Skip to content
Security and Compliance Documentation
Type to start searching
Security Processes
Security Guidelines
Security Announcements
Security Reporting
Report a Security Issue
WSO2 Security and Compliance Documentation
wso2/docs-security
WSO2 Security and Compliance Documentation
Security Processes
Security Processes
Secure Software Development Process
Vulnerability Management Process
Security Guidelines
Security Guidelines
Secure Engineering Guidelines
Secure Engineering Guidelines
Secure Coding Guidelines
Secure Coding Guidelines
Introduction
General Recommendations for Secure Coding
General Recommendations for React Secure Coding
OWASP Top 10 - 2017 Prevention
OWASP Top 10 - 2013 Prevention
OWASP Mobile Top 10 Prevention
Tooling Recommendations for Secure Coding
Security Related HTTP Headers
OWASP CSRFGuard
Static Code Analysis using FindSecurityBugs
Dynamic Analysis with OWASP ZAP
External Dependency Analysis using OWASP Dependency Check
Security Guidelines for Production Deployment
Security Announcements
Security Announcements
WSO2 Security Advisories
WSO2 Security Advisories
2023 Advisories
2023 Advisories
WSO2-2022-1821
WSO2-2022-1910
WSO2-2022-2019
WSO2-2022-2043
WSO2-2022-2357
2022 Advisories
2022 Advisories
WSO2-2021-1259
WSO2-2021-1334
WSO2-2021-1438
WSO2-2021-1459
WSO2-2021-1480
WSO2-2021-1482
WSO2-2021-1487
WSO2-2021-1509
WSO2-2021-1524
WSO2-2021-1530
WSO2-2021-1531
WSO2-2021-1573
WSO2-2021-1574
WSO2-2021-1592
WSO2-2021-1603
WSO2-2021-1605
WSO2-2021-1646
WSO2-2021-1720
WSO2-2021-1738
WSO2-2022-1476
WSO2-2022-1698
WSO2-2022-1745
WSO2-2022-1849
WSO2-2022-1923
2021 Advisories
2021 Advisories
WSO2-2020-0751
WSO2-2020-0752
WSO2-2020-0716
WSO2-2020-0787
WSO2-2020-0803
WSO2-2020-0840
WSO2-2020-0873
WSO2-2020-1106
WSO2-2020-1119
WSO2-2020-1130
WSO2-2020-1132
WSO2-2020-1139
WSO2-2020-1196
WSO2-2020-1224
WSO2-2020-1225
WSO2-2020-1233
WSO2-2021-1238
WSO2-2021-1258
WSO2-2021-1260
WSO2-2021-1261
WSO2-2021-1289
WSO2-2021-1292
WSO2-2021-1314
WSO2-2021-1315
WSO2-2021-1338
WSO2-2021-1347
WSO2-2021-1350
WSO2-2021-1351
WSO2-2021-1357
WSO2-2021-1453
WSO2-2021-1497
WSO2-2021-1411
WSO2-2021-1699
2020 Advisories
2020 Advisories
WSO2-2019-0661
WSO2-2018-0537
WSO2-2019-0651
WSO2-2019-0663
WSO2-2019-0665
WSO2-2019-0666
WSO2-2019-0667
WSO2-2019-0670
WSO2-2019-0673
WSO2-2019-0681
WSO2-2020-0684
WSO2-2020-0685
WSO2-2020-0687
WSO2-2020-0688
WSO2-2020-0689
WSO2-2020-0690
WSO2-2020-0693
WSO2-2020-0698
WSO2-2020-0699
WSO2-2020-0700
WSO2-2020-0701
WSO2-2020-0702
WSO2-2020-0705
WSO2-2020-0706
WSO2-2020-0707
WSO2-2020-0711
WSO2-2020-0713
WSO2-2020-0718
WSO2-2020-0722
WSO2-2020-0727
WSO2-2020-0728
WSO2-2020-0730
WSO2-2020-0731
WSO2-2020-0734
WSO2-2020-0742
WSO2-2020-0747
WSO2-2020-0755
WSO2-2020-0781
WSO2-2020-0843
WSO2-2020-0864
2019 Advisories
2019 Advisories
WSO2-2019-0432
WSO2-2019-0486
WSO2-2019-0501
WSO2-2019-0504
WSO2-2019-0545
WSO2-2019-0554
WSO2-2019-0571
WSO2-2019-0597
WSO2-2019-0598
WSO2-2019-0600
WSO2-2019-0616
WSO2-2019-0618
WSO2-2019-0621
WSO2-2019-0624
WSO2-2019-0625
WSO2-2019-0633
WSO2-2019-0634
WSO2-2019-0635
WSO2-2019-0636
WSO2-2019-0644
WSO2-2019-0645
WSO2-2019-0646
WSO2-2019-0647
WSO2-2019-0653
WSO2-2019-0655
WSO2-2019-0656
WSO2-2019-0658
2018 Advisories
2018 Advisories
WSO2-2018-0462
2017 Advisories
2017 Advisories
WSO2-2017-0177
WSO2-2017-0179
WSO2-2017-0182
WSO2-2017-0183
WSO2-2017-0184
WSO2-2017-0185
WSO2-2017-0186
WSO2-2017-0187
WSO2-2017-0188
WSO2-2017-0190
WSO2-2017-0197
WSO2-2017-0198
WSO2-2017-0203
WSO2-2017-0210
WSO2-2017-0212
WSO2-2017-0218
WSO2-2017-0223
WSO2-2017-0235
WSO2-2017-0254
WSO2-2017-0255
WSO2-2017-0257
WSO2-2017-0260
WSO2-2017-0261
WSO2-2017-0262
WSO2-2017-0263
WSO2-2017-0265
WSO2-2017-0266
WSO2-2017-0267
WSO2-2017-0289
WSO2-2017-0326
2016 Advisories
2016 Advisories
WSO2-2016-0092
WSO2-2016-0095
WSO2-2016-0096
WSO2-2016-0098
WSO2-2016-0101
WSO2-2016-0104
WSO2-2016-0127
WSO2-2016-0135
WSO2-2016-0138
WSO2-2016-0140
WSO2-2016-0141
WSO2-2016-0150
WSO2-2016-0151
WSO2-2016-0156
WSO2-2016-0158
WSO2-2016-0159
WSO2-2016-0168
WSO2-2016-0169
WSO2-2016-0170
CVE to WSO2 Security Advisory Mapping
CVE Justifications
CVE Justifications
2022
2022
CVE-2021-42392
CVE-2022-22965
CVE-2022-42889
CVE-2022-3602 and CVE-2022-3786
log4j v1 vulnerabilities (CVE-2022-23302 CVE-2022-23305 CVE-2022-23307)
2021
2021
ZDI-CAN-13449
2020
2020
CVE-2019-6513
CVE-2019-17571
CVE-2020-1938
CVE-2020-13226
2019
2019
CVE-2019-6512
CVE-2019-6515
Incident Clarifications
Incident Clarifications
2021
2021
Codecov supply chain breach
NPM packages coa and rc Compromised
NPM package UA-Parser-JS Compromised
Log4j2 zero-day vulnerability (CVE-2021-44228 / CVE-2021-45046 / CVE-2021-45105)
CVE-2021-4104
2020
2020
SolarWinds SUNBURST breach
Security Reporting
Security Reporting
Report Security Issues
Vulnerability Reporting Guidelines
Reward and Acknowledgement Program
Reward and Acknowledgement Program
Reward and Acknowledgement Program
Security Hall of Fame
404 - Not found
2019 CVE Justifications
¶
CVE-2019-6512
CVE-2019-6515