DbVisualizer is written in Java and can thus be exposed to vulnerabilities related to the Java Virtual Machine and the Java ecosystem. Since DbVisualizer is a rich client that runs on a local computer (as opposed to a web-based client) using its own Java VM, attacks that target cloud services or network communication are not a problem in terms of the DbVisualizer application itself, but vulnerabilities in the JDBC drivers that DbVisualizer uses to communicate with the database server can be exposed; this must be verified with the driver vendor.
Below is a list of specific vulnerabilities that have raised concerns among DbVisualizer users, with an explanation of if and how DbVisualizer is exposed, and what the proper mitigation is.
Apache Commons Text
DbVisualizer uses "Apache Commons Text" but since no remote code execution or contact with remote servers is invoked, the vulnerability is not affecting DbVisualizer.
Recommended Action: None.
Spring Framework
CVE-2022-22963, CVE-2022-22965
Recommended Action: None.
DbVisualizer does not use the Spring Framework and is hence not exposed.
Log4J
CVE-2021-44228, CVE-2021-4104, CVE-2021-44832