jorani CVE Vulnerabilities & Metrics

Focus on jorani vulnerabilities and metrics.

Last updated: 16 Apr 2026, 22:25 UTC

About jorani Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with jorani. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total jorani CVEs: 9
Earliest CVE date: 28 Jun 2022, 00:15 UTC
Latest CVE date: 17 Feb 2026, 20:22 UTC

Latest CVE reference: CVE-2025-67102

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): -100.0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): -100.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical jorani CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 2.07

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range Count
0.0-3.9 6
4.0-6.9 2
7.0-8.9 1
9.0-10.0 0

CVSS Distribution Chart

Top 5 Highest CVSS jorani CVEs

These are the five CVEs with the highest CVSS scores for jorani, sorted by severity first and recency.

All CVEs for jorani

CVE-2025-67102 jorani vulnerability CVSS: 0 17 Feb 2026, 20:22 UTC

A SQL injection vulnerability in the alldayoffs feature in Jorani up to v1.0.4, allows an authenticated attacker to execute arbitrary SQL commands via the entity parameter.

CVE-2023-48205 jorani vulnerability CVSS: 0 07 Dec 2023, 07:15 UTC

Jorani Leave Management System 1.0.2 allows a remote attacker to spoof a Host header associated with password reset emails.

CVE-2023-45540 jorani vulnerability CVSS: 0 16 Oct 2023, 22:15 UTC

An issue in Jorani Leave Management System 1.0.3 allows a remote attacker to execute arbitrary HTML code via a crafted script to the comment field of the List of Leave requests page.

CVE-2023-2681 jorani vulnerability CVSS: 0 03 Oct 2023, 13:15 UTC

An SQL Injection vulnerability has been found on Jorani version 1.0.0. This vulnerability allows an authenticated remote user, with low privileges, to send queries with malicious SQL code on the "/leaves/validate" path and the “id” parameter, managing to extract arbritary information from the database.

CVE-2023-26469 jorani vulnerability CVSS: 0 17 Aug 2023, 19:15 UTC

In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server.

CVE-2022-48118 jorani vulnerability CVSS: 0 27 Jan 2023, 20:15 UTC

Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Acronym parameter.

CVE-2022-34134 jorani vulnerability CVSS: 6.8 28 Jun 2022, 00:15 UTC

Jorani v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /application/controllers/Users.php.

CVE-2022-34133 jorani vulnerability CVSS: 4.3 28 Jun 2022, 00:15 UTC

Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Comment parameter at application/controllers/Leaves.php.

CVE-2022-34132 jorani vulnerability CVSS: 7.5 28 Jun 2022, 00:15 UTC

Jorani v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at application/controllers/Leaves.php.