Oracle Java (JDK) ↗
Oracle · Web / Runtime
50/100 Attention
Summary iPlain-English security verdict for Oracle Java (JDK), generated from its current health score, actively-exploited vulnerabilities, and latest supported version.
Oracle Java (JDK) currently scores 50/100 — needs attention. 9 of its known vulnerabilities are being actively exploited in the wild (CISA KEV), including CVE-2022-22965. Patch the open issues below when you can. Note: this product is assessed at the product level on recent (365-day) activity rather than an exact per-version match, so it is never marked a confident "healthy".
Disclosure trend iNew CVEs published for Oracle Java (JDK) each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.
'19
'20
'21
'22
'23
'24
'25
'26
⚠ 3 of its known vulnerabilities are linked to ransomware campaigns (CISA KEV).
Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.
Most urgent first — actively exploited, then likeliest to be exploited.
CVE-2022-22965 CRITICAL ● exploited Code injection EPSS 94% → see advisory CVE-2012-4681 CRITICAL ● exploited ⚠ ransomware Improper access control EPSS 94% → see advisory CVE-2012-1723 CRITICAL ● exploited ⚠ ransomware Improper access control EPSS 94% → see advisory CVE-2013-0422 CRITICAL ● exploited ⚠ ransomware Improper access control EPSS 94% → see advisory CVE-2016-3427 CRITICAL ● exploited Improper access control EPSS 93% → see advisory CVE-2011-3544 CRITICAL ● exploited Improper access control EPSS 93% → fixed in 1.6.0 CVE-2015-2590 CRITICAL ● exploited EPSS 67% → see advisory CVE-2023-41993 HIGH ● exploited CWE-754 EPSS 24% → see advisory CVE-2015-4902 MEDIUM ● exploited Improper access control EPSS 18% → see advisory CVE-2015-4000 LOW CWE-310 EPSS 92% → see advisory CVE-2013-1493 HIGH Memory corruption EPSS 92% → see advisory CVE-2013-1488 HIGH Code injection EPSS 86% → see advisoryℹ product-level posture (last 365d); exact per-version verdict pending precise version mapping