Dromara Ruoyi-vue-plus

4 CVEs affecting Dromara Ruoyi-vue-plus. Latest disclosed: 2026-06-30. Critical: 1, High: 0.

Top CVEs affecting Dromara Ruoyi-vue-plus
CVESeverityScorePublishedSummary
CVE-2025-66916Critical9.42026-01-08The snailjob component in RuoYi-Vue-Plus versions 5.5.1 and earlier, interface /snail-job/workflow/check-node-expression can execute QLExpress expressions, but…
CVE-2026-58176Medium6.52026-06-30RuoYi-Vue-Plus through 5.6.2, fixed in commit 88d03d9, exposes workflow task management endpoints under /workflow/task (FlwTaskController) without any permissi…
CVE-2026-2819Medium6.32026-02-20A vulnerability was identified in Dromara RuoYi-Vue-Plus up to 5.5.3. This vulnerability affects the function SaServletFilter of the file /workflow/instance/de…
CVE-2025-6925Medium5.32025-06-30A vulnerability has been found in Dromara RuoYi-Vue-Plus 5.4.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the fi…