for reporting security issues to the Jetty project. If the issue is directly related to Jetty itself, then reporting to the Jetty developers is encouraged. The most direct method is to mail security@jetty.org or security@webtide.com. We are flexible in how we work with reporters of security issues but reserve the right to act in the interests of the Jetty project in all circumstances.

If the issue is related to Eclipse or its Jetty integration, we would like to encourage you to reach out to security@eclipse.org.

If the issue is related to integrations with Jetty, we are happy to work with you to identify the proper entity, and either of the approaches above is okay.

We prefer that security issues be reported directly to Jetty developers via email instead of GitHub issues since it has no facility to tag issues as private. We will actively delete issues that are opened in this way.

For more information on how we handle security issues, please refer to our Security Policy.

Jetty Security Reports

Published ID Severity Impacted Versions Fixed Versions

Aug 20, 2025

CVE-2025-5115

High

<=9.4.57, <=10.0.25, <=11.0.25, <=12.0.24, <=12.1.0.beta2

9.4.58, 10.0.26, 11.0.26, 12.0.25, 12.1.0.beta3

May 8, 2025

CVE-2025-1948

High

<=12.0.16

12.0.17

May 8, 2025

CVE-2024-13009

High

<=9.4.56

9.4.57

May 8, 2025

CVE-2024-13009

High

<=9.4.56

9.4.57

Oct 14, 2024

CVE-2024-6763

Low

<=12.0.11

12.0.12

Oct 14, 2024

CVE-2024-8184

Moderate

<=9.0.55, <=10.0.23, <=11.0.23, <=12.0.8

9.4.56, 10.0.24, 11.0.24, 12.0.9

Oct 14, 2024

CVE-2024-22201

High

<=9.0.53, <=10.0.19, <=11.0.19, <=12.0.5

9.4.54, 10.0.20, 11.0.20, 12.0.6

Oct 14, 2024

CVE-2024-9823

Moderate

<=9.0.53, <=10.0.17, <=11.0.17, <=12.0.2

9.4.54, 10.0.17, 11.0.17, 12.0.3

Oct 14, 2024

CVE-2024-6762

Moderate

<=10.0.17, <=11.0.17, <=12.0.3

10.0.18, 11.0.18, 12.0.4

Oct 10, 2023

CVE-2023-36478

High

<=9.4.52, <=10.0.15, <=11.0.15

9.4.53, 10.0.16, 11.0.16

Sep 14, 2023

CVE-2023-41900

Low

<=9.4.51, <=10.0.15, <=11.0.15

9.4.52, 10.0.16, 11.0.16

Sep 14, 2023

CVE-2023-40167

Low

<=9.4.51, <=10.0.15, <=11.0.15, <=12.0.0

9.4.52, 10.0.16, 11.0.16, 12.0.1

Sep 14, 2023

CVE-2023-36479

Low

<=9.4.51, <=10.0.15, <=11.0.15, <=12.0.0.beta1

9.4.52, 10.0.16, 11.0.16, 12.0.0.beta2

Jul 10, 2023

GHSA-58qw-p7qm-5rvh

Low

<=9.4.51, <=10.0.15, <=11.0.15, <=12.0.beta4

9.4.52, 10.0.16, 11.0.16, 12.0.0

Apr 18, 2023

CVE-2023-26049

Low

<=9.4.50, <=10.0.13, <=11.0.13, <=12.0.0.alpha3

9.4.51, 10.0.14, 11.0.14, 12.0.0.beta0

Apr 18, 2023

CVE-2023-26048

Med

<=9.4.50, <=10.0.13, <=11.0.13

9.4.51, 10.0.14, 11.0.14

Jul 7, 2022

CVE-2022-2191

High

<=10.0.9, <=11.0.9

10.0.10, 11.0.10

Jul 7, 2022

CVE-2022-2047

Low

<=9.4.46, <=10.0.9, <=11.0.9

9.4.47, 10.0.10, 11.0.10

Jul 7, 2022

CVE-2022-2048

High

<=9.4.46, <=10.0.9, ⇐11.0.9

9.4.47, 10.0.10, 11.0.10

Jul 15, 2021

CVE-2021-34429

Med

<=9.4.42, <=10.0.5, <=11.0.5

9.4.43, 10.0.6, 11.0.6

Jun 22, 2021

CVE-2021-34428

Low

<=9.4.40, <=10.0.2, <=11.0.2

9.4.41, 10.0.3, 11.0.3

Jun 8, 2021

CVE-2021-28169

Med

<=9.4.40, <=10.0.2, <=11.0.2

9.4.41, 10.0.3, 11.0.3

Apr 1, 2021

CVE-2021-28165

High

<=9.4.38, <=10.0.1, <=11.0.1

9.4.39, 10.0.2, 11.0.2

Apr 1, 2021

CVE-2021-28164

Med

<=9.4.38

9.4.39

Apr 1, 2021

CVE-2021-28163

Med

<=9.4.38, <=10.0.1, <=11.0.1

9.4.39, 10.0.2, 11.0.2

Feb 26, 2021

CVE-2020-27223

Med

<=9.4.36, <=10.0.0, <=11.0.0

9.4.37, 10.0.1, 11.0.1

Nov 27, 2020

CVE-2020-27218

Med

<=9.4.34, <=10.0.0.beta2, <=11.0.0.beta2

9.4.35, 10.0.0.beta3, 11.0.0.beta3

Oct 22, 2020

CVE-2020-27216

High

<=9.4.32

9.3.29, 9.4.33

Jul 9, 2020

CVE-2019-17638

High

<=9.4.29

9.4.30

Nov 25, 2019

CVE-2019-17632

Med

<=9.4.23

9.4.24

Aug 13, 2019

CVE-2019-9518

Med

<=9.4.20

9.4.21

Aug 13, 2019

CVE-2019-9516

Med

<=9.4.20

9.4.21

Aug 13, 2019

CVE-2019-9515

Med

<=9.4.20

9.4.21

Aug 13, 2019

CVE-2019-9514

Med

<=9.4.20

9.4.21

Aug 13, 2019

CVE-2019-9512

Low

<=9.4.20

9.4.21

Aug 13, 2019

CVE-2019-9511

Low

<=9.4.20

9.4.21

Apr 22, 2019

CVE-2019-10247

Med

<=9.4.16

9.2.28, 9.3.27, 9.4.17

Apr 22, 2019

CVE-2019-10246

High

<=9.4.16

9.2.28, 9.3.27, 9.4.17

Apr 22, 2019

CVE-2019-10241

High

<=9.4.15

9.2.27, 9.3.26, 9.4.16

Jun 22, 2018

CVE-2018-12538

High

<=9.4.8

9.4.9

Jun 26, 2018

CVE-2018-12536

See CWE-202

<=9.4.10

9.2.25, 9.3.24, 9.4.11

Jun 26, 2018

CVE-2017-7658

See CWE-444

<=9.4.10

9.2.25, 9.3.24, 9.4.11

Jun 26, 2018

CVE-2017-7657

See CWE-444

<=9.4.10

9.2.25, 9.3.24, 9.4.11

Jun 26, 2018

CVE-2017-7656

See CWE-444

<=9.4.10

9.2.25, 9.3.24, 9.4.11

Apr 13, 2017

CVE-2016-4800

High

<=9.3.8

9.3.9

Oct 7, 2016

CVE-2015-2080

High

<=9.2.8

9.2.9

Dec 30, 2011

CVE-2011-4461

Medium

<=8.1.0.RC2

7.6.0.RCO

Jan 8, 2008

CVE-2007-6672

Medium

<=6.1.6

6.1.7

Dec 5, 2007

CVE-2007-5614

Low

<=6.1.5

6.1.6

Dec 5, 2007

CVE-2007-5613

Low

<=6.1.5

6.1.6

Dec 5, 2007

CVE-2007-5615

Medium

<=6.1.5

6.1.6rc0

Feb 7, 2007

CVE-2006-6969

High

<=6.0.1, <=5.1.11, <=4.2.26

6.1.0, 6.0.2, 5.1.12, 4.2.27

Jun 2, 2006

CVE-2006-2759

Medium

<=6.0.0Beta16

6.0.0Beta17

Jun 2, 2006

CVE-2006-2758

Medium

<=5.1.5

5.1.6, 6.0.0Beta4