{"reviewsMap":{"GHSA-2q8x-2p7f-574v":[{"emitter":"XWiki Development Team","explanation":"In XWiki Standard, xstream is only used internally with input streams that contain a safe content. Therefore, this vulnerability is not relevant in this context.","result":"SAFE"}],"GHSA-3ccq-5vw3-2p6x":[{"emitter":"XWiki Development Team","explanation":"In XWiki Standard, xstream is only used internally with input streams that contain a safe content. Therefore, this vulnerability is not relevant in this context.","result":"SAFE"}],"GHSA-64xx-cq4q-mf44":[{"emitter":"XWiki Development Team","explanation":"In XWiki Standard, xstream is only used internally with input streams that contain a safe content. Therefore, this vulnerability is not relevant in this context.","result":"SAFE"}],"GHSA-6w62-hx7r-mw68":[{"emitter":"XWiki Development Team","explanation":"In XWiki Standard, xstream is only used internally with input streams that contain a safe content. Therefore, this vulnerability is not relevant in this context.","result":"SAFE"}],"GHSA-6wf9-jmg9-vxcc":[{"emitter":"XWiki Development Team","explanation":"In XWiki Standard, xstream is only used internally with input streams that contain a safe content. Therefore, this vulnerability is not relevant in this context.","result":"SAFE"}],"GHSA-8jrj-525p-826v":[{"emitter":"XWiki Development Team","explanation":"In XWiki Standard, xstream is only used internally with input streams that contain a safe content. Therefore, this vulnerability is not relevant in this context.","result":"SAFE"}],"GHSA-cxfm-5m4g-x7xp":[{"emitter":"XWiki Development Team","explanation":"In XWiki Standard, xstream is only used internally with input streams that contain a safe content. Therefore, this vulnerability is not relevant in this context.","result":"SAFE"}],"GHSA-f8cc-g7j8-xxpm":[{"emitter":"XWiki Development Team","explanation":"In XWiki Standard, xstream is only used internally with input streams that contain a safe content. Therefore, this vulnerability is not relevant in this context.","result":"SAFE"}],"GHSA-g5w6-mrj7-75h2":[{"emitter":"XWiki Development Team","explanation":"In XWiki Standard, xstream is only used internally with input streams that contain a safe content. Therefore, this vulnerability is not relevant in this context.","result":"SAFE"}],"GHSA-h7v4-7xg3-hxcc":[{"emitter":"XWiki Development Team","explanation":"In XWiki Standard, xstream is only used internally with input streams that contain a safe content. Therefore, this vulnerability is not relevant in this context.","result":"SAFE"}],"GHSA-hph2-m3g5-xxv4":[{"emitter":"XWiki Development Team","explanation":"In XWiki Standard, xstream is only used internally with input streams that contain a safe content. Therefore, this vulnerability is not relevant in this context.","result":"SAFE"}],"GHSA-j563-grx4-pjpv":[{"emitter":"XWiki Development Team","explanation":"In XWiki Standard, xstream is only used internally with input streams that contain a safe content. Therefore, this vulnerability is not relevant in this context.","result":"SAFE"}],"GHSA-j9h8-phrw-h4fh":[{"emitter":"XWiki Development Team","explanation":"In XWiki Standard, xstream is only used internally with input streams that contain a safe content. Therefore, this vulnerability is not relevant in this context.","result":"SAFE"}],"GHSA-p8pq-r894-fm8f":[{"emitter":"XWiki Development Team","explanation":"In XWiki Standard, xstream is only used internally with input streams that contain a safe content. Therefore, this vulnerability is not relevant in this context.","result":"SAFE"}],"GHSA-qrx8-8545-4wg2":[{"emitter":"XWiki Development Team","explanation":"In XWiki Standard, xstream is only used internally with input streams that contain a safe content. Therefore, this vulnerability is not relevant in this context.","result":"SAFE"}],"GHSA-rmr5-cpv2-vgjf":[{"emitter":"XWiki Development Team","explanation":"In XWiki Standard, xstream is only used internally with input streams that contain a safe content. Therefore, this vulnerability is not relevant in this context.","result":"SAFE"}],"GHSA-xw4p-crpj-vjx2":[{"emitter":"XWiki Development Team","explanation":"In XWiki Standard, xstream is only used internally with input streams that contain a safe content. Therefore, this vulnerability is not relevant in this context.","result":"SAFE"}],"GHSA-xq3w-v528-46rv":[{"emitter":"XWiki Development Team","explanation":"In XWiki Standard, xstream is only used internally with input streams that contain a safe content. Therefore, this vulnerability is not relevant in this context.","result":"SAFE"}],"GHSA-jv4x-j47q-6qvp":[{"emitter":"XWiki Development Team","explanation":"To the best of our knowledge, this availability issue is not leading to negative consequences beyond punctual client-side slowness when editing with rich editors.","result":"SAFE"}],"GHSA-2363-cqg2-863c":[{"emitter":"XWiki Development Team","explanation":"While jdom is part of XWiki dependencies, the SAXBuilder class is not used.","result":"SAFE"}],"GHSA-58qw-p7qm-5rvh":[{"emitter":"XWiki Development Team","explanation":"The vulnerable class (XmlParser) is not used in XWiki Standard. Therefore, the risk raised in the advisory has no impact in this context.","result":"SAFE"}],"GHSA-2jc4-r94c-rp7h":[{"emitter":"XWiki Development Team","explanation":"In XWiki Standard, Ivy is used only by the Groovy grab feature (which is available but not used by XWiki Standard itself). Using grab is also not recommended in XWiki in general and extensions usually have listed in their dependencies anything they need in a groovy script. Therefore, the risk is extremly low to be impacted by this vulnerability.","result":"SAFE"}],"GHSA-hmr7-m48g-48f6":[{"emitter":"XWiki Development Team","explanation":"The vulnerability is documented as being without any known exploit scenario.","result":"SAFE"}],"GHSA-55g7-9cwv-5qfv":[{"emitter":"XWiki Development Team","explanation":"Snappy is optionnally used by Solr to produce a backup but this is not a feature used in the context of XWiki Standard so it cannot be exploited.","result":"SAFE"}],"GHSA-57m8-f3v5-hm5m":[{"emitter":"XWiki Development Team","explanation":"XWiki Standard does not use Netty in normal operations. It's only exposed, indirectly, to Python scripts and using Python script requires having programming rights.","result":"SAFE"}],"GHSA-xpw8-rcwv-8f8p":[{"emitter":"XWiki Development Team","explanation":"XWiki Standard does not use Netty in normal operations. It's only exposed, indirectly, to Python scripts and using Python script requires having programming rights. Also this vulnerabilty require the attacker to implement a custom implementation of a netty interface, which is something impossible without programming right.","result":"SAFE"}],"GHSA-pfh2-hfmq-phg5":[{"emitter":"XWiki Development Team","explanation":"The reported issue is unlikely to be exploitable on XWiki Standard. Additionnally, based on json-path maintainers analysis, the issue is not exploitable in practice.","result":"SAFE"}],"GHSA-xrj7-x7gp-wwqr":[{"emitter":"XWiki Development Team","explanation":"XWiki Standard is not using the Solr feature which is impacted by this vulnerability.","result":"SAFE"}],"GHSA-gg57-587f-h5v6":[{"emitter":"XWiki Development Team","explanation":"XWiki Standard is not using the Infinispan feature which is impacted by this vulnerability.","result":"SAFE"}],"GHSA-qh8g-58pp-2wxh":[{"emitter":"XWiki Development Team","explanation":"XWiki Standard is not using the HttpURI class which is impacted by this vulnerability.","result":"SAFE"}],"GHSA-g8m5-722r-8whq":[{"emitter":"XWiki Development Team","explanation":"XWiki Standard is not using the ThreadLimitHandler class which is impacted by this vulnerability.","result":"SAFE"}],"CVE-2026-2332":[{"emitter":"XWiki Development Team","explanation":"XWiki Standard used this only as client library.","result":"SAFE"}],"CVE-2025-11143":[{"emitter":"XWiki Development Team","explanation":"XWiki Standard used this only as client library.","result":"SAFE"}],"GHSA-9mvj-f7w8-pvh2":[{"emitter":"XWiki Development Team","explanation":"XWiki Standard is not using bootstrap caroussel which is impacted by this vulnerability. Additionnaly, we consider it is the responsability of the user to make sure carousel parameters are correctly escaped.","result":"SAFE"}],"GHSA-r978-9m6m-6gm6":[{"emitter":"XWiki Development Team","explanation":"While ZooKeep is included as a SOLR dependency. The vulnerable code is not used in XWiki.","result":"SAFE"}],"CVE-2025-31672":[{"emitter":"XWiki Development Team","explanation":"XWiki uses POI only through Tika, to gather textual content about attachments and index them, so this problem cannot really have any security related impact.","result":"SAFE"}],"CVE-2025-48924":[{"emitter":"XWiki Development Team","explanation":"XWiki never uses ClassUtils.getClass in its code, so it's not possible to exploit this vulnerability.","result":"SAFE"}],"CVE-2025-48734":[{"emitter":"XWiki Development Team","explanation":"XWiki does not expose in its API any way to exploit this BeanUtils vulnerability.","result":"SAFE"}],"CVE-2025-54988":[{"emitter":"XWiki Development Team","explanation":"XWiki uses Woodstox as Stax XML API implementation and we've verified that with Woodstox, the XXE mitigations that are included in Tika 2.9.4 that is used in XWiki are sufficient.","result":"SAFE"}],"CVE-2025-24814":[{"emitter":"XWiki Development Team","explanation":"XWiki Standard is not using the Solr feature which is impacted by this vulnerability.","result":"SAFE"}],"CVE-2025-11226":[{"emitter":"XWiki Development Team","explanation":"Can only be exploiting with write access to the XWiki startup script or the logback configuration file.","result":"SAFE"}],"CVE-2024-52012":[{"emitter":"XWiki Development Team","explanation":"XWiki Standard is not using the Solr feature which is impacted by this vulnerability.","result":"SAFE"}],"CVE-2025-66516":[{"emitter":"XWiki Development Team","explanation":"As for CVE-2025-54988 XWiki is not impacted either by this vulnerability.","result":"SAFE"}],"CVE-2026-22022":[{"emitter":"XWiki Development Team","explanation":"XWiki Standard is not using the Solr feature which is impacted by this vulnerability.","result":"SAFE"}],"CVE-2026-22444":[{"emitter":"XWiki Development Team","explanation":"XWiki Standard is not using the Solr feature which is impacted by this vulnerability.","result":"SAFE"}],"CVE-2026-1225":[{"emitter":"XWiki Development Team","explanation":"Not considered a security threat in the context of an XWiki Standard setup as the attacker must have write access to configuration files.","result":"SAFE"}],"CVE-2026-0603":[{"emitter":"XWiki Development Team","explanation":"Exploiting this fulnerability requires the to set the property hibernate.hql.bulk_id_strategy to org.hibernate.hql.spi.id.inline.InlineIdsOrClauseBulkIdStrategy in the hibernate configuration, which is not something used by XWiki Standard.","result":"SAFE"}],"CVE-2026-40682":[{"emitter":"XWiki Development Team","explanation":"Solr configuration cannot be provided by users.","result":"SAFE"}],"CVE-2026-42440":[{"emitter":"XWiki Development Team","explanation":"Solr configuration cannot be provided by users.","result":"SAFE"}],"CVE-2026-42027":[{"emitter":"XWiki Development Team","explanation":"Solr configuration cannot be provided by users.","result":"SAFE"}],"CVE-2021-33813":[{"emitter":"XWiki Development Team","explanation":"While jdom is part of XWiki dependencies, the SAXBuilder class is not used.","result":"SAFE"}],"CVE-2022-46751":[{"emitter":"XWiki Development Team","explanation":"In XWiki Standard, Ivy is used only by the Groovy grab feature (which is available but not used by XWiki Standard itself). Using grab is also not recommended in XWiki in general and extensions usually have listed in their dependencies anything they need in a groovy script. Therefore, the risk is extremly low to be impacted by this vulnerability.","result":"SAFE"}],"CVE-2021-39153":[{"emitter":"XWiki Development Team","explanation":"In XWiki Standard, xstream is only used internally with input streams that contain a safe content. Therefore, this vulnerability is not relevant in this context.","result":"SAFE"}],"CVE-2021-39149":[{"emitter":"XWiki Development Team","explanation":"In XWiki Standard, xstream is only used internally with input streams that contain a safe content. Therefore, this vulnerability is not relevant in this context.","result":"SAFE"}],"CVE-2021-39139":[{"emitter":"XWiki Development Team","explanation":"In XWiki Standard, xstream is only used internally with input streams that contain a safe content. Therefore, this vulnerability is not relevant in this context.","result":"SAFE"}],"CVE-2021-39154":[{"emitter":"XWiki Development Team","explanation":"In XWiki Standard, xstream is only used internally with input streams that contain a safe content. Therefore, this vulnerability is not relevant in this context.","result":"SAFE"}],"CVE-2021-39140":[{"emitter":"XWiki Development Team","explanation":"In XWiki Standard, xstream is only used internally with input streams that contain a safe content. Therefore, this vulnerability is not relevant in this context.","result":"SAFE"}],"CVE-2021-39145":[{"emitter":"XWiki Development Team","explanation":"In XWiki Standard, xstream is only used internally with input streams that contain a safe content. Therefore, this vulnerability is not relevant in this context.","result":"SAFE"}],"CVE-2021-39150":[{"emitter":"XWiki Development Team","explanation":"In XWiki Standard, xstream is only used internally with input streams that contain a safe content. Therefore, this vulnerability is not relevant in this context.","result":"SAFE"}],"CVE-2022-40151":[{"emitter":"XWiki Development Team","explanation":"In XWiki Standard, xstream is only used internally with input streams that contain a safe content. Therefore, this vulnerability is not relevant in this context.","result":"SAFE"}],"CVE-2021-39141":[{"emitter":"XWiki Development Team","explanation":"In XWiki Standard, xstream is only used internally with input streams that contain a safe content. Therefore, this vulnerability is not relevant in this context.","result":"SAFE"}],"CVE-2021-39147":[{"emitter":"XWiki Development Team","explanation":"In XWiki Standard, xstream is only used internally with input streams that contain a safe content. Therefore, this vulnerability is not relevant in this context.","result":"SAFE"}],"CVE-2023-40167":[{"emitter":"XWiki Development Team","explanation":"The vulnerability is documented as being without any known exploit scenario.","result":"SAFE"}],"CVE-2021-39151":[{"emitter":"XWiki Development Team","explanation":"In XWiki Standard, xstream is only used internally with input streams that contain a safe content. Therefore, this vulnerability is not relevant in this context.","result":"SAFE"}],"CVE-2022-41966":[{"emitter":"XWiki Development Team","explanation":"In XWiki Standard, xstream is only used internally with input streams that contain a safe content. Therefore, this vulnerability is not relevant in this context.","result":"SAFE"}],"CVE-2021-39144":[{"emitter":"XWiki Development Team","explanation":"In XWiki Standard, xstream is only used internally with input streams that contain a safe content. Therefore, this vulnerability is not relevant in this context.","result":"SAFE"}],"CVE-2023-34624":[{"emitter":"XWiki Development Team","explanation":"To the best of our knowledge, this availability issue is not leading to negative consequences beyond punctual client-side slowness when editing with rich editors.","result":"SAFE"}],"CVE-2021-39146":[{"emitter":"XWiki Development Team","explanation":"In XWiki Standard, xstream is only used internally with input streams that contain a safe content. Therefore, this vulnerability is not relevant in this context.","result":"SAFE"}],"CVE-2021-39148":[{"emitter":"XWiki Development Team","explanation":"In XWiki Standard, xstream is only used internally with input streams that contain a safe content. Therefore, this vulnerability is not relevant in this context.","result":"SAFE"}],"CVE-2021-43859":[{"emitter":"XWiki Development Team","explanation":"In XWiki Standard, xstream is only used internally with input streams that contain a safe content. Therefore, this vulnerability is not relevant in this context.","result":"SAFE"}],"CVE-2021-39152":[{"emitter":"XWiki Development Team","explanation":"In XWiki Standard, xstream is only used internally with input streams that contain a safe content. Therefore, this vulnerability is not relevant in this context.","result":"SAFE"}],"CVE-2023-43642":[{"emitter":"XWiki Development Team","explanation":"Snappy is optionnally used by Solr to produce a backup but this is not a feature used in the context of XWiki Standard so it cannot be exploited.","result":"SAFE"}],"CVE-2023-4586":[{"emitter":"XWiki Development Team","explanation":"XWiki Standard does not use Netty in normal operations. It's only exposed, indirectly, to Python scripts and using Python script requires having programming rights.","result":"SAFE"}],"CVE-2023-44487":[{"emitter":"XWiki Development Team","explanation":"XWiki Standard does not use Netty in normal operations. It's only exposed, indirectly, to Python scripts and using Python script requires having programming rights. Also this vulnerabilty require the attacker to implement a custom implementation of a netty interface, which is something impossible without programming right.","result":"SAFE"}],"CVE-2023-51074":[{"emitter":"XWiki Development Team","explanation":"The reported issue is unlikely to be exploitable on XWiki Standard. Additionnally, based on json-path maintainers analysis, the issue is not exploitable in practice.","result":"SAFE"}],"CVE-2023-50298":[{"emitter":"XWiki Development Team","explanation":"XWiki Standard is not using the Solr feature which is impacted by this vulnerability.","result":"SAFE"}],"CVE-2023-5384":[{"emitter":"XWiki Development Team","explanation":"XWiki Standard is not using the Infinispan feature which is impacted by this vulnerability.","result":"SAFE"}],"CVE-2024-6763":[{"emitter":"XWiki Development Team","explanation":"XWiki Standard is not using the HttpURI class which is impacted by this vulnerability.","result":"SAFE"}],"CVE-2024-8184":[{"emitter":"XWiki Development Team","explanation":"XWiki Standard is not using the ThreadLimitHandler class which is impacted by this vulnerability.","result":"SAFE"}],"CVE-2024-6484":[{"emitter":"XWiki Development Team","explanation":"XWiki Standard is not using bootstrap caroussel which is impacted by this vulnerability. Additionnaly, we consider it is the responsability of the user to make sure carousel parameters are correctly escaped.","result":"SAFE"}],"CVE-2024-47072":[{"emitter":"XWiki Development Team","explanation":"In XWiki Standard, xstream is only used internally with input streams that contain a safe content. Therefore, this vulnerability is not relevant in this context.","result":"SAFE"}],"CVE-2024-23944":[{"emitter":"XWiki Development Team","explanation":"While ZooKeep is included as a SOLR dependency. The vulnerable code is not used in XWiki.","result":"SAFE"}]}}