[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2020-25638":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":45,"duplicate_of":9,"upstream":47,"downstream":48,"duplicates":75,"related":76,"reserved_at":9,"published_at":79,"modified_at":80,"state":81,"summary":82,"references_raw":91,"kevs":165,"epss":166,"epss_history":169,"metrics":441,"affected":456},"CVE-2020-25638","A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-89","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-108","Command Line Execution through SQL Injection",[],{"id":25,"name":26,"techniques":27},"CAPEC-109","Object Relational Mapping Injection",[],{"id":29,"name":30,"techniques":31},"CAPEC-110","SQL Injection through SOAP Parameter Tampering",[],{"id":33,"name":34,"techniques":35},"CAPEC-470","Expanding Control over the Operating System from the Database",[],{"id":37,"name":38,"techniques":39},"CAPEC-66","SQL Injection",[],{"id":41,"name":42,"techniques":43},"CAPEC-7","Blind SQL Injection",[],[],[46],"GHSA-j8jw-g6fq-mp7h",[],[49,51,53,55,57,59,61,63,65,67,69,71,73],{"_key":50},"SUSE-SU-2022:0225-1",{"_key":52},"SUSE-SU-2022:0593-1",{"_key":54},"UBUNTU-CVE-2020-25638",{"_key":56},"DLA-2512-1",{"_key":58},"DSA-4908-1",{"_key":60},"DEBIAN-CVE-2020-25638",{"_key":62},"RHSA-2020:5175",{"_key":64},"RHSA-2020:5340",{"_key":66},"RHSA-2020:5341",{"_key":68},"RHSA-2020:5342",{"_key":70},"RHSA-2021:2561",{"_key":72},"RHSA-2025:9582",{"_key":74},"USN-6845-1",[],[77,78],{"_key":50},{"_key":52},"2020-12-02T14:36:24.000Z","2025-04-23T19:47:38.454Z","Modified",{"cisa_kev":83,"cisa_ransomware":83,"cisa_vendor":9,"epss_severity":84,"epss_score":85,"severity":86,"severity_score":87,"severity_version":88,"severity_source":89,"severity_vector":90,"severity_status":81},false,"low",0.00676,"high",7.4,"v3.1","cve.org","CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",[92,102,108,114,119,123,127,131,135,140,144,148,152,157,161],{"url":93,"sources":94,"tags":97},"https://bugzilla.redhat.com/show_bug.cgi?id=1881353",[89,95,96],"nvd","osv_maven",[98,99,100,101],"X Refsource MISC","Issue Tracking","Third Party Advisory","WEB",{"url":103,"sources":104,"tags":105},"https://lists.debian.org/debian-lts-announce/2021/01/msg00000.html",[89,95,96],[106,107,100,101],"Mailing List","X Refsource MLIST",{"url":109,"sources":110,"tags":111},"https://www.debian.org/security/2021/dsa-4908",[89,95,96],[112,113,100,101],"Vendor Advisory","X Refsource DEBIAN",{"url":115,"sources":116,"tags":117},"https://www.oracle.com//security-alerts/cpujul2021.html",[89,95,96],[98,118,100,101],"Patch",{"url":120,"sources":121,"tags":122},"https://lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44%40%3Cdev.turbine.apache.org%3E",[89,95],[106,107],{"url":124,"sources":125,"tags":126},"https://lists.apache.org/thread.html/rf2378209c676a28b71f9b604a3b3517c448540b85367160e558ef9df%40%3Ccommits.turbine.apache.org%3E",[89,95],[106,107],{"url":128,"sources":129,"tags":130},"https://www.oracle.com/security-alerts/cpuapr2022.html",[89,95,96],[98,118,100,101],{"url":132,"sources":133,"tags":134},"https://www.oracle.com/security-alerts/cpujul2022.html",[89,95,96],[98,118,100,101],{"url":136,"sources":137,"tags":138},"https://nvd.nist.gov/vuln/detail/CVE-2020-25638",[96],[139],"Advisory",{"url":141,"sources":142,"tags":143},"https://github.com/hibernate/hibernate-orm/commit/36ebf7d3836e83e99f2a91777b5389e1daf1f2b7",[96],[101],{"url":145,"sources":146,"tags":147},"https://github.com/hibernate/hibernate-orm/commit/59fede7acaaa1579b561407aefa582311f7ebe78",[96],[101],{"url":149,"sources":150,"tags":151},"https://github.com/hibernate/hibernate-orm/commit/d22bbb5c339c9df7712c3365bb1df97c91b35ec5",[96],[101],{"url":153,"sources":154,"tags":155},"https://github.com/hibernate/hibernate-orm",[96],[156],"PACKAGE",{"url":158,"sources":159,"tags":160},"https://lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44@%3Cdev.turbine.apache.org%3E",[96],[101],{"url":162,"sources":163,"tags":164},"https://lists.apache.org/thread.html/rf2378209c676a28b71f9b604a3b3517c448540b85367160e558ef9df@%3Ccommits.turbine.apache.org%3E",[96],[101],[],{"date":167,"score":85,"percentile":168},"2026-06-04",0.71878,[170,174,177,180,183,186,189,192,195,198,201,204,207,210,213,217,220,223,227,231,234,237,240,243,245,248,251,254,257,260,263,266,269,272,275,277,280,283,286,289,292,295,298,301,304,307,310,313,316,319,322,325,328,331,335,338,341,344,347,350,353,356,358,361,364,367,370,373,376,379,381,384,387,390,393,396,399,402,405,408,411,414,417,420,423,426,429,432,435,438],{"date":171,"score":172,"percentile":173},"2025-11-04",0.00513,0.65642,{"date":175,"score":172,"percentile":176},"2025-11-05",0.6562,{"date":178,"score":172,"percentile":179},"2025-11-06",0.65617,{"date":181,"score":172,"percentile":182},"2025-11-07",0.65628,{"date":184,"score":172,"percentile":185},"2025-11-08",0.65625,{"date":187,"score":172,"percentile":188},"2025-11-09",0.65615,{"date":190,"score":172,"percentile":191},"2025-11-10",0.65606,{"date":193,"score":172,"percentile":194},"2025-11-11",0.65614,{"date":196,"score":172,"percentile":197},"2025-11-12",0.65636,{"date":199,"score":172,"percentile":200},"2025-11-13",0.65645,{"date":202,"score":172,"percentile":203},"2025-11-14",0.65654,{"date":205,"score":172,"percentile":206},"2025-11-15",0.6565,{"date":208,"score":172,"percentile":209},"2025-11-16",0.65644,{"date":211,"score":172,"percentile":212},"2025-11-17",0.65646,{"date":214,"score":215,"percentile":216},"2025-11-18",0.0111,0.76271,{"date":218,"score":215,"percentile":219},"2025-11-19",0.76277,{"date":221,"score":215,"percentile":222},"2025-11-20",0.76288,{"date":224,"score":225,"percentile":226},"2025-11-21",0.00452,0.62961,{"date":228,"score":229,"percentile":230},"2025-11-22",0.00519,0.65954,{"date":232,"score":229,"percentile":233},"2025-11-23",0.65939,{"date":235,"score":229,"percentile":236},"2025-11-24",0.65925,{"date":238,"score":229,"percentile":239},"2025-11-25",0.65928,{"date":241,"score":229,"percentile":242},"2025-11-26",0.65934,{"date":244,"score":229,"percentile":233},"2025-11-27",{"date":246,"score":229,"percentile":247},"2025-11-28",0.65924,{"date":249,"score":229,"percentile":250},"2025-11-29",0.65906,{"date":252,"score":229,"percentile":253},"2025-11-30",0.65902,{"date":255,"score":229,"percentile":256},"2025-12-01",0.66056,{"date":258,"score":229,"percentile":259},"2025-12-02",0.66073,{"date":261,"score":229,"percentile":262},"2025-12-03",0.6607,{"date":264,"score":229,"percentile":265},"2025-12-04",0.65901,{"date":267,"score":229,"percentile":268},"2025-12-05",0.65915,{"date":270,"score":229,"percentile":271},"2025-12-06",0.6592,{"date":273,"score":229,"percentile":274},"2025-12-07",0.65916,{"date":276,"score":229,"percentile":271},"2025-12-08",{"date":278,"score":229,"percentile":279},"2025-12-09",0.65951,{"date":281,"score":229,"percentile":282},"2025-12-10",0.66,{"date":284,"score":229,"percentile":285},"2025-12-11",0.6602,{"date":287,"score":229,"percentile":288},"2025-12-12",0.66045,{"date":290,"score":229,"percentile":291},"2025-12-13",0.66053,{"date":293,"score":229,"percentile":294},"2025-12-14",0.66054,{"date":296,"score":229,"percentile":297},"2025-12-15",0.66049,{"date":299,"score":229,"percentile":300},"2025-12-16",0.66063,{"date":302,"score":229,"percentile":303},"2025-12-17",0.66077,{"date":305,"score":229,"percentile":306},"2025-12-18",0.66115,{"date":308,"score":229,"percentile":309},"2025-12-19",0.6613,{"date":311,"score":229,"percentile":312},"2025-12-20",0.66127,{"date":314,"score":229,"percentile":315},"2025-12-21",0.66118,{"date":317,"score":229,"percentile":318},"2025-12-22",0.66117,{"date":320,"score":229,"percentile":321},"2025-12-23",0.66113,{"date":323,"score":229,"percentile":324},"2025-12-24",0.66123,{"date":326,"score":229,"percentile":327},"2025-12-25",0.66154,{"date":329,"score":229,"percentile":330},"2025-12-26",0.6615,{"date":332,"score":333,"percentile":334},"2025-12-27",0.00593,0.68649,{"date":336,"score":229,"percentile":337},"2025-12-28",0.66124,{"date":339,"score":229,"percentile":340},"2025-12-29",0.66114,{"date":342,"score":229,"percentile":343},"2025-12-30",0.66131,{"date":345,"score":229,"percentile":346},"2025-12-31",0.66155,{"date":348,"score":229,"percentile":349},"2026-01-01",0.66329,{"date":351,"score":229,"percentile":352},"2026-01-02",0.66314,{"date":354,"score":229,"percentile":355},"2026-01-03",0.66316,{"date":357,"score":229,"percentile":330},"2026-01-04",{"date":359,"score":229,"percentile":360},"2026-01-05",0.66135,{"date":362,"score":229,"percentile":363},"2026-01-06",0.66144,{"date":365,"score":229,"percentile":366},"2026-01-07",0.66166,{"date":368,"score":229,"percentile":369},"2026-01-08",0.66178,{"date":371,"score":229,"percentile":372},"2026-01-09",0.66188,{"date":374,"score":229,"percentile":375},"2026-01-10",0.66189,{"date":377,"score":229,"percentile":378},"2026-01-11",0.66179,{"date":380,"score":229,"percentile":366},"2026-01-12",{"date":382,"score":229,"percentile":383},"2026-01-13",0.66162,{"date":385,"score":229,"percentile":386},"2026-01-14",0.66196,{"date":388,"score":229,"percentile":389},"2026-01-15",0.662,{"date":391,"score":229,"percentile":392},"2026-01-16",0.66217,{"date":394,"score":229,"percentile":395},"2026-01-17",0.66206,{"date":397,"score":229,"percentile":398},"2026-01-18",0.6619,{"date":400,"score":229,"percentile":401},"2026-01-19",0.66174,{"date":403,"score":229,"percentile":404},"2026-01-20",0.66187,{"date":406,"score":229,"percentile":407},"2026-01-21",0.66199,{"date":409,"score":229,"percentile":410},"2026-01-22",0.66209,{"date":412,"score":229,"percentile":413},"2026-01-23",0.66239,{"date":415,"score":229,"percentile":416},"2026-01-24",0.66247,{"date":418,"score":229,"percentile":419},"2026-01-25",0.66212,{"date":421,"score":229,"percentile":422},"2026-01-26",0.66204,{"date":424,"score":229,"percentile":425},"2026-01-27",0.66214,{"date":427,"score":229,"percentile":428},"2026-01-28",0.66225,{"date":430,"score":229,"percentile":431},"2026-01-29",0.66227,{"date":433,"score":229,"percentile":434},"2026-01-30",0.66236,{"date":436,"score":229,"percentile":437},"2026-01-31",0.66238,{"date":439,"score":229,"percentile":440},"2026-02-01",0.66382,[442,447,454],{"source":89,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":443,"cvss_v4_0":9},{"baseScore":87,"baseSeverity":444,"vectorString":90,"impactScore":445,"exploitabilityScore":446},"HIGH",8.7,5.6,{"source":95,"cvss_v2_0":448,"cvss_v3_0":9,"cvss_v3_1":453,"cvss_v4_0":9},{"baseScore":449,"baseSeverity":9,"vectorString":450,"impactScore":451,"exploitabilityScore":452},5.8,"AV:N/AC:M/Au:N/C:P/I:P/A:N",4.9,8.6,{"baseScore":87,"baseSeverity":444,"vectorString":90,"impactScore":445,"exploitabilityScore":446},{"source":96,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":455,"cvss_v4_0":9},{"baseScore":87,"baseSeverity":9,"vectorString":90,"impactScore":445,"exploitabilityScore":446},[457,468,484,499,506,512],{"ecosystem":9,"name":458,"vendor":459,"product":460,"cpe_part":461,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":462},"debian linux","debian","debian_linux","o",[463,466],{"version":464,"is_range":83,"range_type":465,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0","cpe",{"version":467,"is_range":83,"range_type":465,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0",{"ecosystem":9,"name":469,"vendor":470,"product":471,"cpe_part":472,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":473},"hibernate orm","hibernate","hibernate_orm","a",[474,479],{"version":475,"is_range":476,"range_type":465,"version_start":9,"version_start_type":9,"version_end":477,"version_end_type":478,"fixed_in":9},"lt5.3.20",true,"5.3.20","excluding",{"version":480,"is_range":476,"range_type":465,"version_start":481,"version_start_type":482,"version_end":483,"version_end_type":478,"fixed_in":9},"gte5.4.0_lt5.4.24","5.4.0","including","5.4.24",{"ecosystem":485,"name":486,"vendor":487,"product":488,"cpe_part":9,"purl_type":489,"purl_namespace":487,"purl_name":488,"source":9,"versions":490},"Maven","org.hibernate:hibernate-core","org.hibernate","hibernate-core","maven",[491,496],{"version":492,"is_range":476,"range_type":493,"version_start":494,"version_start_type":482,"version_end":495,"version_end_type":478,"fixed_in":9},"gte5_4_0_Final_lt5_4_24_Final","ecosystem","5.4.0.Final","5.4.24.Final",{"version":497,"is_range":476,"range_type":493,"version_start":9,"version_start_type":9,"version_end":498,"version_end_type":478,"fixed_in":9},"lt5_3_20_Final","5.3.20.Final",{"ecosystem":9,"name":500,"vendor":501,"product":502,"cpe_part":472,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":503},"communications cloud native core console","oracle","communications_cloud_native_core_console",[504],{"version":505,"is_range":83,"range_type":465,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.9.0",{"ecosystem":9,"name":507,"vendor":501,"product":508,"cpe_part":472,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":509},"retail customer management and segmentation foundation","retail_customer_management_and_segmentation_foundation",[510],{"version":511,"is_range":83,"range_type":465,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"19.0",{"ecosystem":9,"name":513,"vendor":513,"product":513,"cpe_part":472,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":514},"quarkus",[515],{"version":516,"is_range":476,"range_type":465,"version_start":9,"version_start_type":9,"version_end":517,"version_end_type":482,"fixed_in":9},"lte1.9.2","1.9.2"]