← Back

Stanford

stanford

8 CVEs • 3 products

Products (3)

Click to collapse
Toggle
Corenlp
corenlp
5 CVEs
Webauth
webauth
2 CVEs
Stanford Parser
stanford_parser
1 CVE

CVEs (8)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-39020
1Stanford
1Stanford Parser
Nov 21, 2024
Jul 28, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
stanford-parser v3.9.2 and below was discovered to contain a code injection vulnerability in the component edu.stanford.nlp.io.getBZip2PipedInputStream. This vulnerability is exploited via passing an unchecked argument.
CVE-2021-44550
1Stanford
1Corenlp
Nov 21, 2024
Feb 24, 2022
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
An Incorrect Access Control vulnerability exists in CoreNLP 4.3.2 via the classifier in NERServlet.java (lines 158 and 159).
CVE-2022-0239
1Stanford
1Corenlp
Apr 16, 2026
Jan 17, 2022
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
CVE-2022-0198
1Stanford
1Corenlp
Nov 21, 2024
Jan 13, 2022
N/A· v4
7.1 HIGH· v3
5.8 MEDIUM· v2
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
CVE-2021-3869
1Stanford
1Corenlp
Nov 21, 2024
Oct 19, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
CVE-2021-3878
1Stanford
1Corenlp
Sep 8, 2025
Oct 15, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
CVE-2013-2106
2Debian
Stanford
2Debian Linux
Webauth
Nov 21, 2024
Dec 3, 2019
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
webauth before 4.6.1 has authentication credential disclosure
CVE-2009-2945
1Stanford
1Webauth
Apr 23, 2026
Sep 15, 2009
N/A· v4
N/A· v3
4.3 MEDIUM· v2
weblogin/login.fcgi (aka the WebLogin login script) in Stanford University WebAuth 3.5.5, 3.6.0, and 3.6.1 places passwords in URLs in certain circumstances involving conversion of a POST request to a GET request, which...Show more
weblogin/login.fcgi (aka the WebLogin login script) in Stanford University WebAuth 3.5.5, 3.6.0, and 3.6.1 places passwords in URLs in certain circumstances involving conversion of a POST request to a GET request, which allows context-dependent attackers to discover passwords by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.Show less