This page lists publicly disclosed CVE vulnerabilities affecting jfree jfreechart (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-23077 | JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBounds via the component /chart/plot/CompassPlot.java. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | [email protected] | 7.5 | 0.62% | 2024-04-10 | 2026-06-17 |
| CVE-2023-52070 | JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBounds via the 'setSeriesNeedle(int index, int type)' method. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | [email protected] | 8.4 | 0.25% | 2024-04-10 | 2026-06-17 |
| CVE-2024-23076 | JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /labels/BubbleXYItemLabelGenerator.java. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | [email protected] | 7.5 | 0.97% | 2024-04-10 | 2026-06-17 |
| CVE-2024-22949 | JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /chart/annotations/CategoryLineAnnotation. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | [email protected] | 9.1 | 0.77% | 2024-04-08 | 2026-06-17 |
| CVE-2007-6307 | Multiple cross-site scripting (XSS) vulnerabilities in clickstats.php in wwwstats 3.21 allow remote attackers to inject arbitrary web script or HTML via (1) the link parameter or (2) the User-Agent HTTP header. | [email protected] | 4.3 | 4.14% | 2007-12-11 | 2026-06-16 |
| CVE-2007-6306 | Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area. | [email protected] | 4.3 | 2.76% | 2007-12-11 | 2026-06-16 |