According to the Red Database website, the flaws were first reported to Oracle nearly two years ago.
"It seems that Oracle is not interested in fixing and providing patches for this issue. If you think you need a patch to protect your Oracle Application Server you should contact Oracle," wrote Alexander Kornbrust in the security reports.
At least one of the flaws provides a way for hackers to take control of a system running the Oracle application.
Red Database claims to have sent Oracle a reminder about the flaws on 15 April, threatening to publish the details if the flaws were not addressed in the company's July patch update.
Kornbrust released details about the security holes out of frustration over Oracle's refusal to issue a patch, and to provide details about workarounds that mitigate the risk.
Unveiling the security holes challenges the database vendor's claim to making software that is 'unbreakable', but as a nasty flipside could attract hackers to exploit the flaws.
A spokesman for Oracle told vnunet.com that the company responds to software flaws "as quickly as possible", and that he would have preferred Kornbrust to wait.
"We are disappointed when any details of Oracle product security vulnerabilities are released to the public before patches can be made available, " he said.
Two of the big four supermarkets will use the system to control sales of restricted products
PUBG news and updates: November's Update #23 to bring new Skorpion pistol and changes to blue zone visibility
Genuinely useful side-arm coming to PUBG in Update #23
Asda, Morrisons and Tesco in the frame for checkout facial recognition technology
Research opens up new possibilities for structural batteries, where the carbon fibre forms part of the energy system