OSV - Open Source Vulnerabilities

GHSA-4xx7-2cx3-x473

Maven/org.keycloak:keycloak-saml-core

Keycloak SAML signature validation flaw

2 hours ago

Fix available
Severity - 5.3 (Medium)

GHSA-vvf8-2h68-9475

Maven/org.keycloak:keycloak-services

Keycloak Open Redirect vulnerability

2 hours ago

Fix available
Severity - 7.7 (High)

GHSA-735f-pc8j-v9w8

Maven/com.google.protobuf:protobuf-java
Maven/com.google.protobuf:protobuf-javalite
Maven/com.google.protobuf:protobuf-kotlin
Maven/com.google.protobuf:protobuf-kotlin-lite
RubyGems/google-protobuf

protobuf-java has potential Denial of Service issue

5 hours ago

Fix available
Severity - 8.7 (High)

GHSA-68j8-fp38-p48q

Maven/de.gematik.refv.commons:commons

Gematik Referenzvalidator has an XXE vulnerability that can lead to a Server Side Request Forgery attack

6 hours ago

Fix available
Severity - 7.8 (High)

GHSA-c459-2m73-67hj

Maven/com.alipay.sofa:hessian

SOFA Hessian Remote Command Execution (RCE) Vulnerability

6 hours ago

Fix available
Severity - 8.1 (High)

GHSA-pg4m-3gp6-hw4w

Maven/org.xwiki.platform:xwiki-platform-notifications-ui

org.xwiki.platform:xwiki-platform-notifications-ui leaks data of notification filters of users

yesterday

Fix available
Severity - 6.9 (Medium)

GHSA-r95w-889q-x2gx

Maven/org.xwiki.platform:xwiki-platform-notifications-ui

org.xwiki.platform:xwiki-platform-notifications-ui is missing checks for notification filter preferences editions

yesterday

Fix available
Severity - 7.1 (High)

GHSA-gc7q-jgjv-vjr2

Maven/org.keycloak:keycloak-services

Keycloak Services has a potential bypass of brute force protection

yesterday

Fix available
Severity - 6.9 (Medium)

GHSA-jh66-3545-vpm7

Maven/org.apache.druid:druid

Apache Druid: Users can provide MySQL JDBC properties not on allow list

yesterday

Fix available
Severity - 2.3 (Low)

GHSA-p72w-r6fv-6g5h

Maven/org.apache.druid.extensions:druid-pac4j

druid-pac4j, Apache Druid extension, has Padding Oracle vulnerability

yesterday

Fix available
Severity - 1.7 (Low)

GHSA-2gh6-wc3m-g37f

Maven/pl.allegro.tech.hermes:hermes-management

hermes-management is vulnerable to RCE due to Apache commons-jxpath

2 days ago

Fix available
Severity - 9.3 (Critical)

GHSA-3xq2-w6j4-c99r

Maven/org.apache.seata:seata-core

Apache Seata Deserialization of Untrusted Data vulnerability

3 days ago

Fix available
Severity - 9.2 (Critical)

GHSA-46hr-3cq3-mcgp

Maven/org.opendaylight.aaa:aaa-artifacts

OpenDaylight Authentication, Authorization and Accounting (AAA) peer impersonation vulnerability

3 days ago

No fix available
Severity - 5.3 (Medium)

GHSA-hv38-h5pj-c96j

Maven/org.opendaylight.mdsal:mdsal-artifacts

OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) allows follower controller to set up flow entries

3 days ago

No fix available
Severity - 7.1 (High)

GHSA-cx7f-g6mp-7hqm

Maven/org.springframework:spring-webmvc

Path traversal vulnerability in functional web frameworks

6 days ago

Fix available
Severity - 7.5 (High)

GHSA-7gq2-vwq9-w8vw

Maven/org.glassfish.main.web:web-core

Eclipse Glassfish URL redirection vulnerability

11 Sep

Fix available
Severity - 5.3 (Medium)