Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-4q2v-9p7v-3v22
  • Maven/io.projectreactor.netty:reactor-netty-http
 Reactor Netty HTTP is vulnerable to credential leaks during chained redirects yesterday
  • Fix available
  • Severity - 6.1 (Medium)
GHSA-vhvx-8xgc-99wf
  • Maven/org.dspace:dspace-api
 DSpace is vulnerable to Path Traversal attacks when importing packages using Simple Archive Format 2 days ago
  • Fix available
  • Severity - 5.2 (Medium)
GHSA-jjwr-5cfh-7xwh
  • Maven/org.dspace:dspace-api
 DSpace is vulnerable to XML External Entity injection during archive imports 2 days ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-36wv-v2qp-v4g4
  • Maven/org.apache.cxf:cxf-core
 Apache CXF is vulnerable to DoS attacks as entire files are read into memory and logged 2 days ago
  • Fix available
  • Severity - 5.6 (Medium)
GHSA-32mf-57h2-64x9
  • Maven/org.xwiki.rendering:xwiki-rendering-transformation-macro
 XWiki Rendering is vulnerable to RCE attacks when processing nested macros 3 days ago
  • Fix available
  • Severity - 9.9 (Critical)
GHSA-w3wh-g4m9-783p
  • Maven/org.xwiki.rendering:xwiki-rendering-syntax-xhtml
 XWiki Rendering is vulnerable to XSS attacks through insecure XHTML syntax 3 days ago
  • Fix available
  • Severity - 9.0 (Critical)
GHSA-44c3-38h8-9fh9
  • Maven/org.apache.jackrabbit:jackrabbit-spi-commons
  • Maven/org.apache.jackrabbit:jackrabbit-core
 Apache Jackrabbit vulnerable to blind XXE attack due to insecure document build 3 days ago
  • Fix available
  • Severity - 8.8 (High)
GHSA-7pgf-ppxw-8624
  • Maven/org.apache.zeppelin:zeppelin-interpreter
  • Maven/org.apache.zeppelin:zeppelin-server
 Apache Zeppelin exposes server resources to unauthenticated attackers 5 days ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-j288-q9x7-2f5v
  • Maven/org.apache.commons:commons-lang3
  • Maven/commons-lang:commons-lang
 Apache Commons Lang is vulnerable to Uncontrolled Recursion when processing long inputs 6 days ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-xwmg-2g98-w7v9
  • Maven/com.nimbusds:nimbus-jose-jwt
 Nimbus JOSE + JWT is vulnerable to DoS attacks when processing deeply nested JSON 11 Jul
  • Fix available
  • Severity - 5.8 (Medium)
GHSA-25xr-qj8w-c4vf
  • Maven/org.apache.tomcat:tomcat-coyote
 Apache Tomcat Coyote vulnerable to Denial of Service via excessive HTTP/2 streams 10 Jul
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-4j3c-42xv-3f84
  • Maven/org.apache.tomcat:tomcat-util
 Apache Tomcat Utilities is vulnerable to resource exhaustion when using the APR/Native connector 10 Jul
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-wr62-c79q-cv37
  • Maven/org.apache.tomcat:tomcat-catalina
 Apache Tomcat Catalina is vulnerable to DoS attack through bypassing of size limits 10 Jul
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-gj52-35xm-gxjh
  • Maven/org.keycloak:keycloak-services
 Keycloak vulnerable to phishing attacks through its Review Profile section 10 Jul
  • Fix available
  • Severity - 5.4 (Medium)
GHSA-23j7-px3w-jwp2
  • Maven/io.jenkins.plugins:xooa
 Jenkins Xooa Plugin vulnerability does not mask its Xooa Deployment Token 09 Jul
  • No fix available
  • Severity - 4.3 (Medium)
GHSA-2g8w-9933-36vr
  • Maven/org.jenkins-ci.plugins:warrior
 Jenkins Warrior Framework Plugin vulnerability exposes unencrypted passwords to certain authenticated users 09 Jul
  • No fix available
  • Severity - 4.3 (Medium)
Load more...