Cloud customer?
Start for Free >
Upgrade in MyJFrog >
What's New in Cloud >



JFrog takes the privacy and security of its customers very seriously and always strives to provide prompt notification and remediation of any vulnerabilities discovered on JFrog products.  As a CVE Numbering Authority (CNA), JFrog assigns CVE identification numbers to newly discovered security vulnerabilities.




JFrog Artifactory prior to version 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query.Artifactory
  • Versions prior to 7.25.4 
  • Versions prior to 6.23.30


  • No labels
Copyright © 2022 JFrog Ltd.