If you are not sure if the website you would like to visit is secure, you can verify it here. Enter the website address of the page and see parts of its content and the thumbnail images on this site. None (if any) dangerous scripts on the referenced page will be executed. Additionally, if the selected site contains subpages, you can verify it (review) in batches containing 5 pages.
favicon.ico: www.playframework.com/security/vulnerability - Play Security Vulnerabilities.

site address: www.playframework.com/security/vulnerability redirected to: www.playframework.com/security/vulnerability

site title: Play Security Vulnerabilities

Our opinion (on Tuesday 14 July 2026 17:13:23 UTC):

GREEN status (no comments) - no comments
After content analysis of this website we propose the following hashtags:



Meta tags:
description=Play Framework - The High Velocity Web Framework For Java and Scala;

Headings (most frequently used words):

play, in, fixed, vulnerability, cve, xmlexternalentity, xml, external, entity, xss, 2020, session, json, parse, filter, bypass, ws, improper, csrf, http, 20171005, corsvaryheader, vary, header, handling, cors, 2014, 3630, 20130920, 20130911, 20130806, sessioninjection, injection, 20160301, xsssecuremodule, the, secure, module, login, page, 20151230, sessionhijack, hijack, 20150506, xssurlparamerter, url, parameter, 16, of, denial, service, stack, 24, to, 18, 14, 11, 26882, jsonparsedataamplification, data, amplification, 26883, jsonparseuncontrolledrecursion, uncontrolled, recursion, 27196, dosviajsonstackoverflow, dos, via, overflow, 12480, csrfblacklistbypass, content, type, black, list, 2019, 17598, playwshttpconnectauthorizationheaders, sending, connect, including, authorizing, headers, target, host, 2018, 13864, pathtraversal, path, traversal, assets, controller, 20170828, invaliduriparsing, asynchttpclient, and, uri, parsing, 20170407, logbackdeser, java, deserialization, logback, socketappender, 20170120, wsoauthdos, oauth, 20160304, csrfbypass, 20160622, javascriptrouterxss, javascript, router, 2015, 2156, httponlybypass, only, cookie, 2022, security, vulnerabilities, 31018, when, binding, forms, from, 31023, dev, error, trace, leaking, into, prod, 28923, improperremovalofsensitiveinformationbeforestorageortransfer, removal, sensitive, information, before, storage, or, transfer, community, receiving, advisories, reporting, documentation, find, help, contribute, support, donate, our, collective, framework, links, code, contribution, social, networks,

Text of the page (most frequently used words):
play (59), fixed (30), #vulnerability (16), cve (16), security (11), 2020 (9), the (8), json (7), xml (6), external (6), #entity (6), xmlexternalentity (6), list (6), parse (6), and (5), xss (5), code (4), documentation (4), forum (4), vulnerabilities (4), stack (4), session (4), bypass (4), filter (4), png (4), svg (4), framework (3), collective (3), get (3), involved (3), via (3), community (3), discord (3), discuss (3), overflow (3), csrf (3), improper (3), open (2), twitter (2), github (2), contributors (2), try (2), you (2), our (2), stackoverflow (2), reporting (2), server (2), advisories (2), first (2), url (2), parameter (2), 20150506 (2), xssurlparamerter (2), hijack (2), 20151230 (2), sessionhijack (2), secure (2), module (2), login (2), page (2), 20160301 (2), xsssecuremodule (2), injection (2), 20130806 (2), sessioninjection (2), 20130911 (2), 20130920 (2), 2014 (2), 3630 (2), http (2), only (2), denial (2), service (2), vary (2), header (2), handling (2), cors (2), 20171005 (2), corsvaryheader (2), content (2), type (2), black (2), 12480 (2), csrfblacklistbypass (2), dos (2), 27196 (2), dosviajsonstackoverflow (2), uncontrolled (2), recursion (2), 26883 (2), jsonparseuncontrolledrecursion (2), data (2), amplification (2), 26882 (2), jsonparsedataamplification (2), before (2), 2022 (2), all (2), email (2), core (2), team (2), mailing (2), released, under, apache, license, social, networks, bug, tracker, contribution, jobs, indeed, links, tutorials, like, consider, becoming, sponsor, donate, support, process, conduct, contribute, find, help, change, log, full, build, your, app, requirements, cookie, 2015, 2156, httponlybypass, javascript, router, 20160622, javascriptrouterxss, 20160304, csrfbypass, oauth, 20170120, wsoauthdos, java, deserialization, logback, socketappender, 20170407, logbackdeser, asynchttpclient, uri, parsing, 20170828, invaliduriparsing, path, traversal, assets, controller, 2018, 13864, pathtraversal, sending, connect, including, authorizing, headers, target, host, 2019, 17598, playwshttpconnectauthorizationheaders, removal, sensitive, information, storage, transfer, 28923, improperremovalofsensitiveinformationbeforestorageortransfer, dev, error, trace, leaking, into, prod, 31023, when, binding, forms, from, 31018, bugs, should, reported, this, delivered, subset, who, handle, issues, protected, strongly, encourage, people, report, such, problems, private, disclosing, them, public, very, low, traffic, receives, notifications, after, reports, have, been, managed, fixes, are, publicly, available, best, way, receive, any, announcements, subscribe, receiving, that, what, looking, for,


Text of the page (random words):
play security vulnerabilities play framework try play documentation get involved open collective discuss play forum play discord server twitter github stackoverflow is that what you re looking for svg png svg png svg png svg png security vulnerabilities receiving security advisories the best way to receive any and all security announcements is to subscribe to the play security list the mailing list is very low traffic and receives notifications only after security reports have been managed by the core team and fixes are publicly available reporting vulnerabilities we strongly encourage people to report such problems to our private security mailing list first before disclosing them in a public forum all security bugs in play should be reported by email to email protected this list is delivered to a subset of the core team who handle security issues play 2 8 x fixed in play 2 8 16 cve 2022 31018 denial of service when binding forms from json cve 2022 31023 dev error stack trace leaking into prod fixed in play 2 8 5 cve 2020 28923 improperremovalofsensitiveinformationbeforestorageortransfer improper removal of sensitive information before storage or transfer fixed in play 2 8 3 cve 2020 26882 jsonparsedataamplification json parse data amplification cve 2020 26883 jsonparseuncontrolledrecursion json parse uncontrolled recursion cve 2020 27196 dosviajsonstackoverflow dos via json parse stack overflow fixed in play 2 8 2 cve 2020 12480 csrfblacklistbypass play csrf filter content type black list bypass play 2 7 x fixed in play 2 7 6 cve 2020 26882 jsonparsedataamplification json parse data amplification cve 2020 26883 jsonparseuncontrolledrecursion json parse uncontrolled recursion cve 2020 27196 dosviajsonstackoverflow dos via json parse stack overflow fixed in play 2 7 5 cve 2020 12480 csrfblacklistbypass play csrf filter content type black list bypass play 2 6 x fixed in play 2 6 24 cve 2019 17598 playwshttpconnectauthorizationheaders play ws sending http connect including authorizing headers to target host fixed in play 2 6 16 cve 2018 13864 pathtraversal path traversal in assets controller fixed in play 2 6 6 20171005 corsvaryheader improper vary header handling in cors filter fixed in play 2 6 5 20170828 invaliduriparsing asynchttpclient and play ws uri parsing vulnerability play 2 5 x fixed in play 2 5 18 20171005 corsvaryheader improper vary header handling in cors filter fixed in play 2 5 14 20170407 logbackdeser java deserialization vulnerability in logback socketappender fixed in play 2 5 11 20170120 wsoauthdos ws oauth denial of service play 2 4 x fixed in play 2 5 0 20160304 csrfbypass csrf bypass fixed in play 2 4 8 20160622 javascriptrouterxss javascript router xss play 2 3 x fixed in play 2 3 9 cve 2015 2156 httponlybypass http only cookie bypass fixed in play 2 3 5 cve 2014 3630 xmlexternalentity xml external entity vulnerability play 2 2 x fixed in play 2 2 6 cve 2014 3630 xmlexternalentity xml external entity vulnerability play 2 1 x fixed in play 2 1 5 20130920 xmlexternalentity xml external entity vulnerability fixed in play 2 1 4 20130911 xmlexternalentity xml external entity vulnerability fixed in play 2 1 3 20130806 sessioninjection session injection vulnerability play 2 0 x fixed in play 2 0 8 20130920 xmlexternalentity xml external entity vulnerability fixed in play 2 0 7 20130911 xmlexternalentity xml external entity vulnerability fixed in play 2 0 6 20130806 sessioninjection session injection vulnerability play 1 4 x fixed in play 1 4 2 20160301 xsssecuremodule xss vulnerability in the secure module login page fixed in play 1 4 1 20151230 sessionhijack session hijack vulnerability play 1 3 x fixed in play 1 3 4 20160301 xsssecuremodule xss vulnerability in the secure module login page fixed in play 1 3 3 20151230 sessionhijack session hijack vulnerability fixed in play 1 3 1 20150506 xssurlparamerter xss url parameter vulnerability play 1 2 x fixed in play 1 2 7 2 20150506 xssurlparamerter xss url parameter vulnerability documentation play requirements build your first app full documentation change log security advisories find help discuss play forum discord server stack overflow contribute code and contributors code of conduct get involved community process reporting security vulnerabilities community support discuss forum discord stackoverflow donate to our collective if you like play consider becoming a sponsor play framework try play tutorials documentation community links jobs via indeed code contribution code contributors bug tracker github get involved social networks twitter open collective play framework is released under the apache 2 license
Thumbnail images (randomly selected): * Images may be subject to copyright.GREEN status (no comments)

Verified site has: 40 subpage(s). Do you want to verify them? Verify pages:

1-5 6-10 11-15 16-20 21-25 26-30 31-35 36-40


Top 50 hastags from of all verified websites.

Supplementary Information (add-on for SEO geeks)*- See more on header.verify-www.com

Header

HTTP/1.1 301 Moved Permanently
Date Tue, 14 Jul 2026 17:13:23 GMT
Content-Type text/html; charset=UTF-8
Transfer-Encoding chunked
Connection close
Server-Timing cfEdge;dur=17,cfOrigin;dur=0
Location htt????/www.playframework.com/security/vulnerability
Report-To group : cf-nel , max_age :604800, endpoints :[ url : htt????/a.nel.cloudflare.com/report/v4?s=CQdZpMR4GqiMjlAhWRDNaT9IFXkEojnRK8f2Rg56Ry%2B%2B4rvEMnMv1%2Fty8XZUN3PBtWi9JvP4HUCozs3sZHM2FeEBZZVjDvtvRcPgbcC7OqteSTk3Yoifnm2w%2BB5Q2IoXmTFH13OwOQ0%3D ]
Nel report_to : cf-nel , success_fraction :0.0, max_age :604800
Server cloudflare
CF-RAY a1b228628ec696f9-AMS
alt-svc h3= :443 ; ma=86400
HTTP/2 200
date Tue, 14 Jul 2026 17:13:23 GMT
content-type text/html; charset=UTF-8
server cloudflare
nel report_to : cf-nel , success_fraction :0.0, max_age :604800
cache-control max-age=1000
referrer-policy origin-when-cross-origin, strict-origin-when-cross-origin
x-frame-options sameorigin
x-xss-protection 1; mode=block
x-content-type-options nosniff
x-permitted-cross-domain-policies master-only
report-to group : cf-nel , max_age :604800, endpoints :[ url : htt????/a.nel.cloudflare.com/report/v4?s=rqlMLl0fGwxVSkvRqLlbUM%2F9ezdiWt3QCqc%2BrE6XpjqFj2GMSFIXP4bZS8jHPnrV4sjiD5O0SYUAs3YLIc5e%2BvXPWVeKKrM%2BpM88I9D6tvmv%2FsZJc8mjeZu34deXnkbFsrOmvFH3qbk%3D ]
cf-cache-status DYNAMIC
vary accept-encoding
server-timing cfCacheStatus;desc= DYNAMIC
server-timing cfEdge;dur=8,cfOrigin;dur=11
content-encoding gzip
cf-ray a1b22862d9464562-CDG
alt-svc h3= :443 ; ma=86400

Meta Tags

title="Play Security Vulnerabilities"
charset="utf-8"
http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"
name="description" content="Play Framework - The High Velocity Web Framework For Java and Scala"
name="viewport" content="width=device-width,maximum-scale=1"
name="globalsign-domain-verification" content="wISFsU3SjLaCmI4hF3fuBebFOs4shuuBnKV7fGALYz"
name="google-site-verification" content="9oxXjOc4jWfnf21Iep-0dc2sDawa14s-Gpwho_yb5AU"

Load Info

page size4422
load time (s)0.130972
redirect count1
speed download34015
server IP 172.67.217.139
* all occurrences of the string "http://" have been changed to "htt???/"