Vulnerabilities > Stanford > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-07-28 CVE-2023-39020 Code Injection vulnerability in Stanford Parser 3.9.2
stanford-parser v3.9.2 and below was discovered to contain a code injection vulnerability in the component edu.stanford.nlp.io.getBZip2PipedInputStream.
network
low complexity
stanford CWE-94
critical
 9.8
9.8
2022-02-24 CVE-2021-44550 Injection vulnerability in Stanford Corenlp 4.3.2
An Incorrect Access Control vulnerability exists in CoreNLP 4.3.2 via the classifier in NERServlet.java (lines 158 and 159).
network
low complexity
stanford CWE-74
critical
 9.8
9.8
2022-01-17 CVE-2022-0239 XXE vulnerability in Stanford Corenlp
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
network
low complexity
stanford CWE-611
critical
 9.8
9.8
2021-10-15 CVE-2021-3878 XXE vulnerability in Stanford Corenlp
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
network
low complexity
stanford CWE-611
critical
 9.8
9.8