Vulnerabilities

ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-jp26-88mw-89qr
  • Maven/dev.sigstore:sigstore-java
sigstore-java has a vulnerability with bundle verification 2 days ago
  • Fix available
  • Severity - 2.1 (Low)
GHSA-6hqr-c69m-r76q
  • Maven/org.apache.hive:hive-exec
Apache Hive: Deserialization of untrusted data when fetching partitions from the Metastore 3 days ago
  • Fix available
  • Severity - 7.2 (High)
GHSA-mqvr-2rp8-j7h4
  • Maven/org.springframework.ldap:spring-ldap-core
Spring LDAP data exposure vulnerability 3 days ago
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-rcq8-9q3j-98mw
  • Maven/org.apache.ozone:ozone
Apache Ozone: Improper authentication when generating S3 secrets 5 days ago
  • Fix available
  • Severity - 8.6 (High)
GHSA-mfj5-cf8g-g2fv
  • Maven/org.asynchttpclient:async-http-client
AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s 5 days ago
  • Fix available
  • Severity - 9.2 (Critical)
GHSA-q4h9-7rxj-7gx2
  • Maven/io.lettuce:lettuce-core
Netty vulnerability included in redis lettuce 5 days ago
  • Fix available
  • Severity - 6.8 (Medium)
GHSA-4cx5-89vm-833x
  • Maven/org.verapdf:core
  • Maven/org.verapdf:core-jakarta
  • Maven/org.verapdf:core-arlington
  • Maven/org.verapdf:verapdf.library
  • Maven/org.verapdf:verapdf-library-jakarta
  • Maven/org.verapdf:verapdf-library-arlington
veraPDF CLI has potential XXE (XML External Entity Injection) vulnerability 6 days ago
  • No fix available
  • Severity - 2.3 (Low)
GHSA-q3v6-hm2v-pw99
  • Maven/org.springframework:spring-beans
  • Maven/org.springframework:spring-context
  • Maven/org.springframework:spring-core
  • Maven/org.springframework:spring-expression
  • Maven/org.springframework:spring-jdbc
Spring Framework has Authorization Bypass for Case Sensitive Comparisons 6 days ago
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-2gx6-qrpp-c4p3
  • Maven/io.antmedia:ant-media-server
Ant-Media-Server vulnerable to Improper Output Neutralization for Logs 29 Nov
  • Fix available
  • Severity - 8.7 (High)
GHSA-6q3q-6v5j-h6vg
  • Maven/io.github.openfeign.querydsl:querydsl-jpa
  • Maven/io.github.openfeign.querydsl:querydsl-apt
  • Maven/com.querydsl:querydsl-jpa
  • Maven/com.querydsl:querydsl-apt
Querydsl vulnerable to HQL injection trough orderBy 27 Nov
  • No fix available
  • Severity - 8.8 (High)
GHSA-4gwv-fpmg-cmv2
  • Maven/io.jenkins.plugins:simple-queue
Jenkins Simple Queue Plugin has stored cross-site scripting (XSS) vulnerability 27 Nov
  • Fix available
  • Severity - 8.6 (High)
GHSA-fwxq-3f52-5cmc
  • Maven/aendter.jenkins.plugins:filesystem-list-parameter-plugin
Jenkins Filesystem List Parameter Plugin has Path Traversal vulnerability 27 Nov
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-q4xm-6fjc-5f6w
  • Maven/dev.sigstore:sigstore-java
sigstore-java has vulnerability with bundle verification 26 Nov
  • Fix available
  • Severity - 5.4 (Medium)
GHSA-v7gv-xpgf-6395
  • Maven/org.keycloak:keycloak-quarkus-server
Keycloak Build Process Exposes Sensitive Data 25 Nov
  • Fix available
  • Severity - 8.2 (High)
GHSA-5545-r4hg-rj4m
  • Maven/org.keycloak:keycloak-quarkus-server
Keycloak Path Traversal Vulnerability Due to External Control of File Name or Path 25 Nov
  • Fix available
  • Severity - 5.1 (Medium)
GHSA-wq8x-cg39-8mrr
  • Maven/org.keycloak:keycloak-services
org.keycloak:keycloak-services has Inefficient Regular Expression Complexity 25 Nov
  • Fix available
  • Severity - 7.1 (High)