A total of 16 are categorised as critical, meaning they could be exploited for remote code execution.
"Most of their products, including the acquisitioned PeopleSoft, JD Edwards, Weblogic and the recent Sun/MySQL lines, are affected by this update," advised Wolfgang Kandek, CTO of security company Qualys.
"Only PeopleSoft and the virtualisation products are not affected by this critical rating - everybody else should pay close attention to the release.
"One notable exception is the Java programming language as it is updated on a separate schedule and had its last release in December 2011."
You can find the full list of affected products here.
Oracle's list of patches makes for a busy January for IT departments, following Adobe and Microsoft announcements from earlier this month.
Microsoft, which usually keeps January quiet for patching, issued seven security bulletins covering eight vulnerabilities. One of those covered the BEAST SSL flaw highlighted by researchers last year.
Researchers found a way to exploit a long-known flaw in TLS (Transport Layer Security) that could have undermined the security credentials of the SSL cryptographic protocol and affected millions of sites. However, little emerged from the discovery and the Redmond giant now has Windows users' backs covered.
Adobe, meanwhile, addressed critical flaws in Reader and Acrobat on the same day (10 January).