OSV - Open Source Vulnerabilities

GHSA-qj5r-2r5p-phc7

Maven/org.keycloak:keycloak-services

Keycloak-services SMTP Inject Vulnerability

3 hours ago

No fix available
Severity - 6.5 (Medium)

GHSA-57q2-6cp4-9mq3

Maven/org.xwiki.platform:xwiki-platform-oldcore
Maven/org.xwiki.platform:xwiki-platform-legacy-oldcore

XWiki exposes passwords and emails stored in fields not named password/email in xml.vm

yesterday

Fix available
Severity - 8.7 (High)

GHSA-r38m-cgpg-qj69

Maven/org.xwiki.platform:xwiki-platform-oldcore
Maven/org.xwiki.platform:xwiki-platform-legacy-oldcore

XWiki leaks password hashes and other accessible password properties

yesterday

Fix available
Severity - 7.1 (High)

GHSA-m9x4-w7p9-mxhx

Maven/org.xwiki.platform:xwiki-platform-web-templates

XWiki allows Reflected XSS in two templates

yesterday

Fix available
Severity - 5.3 (Medium)

GHSA-3j6h-5v68-hvqg

Maven/com.liferay:com.liferay.captcha.impl

Liferay Portal CAPTCHA Bypass for Gogo Shell

yesterday

Fix available
Severity - 6.9 (Medium)

GHSA-jr43-q92q-5q82

Maven/org.apache.zeppelin:zeppelin-jdbc

Apache Zeppelin: Arbitrary file read by adding malicious JDBC connection string

3 days ago

Fix available
Severity - 6.6 (Medium)

GHSA-p288-459w-jxj6

Maven/org.apache.zeppelin:zeppelin-web

Apache Zeppelin: XSS in the Helium module

3 days ago

Fix available
Severity - 6.1 (Medium)

GHSA-xg8j-j6vp-6h5w

Maven/org.apache.zeppelin:zeppelin-shell

Apache Zeppelin: Missing Origin Validation in WebSockets vulnerability

3 days ago

Fix available
Severity - 6.9 (Medium)

GHSA-2rjv-cv85-xhgm

Maven/org.opensearch.plugin:opensearch-security

OpenSearch unauthorized data access on fields protected by field level security if field is a member of an object

5 days ago

Fix available
Severity - 5.7 (Medium)

GHSA-rrmm-wq7q-h4v5

Maven/org.opensearch.plugin:opensearch-security

OpenSearch unauthorized data access on fields protected by field masking for fields of type ip, geo_point, geo_shape, xy_point, xy_shape

5 days ago

Fix available
Severity - 5.7 (Medium)

GHSA-72ww-4rcw-mc62

Maven/org.apache.jspwiki:jspwiki-main

Apache JSPWiki Cross-Site Scripting (XSS) Vulnerability in the Image Plugin

6 days ago

Fix available
Severity - 6.9 (Medium)

GHSA-rrff-chj9-w4c7

Maven/org.apache.jspwiki:jspwiki-main
Maven/org.apache.jspwiki:jspwiki-markdown

Apache JSPWiki Cross-Site Scripting (XSS) Vulnerability via Header Link Rendering

6 days ago

Fix available
Severity - 6.9 (Medium)

GHSA-cx25-xg7c-xfm5

Maven/org.apache.struts:struts-extras

Apache Struts Extras Before 2 has an Improper Output Neutralization for Logs Vulnerability

30 Jul

No fix available
Severity - 6.5 (Medium)

GHSA-27gp-8389-hm4w

Maven/org.keycloak:keycloak-services

Keycloak Privilege Escalation Vulnerability in Admin Console (FGAPv2 Enabled)

30 Jul

Fix available
Severity - 6.5 (Medium)

GHSA-xhpr-465j-7p9q

Maven/org.keycloak:keycloak-services

Keycloak phishing attack via email verification step in first login flow

30 Jul

Fix available
Severity - 5.4 (Medium)

GHSA-j63h-hmgw-x4j7

Maven/org.opencastproject:opencast-common
Maven/org.opencastproject:opencast-ingest-service-impl
Maven/org.opencastproject:opencast-kernel
Maven/org.opencastproject:opencast-publication-service-oaipmh-remote

Opencast still publishes global system account credentials

25 Jul

Fix available
Severity - 6.5 (Medium)