Dromara Ruoyi-vue-plus
4 CVEs affecting Dromara Ruoyi-vue-plus. Latest disclosed: 2026-06-30. Critical: 1, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-66916 | Critical | 9.4 | 2026-01-08 | The snailjob component in RuoYi-Vue-Plus versions 5.5.1 and earlier, interface /snail-job/workflow/check-node-expression can execute QLExpress expressions, but… |
CVE-2026-58176 | Medium | 6.5 | 2026-06-30 | RuoYi-Vue-Plus through 5.6.2, fixed in commit 88d03d9, exposes workflow task management endpoints under /workflow/task (FlwTaskController) without any permissi… |
CVE-2026-2819 | Medium | 6.3 | 2026-02-20 | A vulnerability was identified in Dromara RuoYi-Vue-Plus up to 5.5.3. This vulnerability affects the function SaServletFilter of the file /workflow/instance/de… |
CVE-2025-6925 | Medium | 5.3 | 2025-06-30 | A vulnerability has been found in Dromara RuoYi-Vue-Plus 5.4.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the fi… |