Home > Support Docs >
TopBraid Enterprise Data Governance (EDG) Security
TopQuadrant Vulnerability Management and Security Policies
TopQuadrant maintains SOC 2 Type 2 Compliance
Open Source Software |
TopQuadrant maintains a current list of open source software used in EDG available here. TopQuadrant updates these libraries regularly to ensure the most current security patches are applied. |
Scans |
TopQuadrant code base is continually monitored for known vulnerabilities. Prior to releases, a complete scan is done as well. Please contact TopQuadrant support for copies of this report. |
Response |
All vulnerabilities are analyzed for impact and severity. If a vulnerability is found to be critical in the context of normal operation of the software, it will be remedied with a patch or new release or mitigation controls. Non-critical vulnerabilities will be remedied in the following release. |
Notification |
Customers will be notified through TopQuadrant support if critical vulnerabilities are found that will have an impact on the software and its use by customers. |
Reporting |
Customers are encouraged to contact TopQuadrant at security@topquadrant.com to report any security concerns or questions regarding TopQuadrant software. |
The following table shows the CVEs addressed with TopQuadrant’s latest release. You can find more information in the release notes and corresponding change logs.
8.5.0
CVE-2025-21587 Timing Attack CVE-2025-48976 Allocation of Resources Without Limits or Throttling CVE-2025-48988 Apache Tomcat – DoS in multipart upload CVE-2025-48734 Use of Externally-Controlled Input to Select Classes or Code (‘Unsafe Reflection’) CVE-2025-31650 Improper Cleanup on Thrown Exception CVE-2025-43864 React Router allows a DoS via cache poisoning by forcing SPA mode CVE-2025-27789 Babel has inefficient RexExp complexity in generated code with .replace when transpiling named capturing groups CVE-2025-48924 Apache Commons Lang is vulnerable to Uncontrolled Recursion when processing long inputs CVE-2025-49125 Authentication Bypass Using an Alternate Path or Channel CVE-2025-41234 HTTP Response Splitting CVE-2025-4949 Eclipse JGit XML External Entity (XXE) Vulnerability CVE-2025-22234 Timing Attack CVE-2025-32997 http-proxy-middleware allows fixRequestBody to proceed even if bodyParser has failed CVE-2025-32996 http-proxy-middleware can call writeBody twice because “else if” is not used CVE-2025-30698 Heap-based Buffer Overflow CVE-2025-30691 Buffer Overflow CVE-2025-31651 Improper Neutralization CVE-2025-53864 Uncontrolled Recursion CVE-2025-6493 Regular Expression Denial of Service (ReDoS) CVE-2025-22233 Improper Handling of Case Sensitivity CVE-2025-5889 brace-expansion Regular Expression Denial of Service vulnerability CVE-2025-22227 Exposure of Sensitive System Information to an Unauthorized Control Sphere CVE-2025-7339 on-headers is vulnerable to http response header manipulation |
Critical High High High High High Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Low Low Low Low |
8.4.0
CVE-2025-22228 Authentication Bypass by Primary Weakness CVE-2025-21587 Timing Attack CVE-2025-24970 Improper Validation of Specified Quantity in Input CVE-2025-24813 Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT CVE-2025-27152 Server-side Request Forgery (SSRF) |
Critical Critical High High Medium |
8.3.3
CVE-2025-21587 |
critical |
8.3.2
CVE-2025-22228 |
critical |
8.3.0
CVE-2024-38356, CVE-2024-38357 CVE-2024-35255 CVE-2023-45857 CVE-2022-36033 CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160 CVE-2024-45744 |
medium medium medium medium medium low |
8.2.3
CVE-2025-21587 |
critical |
8.2.2
CVE-2025-22228 |
critical |
8.2.0
CVE-2024-38821 CVE-2024-40094 CVE-2024-21147, CVE-2024-20932, CVE-2024-20952, CVE-2024-20918, CVE-2023-21930 CVE-2024-34750 CVE-2024-7254 CVE-2024-25710 CVE-2024-45801 CVE-2024-38809 |
critical high high high high high high medium |
8.1.3
CVE-2025-21587 |
critical |
8.1.2
CVE-2025-22228 |
critical |
8.1.1
CVE-2024-21147 CVE-2024-34750 |
high high |
8.1.0
CVE-2024-34447, CVE-2024-29857 CVE-2023-52428 CVE-2023-33953,CVE-2023-44487, CVE-2023-4785 |
high high high |
8.0.4
CVE-2025-21587 |
critical |
8.0.3
CVE-2025-22228 |
critical |
8.0.2
CVE-2024-21147 CVE-2024-34750 |
high high |
8.0.1
CVE-2023-44981 CVE-2024-45745 |
critical medium |
8.0.0
CVE-2023-5072 CVE-2023-34054, CVE-2023-34062, CVE-2023-36414, CVE-2023-36415, CVE-2023-44487 CVE-2020-28458 CVE-2023-4785, CVE-2023-33953 |
high high high high |
7.8.2
CVE-2024-21147 |
high |
7.8.0
CVE-2021-20087 CVE-2023-4759 CVE-2023-34609 CVE-2023-45133 CVE-2023-3635 CVE-2023-28708 CVE-2023-28709 CVE-2023-2976 CVE-2016-1000027 CVE-2023-34034 |
high medium medium low low low low low low low |
7.7.0
CVE-2023-30533 CVE-2018-16487 CVE-2022-1471 CVE-2023-1370 CVE-2023-22665 CVE-2022-3171 CVE-2022-3509 CVE-2022-3510 CVE-2023-28867 CVE-2023-24998 |
low low low low low high high high high high |
7.6.0
CVE-2022-45143,
CVE-2022-4188,
CVE-2022-41915,
CVE-2022-23494,
CVE-2022-46175,
CVE-2022-41915,
CVE-2022-41881 |
low |
7.5.0
CVE-2022-25857,
CVE-2022-25858,
CVE-2022-3760,
CVE-2022-29885,
CVE-2022-23181,
CVE-2020-36518 |
low |
7.4.1
CVE-2022-42889 |
low |
7.4.0
CVE-2021-37136,
CVE-2021-37137 |
low |
7.3.0
CVE-2022-23596 |
low |
7.2.0
CVE-2021-37714,
CVE-2020-26870,
CVE-2021-3749,
CVE-2020-28168,
CVE-2021-42340 |
low |
7.1.3
CVE-2021-44832 Log4j 2.17 |
low |
7.1.1
CVE-2021-45046 Log4j CVE-2021-44228 Log4j |
low critical |
7.1.0
CVE-2019-13990 Quartz |
low |
7.0.5
CVE-2021-45105 Log4j |
low |
7.0.4
CVE-2021-45046 Log4j CVE-2021-44228 Log4j |
low critical |
7.0.1
Removed debugging utility with additional abilities |
high |
7.0.0
CVE-2018-10237, CVE-2019-12400, CVE-2020-2773, CVE-2020-8908, CVE-2020-25649, CVE-2019-10744, CVE-2020-8203, CVE-2021-23337, CVE-2015-9251 |
low |
6.4.4
Removed debugging utility with additional abilities |
high |
6.4.2
CVE-2019-10086, CVE2013-0248, CVE-2014-0050, CVE-2016-1000031, CVE-2016-3092, and CVE-2012-0881 |
low |
6.4.1
CVE-2020-13822: elliptic CVE-2020-8203: lodash |
low low |
6.4.0
CVE-2020-7662: websocket-extensions CVE-2019-0205, CVE-2019-0210: Apache Thrift (Apache Jena) |
low low |
