DbVisualizer is written in Java and can thus be exposed to vulnerabilities related to the Java Virtual Machine and the Java ecosystem. Since DbVisualizer is a rich client that runs on a local computer (as opposed to a web-based client) using its own Java VM, attacks that target cloud services or network communication are not a problem in terms of the DbVisualizer application itself, but vulnerabilities in the JDBC drivers that DbVisualizer uses to communicate with the database server can be exposed; this must be verified with the driver vendor.
Below is a list of specific vulnerabilities that have raised concerns among DbVisualizer users, with an explanation of if and how DbVisualizer is exposed, and what the proper mitigation is.
Spring Framework
CVE-2022-22963, CVE-2022-22965
Recommended Action: None.
DbVisualizer does not use the Spring Framework and is hence not exposed.
Log4J
CVE-2021-44228, CVE-2021-4104, CVE-2021-44832