Security Advisories

Known vulnerabilities, workarounds, and resolutions

back to Security
Release Date Advisories Fixed In
March 18, 2026 CVE-2026-22186 ("Bio-Formats <= 8.3.0 XXE in Leica XLEF Metadata Parser") Bio-Formats 8.5.0
November 24, 2025 GHSA-j4gv-6x9v-v23g ("Library may be vulnerable to XSS attack") OMERO.web 5.29.2
September 16, 2025 CVE-2022-22971 ("Spring Framework DoS Vulnerability") N/A
September 16, 2025 CVE-2022-22970 ("Spring Framework DoS Vulnerability") N/A
August 13, 2025 CVE-2025-54791 ("Display of user info on password reset request") OMERO.web 5.29.2
Jan 6, 2025 CVE-2022-22950 ("Spring Expression DoS Vulnerability") N/A
May 21, 2024 CVE-2024-35180 ("JSONP callback") OMERO.web 5.26.0
May 5, 2023 CVE-2023-31047 ("Django file upload validation") Assessment OMERO.web 5.20.0
April 1, 2022 CVE-2022-22965 ("Spring Framework RCE") Assessment N/A
December 13, 2021 2021-SV4 log4j in loci_tools.jar bioformats_package.jar
December 13, 2021 CVE-2021-44228 ("Log4Shell") Assessment N/A
October 14, 2021 2021-SV3 XSS vectors OMERO.web 5.11.0, OMERO.figure 4.4.1.
March 17, 2021 2021-SV2 URL validation on login OMERO.web 5.9.0
March 17, 2021 2021-SV1 User Context OMERO.web 5.9.0
March 25, 2020 2019-SV6 Group Owner Context OMERO.server 5.6.1
March 25, 2020 2019-SV5 Bypass Filters OMERO.server 5.6.1
March 25, 2020 2019-SV4 Web Referrer Leakage OMERO.web 5.9.0
March 25, 2020 2019-SV3 User Privacy OMERO.server 5.6.1
March 25, 2020 2019-SV2 Group Permissions OMERO.server 5.6.1
March 25, 2020 2019-SV1 Reader Used Files OMERO.server 5.6.1
July 26, 2018 2018-SV3 Modify User Password OMERO 5.4.7
July 26, 2018 2018-SV2 Script Name UUID OMERO 5.4.7
July 26, 2018 2018-SV1 POST password OMERO 5.4.7
March 7, 2018 2017-SV6 Job-File Link OMERO 5.4.4
October 4, 2017 2017-SV4 Guest User OMERO 5.3.5
September 13, 2017 2017-SV5 Filename Mutability 2 OMERO 5.3.4
March 23, 2017 2017-SV3 Delete Script OMERO 5.2.8
March 23, 2017 2017-SV2 Edit in RW Group OMERO 5.2.8
March 23, 2017 2017-SV1 Filename Mutability OMERO 5.2.8
August 02, 2016 2016-SV2 Share OMERO 5.2.5
May 30, 2016 2016-SV1 Cleanse OMERO 5.2.4
July 21, 2015 Java TLS Vulnerabilities Prior to 8u51, 7u85 and 6u101 OMERO 5.1.3
November 11, 2014 2014-SV4 POODLE OMERO 5.0.6
November 11, 2014 2014-SV3 CSRF OMERO 5.0.6
September 25, 2014 2014-SV2 Empty Passwords OMERO 4.4.12, 5.0.5
September 25, 2014 2014-SV1 Unicode Passwords OMERO 4.4.12, 5.0.5
August 31, 2012 2012-SV1 LDAP Authentication OMERO 4.3.4, 4.4.3
back to top