Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-36h5-vrq6-pp34
  • Maven/net.gleske:jervis
 Jervis's Salt for PBKDF2 derived from password 57 minutes ago
  • Fix available
  • Severity - 8.7 (High)
GHSA-mqw7-c5gg-xq97
  • Maven/net.gleske:jervis
 Jervis Has a RSA PKCS#1 Padding Vulnerability 1 hour ago
  • Fix available
  • Severity - 8.7 (High)
GHSA-2g22-wg49-fgv5
  • Maven/org.xwiki.contrib:macro-fullcalendar-pom
 XWiki Full Calendar Macro vulnerable to SQL injection through Calendar.JSONService 3 days ago
  • Fix available
  • Severity - 10.0 (Critical)
GHSA-637h-ch24-xp9m
  • Maven/org.xwiki.contrib:macro-fullcalendar-pom
 XWiki Full Calendar Macro vulnerable to data leak through Calendar.JSONService 3 days ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-gv94-wp4h-vv8p
  • Maven/org.keycloak:keycloak-parent
 Keycloak has Incorrect Behavior Order: Authorization Before Parsing and Canonicalization 5 days ago
  • No fix available
  • Severity - 5.3 (Medium)
GHSA-fcqj-76g3-q7qm
  • Maven/ome:pom-bio-formats
 Bio-Formats has an XML External Entity (XXE) vulnerability 5 days ago
  • No fix available
  • Severity - 4.6 (Medium)
GHSA-qjm3-cvp9-3jj3
  • Maven/ome:pom-bio-formats
 Bio-Formats performs unsafe Java deserialization of attacker-controlled memoization cache files (.bfmemo) during image processing 5 days ago
  • No fix available
  • Severity - 6.8 (Medium)
GHSA-5f29-2333-h9c7
  • Maven/org.open-metadata:platform
 OpenMetadata's Server-Side Template Injection (SSTI) in FreeMarker email templates leads to RCE 5 days ago
  • Fix available
  • Severity - 8.5 (High)
GHSA-j382-5jj3-vw4j
  • Maven/io.undertow:undertow-core
 Undertow HTTP server core doesn't properly validate the Host header in incoming HTTP requests 5 days ago
  • No fix available
  • Severity - 9.6 (Critical)
GHSA-5rfx-cp42-p624
  • Maven/io.quarkus:quarkus-rest
 Quarkus REST has potential worker thread starvation when HTTP connection is closed while waiting to write 5 days ago
  • Fix available
  • Severity - 5.9 (Medium)
GHSA-vrjc-q2fh-6x9h
  • Maven/io.spinnaker.clouddriver:clouddriver-artifacts
 Spinnaker vulnerable to SSRF due to improper restrictions on http from user input 05 Jan
  • Fix available
  • Severity - 7.9 (High)
GHSA-jqmr-2pg9-vfx7
  • Maven/org.apache.sis.core:sis-metadata
 Apache SIS has Improper Restriction of XML External Entity Reference vulnerability 05 Jan
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-cw39-r4h6-8j3x
  • Maven/org.msgpack:msgpack-core
 MessagePack for Java Vulnerable to Remote DoS via Malicious EXT Payload Allocation 05 Jan
  • Fix available
  • Severity - 7.5 (High)
GHSA-7wwv-79xw-rvvg
  • Maven/com.vaadin:vaadin
  • Maven/com.vaadin:vaadin-server
  • Maven/com.vaadin:vaadin-spreadsheet-flow
 Vaadin vulnerable to Cross-site Scripting 05 Jan
  • Fix available
  • Severity - 4.8 (Medium)
GHSA-f8r6-6222-9pvc
  • Maven/org.apache.kyuubi:kyuubi-server_2.12
 Apache Kyuubi Server vulnerable to Path Traversal 05 Jan
  • Fix available
  • Severity - 8.8 (High)
GHSA-5r2g-vphf-m5xc
  • Maven/org.apache.streampipes:streampipes-parent
 Apache StreamPipes has Improper Privilege Management issue 01 Jan
  • Fix available
  • Severity - 4.9 (Medium)
Load more...