Maven/org.pf4j:pf4j — 4 CVEs

HIGH7.5CVE-2025-70952pf4j is vulnerable to Path Traversal or Zip Slip attack through improper handling of zip entry names

from 0, < 3.14.1

HIGH7.5CVE-2023-40826pf4j vulnerable to remote code execution via the zippluginPath parameter

from 0, <= 3.9.0

HIGH7.5CVE-2023-40828pf4j vulnerable to remote code execution via expandIfZip method in the extract function

from 0, <= 3.9.0

HIGH7.5pf4j vulnerable to remote code execution via loadpluginPath parameter

from 0, <= 3.9.0

pkg:Maven/org.pf4j:pf4j