Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-524g-x36v-9wm6
  • Maven/org.yamcs:yamcs-core
 Yamcs Vulnerable to Server-Side Code Injection (RCE) via Janino Expression Engine in `JavaExprAlgorithmExecutionFactory` 20 hours ago
  • Fix available
  • Severity - 9.1 (Critical)
GHSA-w5r6-mcgq-7pq4
  • Maven/org.yamcs:yamcs-core
 Yamcs has No Rate Limiting on Authentication Endpoint 20 hours ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-p2rj-mrmc-9w29
  • Maven/org.yamcs:yamcs-core
 Yamcs vulnerable to unauthorized user enumeration via IAM API endpoints 20 hours ago
  • Fix available
  • Severity - 4.3 (Medium)
GHSA-cqh3-jg8p-336j
  • Maven/org.yamcs:yamcs-core
 Yamcs Vulnerable to LDAP Injection in LdapAuthModule 20 hours ago
  • Fix available
  • Severity - 4.3 (Medium)
GHSA-f659-372h-6x3x
  • Maven/io.netty.incubator:netty-incubator-codec-ohttp
 netty-incubator-codec-ohttp's HPKEContext operations may produce empty byte[] on failures 21 hours ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-rh28-mqj4-8x59
  • Maven/org.xwiki.platform:xwiki-platform-livetable-ui
 XWiki Platform's Livetable results still allow reconstructing password hashes using 768 requests yesterday
  • Fix available
  • Severity - 7.5 (High)
GHSA-vgwr-23fq-pr7g
  • Maven/org.xwiki.platform:xwiki-platform-webjars-api
 XWiki Platform vulnerable to potential arbitrary file writing using path traversal from (subwiki) admin yesterday
  • Fix available
  • Severity - 5.9 (Medium)
GHSA-qrvh-r3f2-9h4r
  • Maven/org.xwiki.platform:xwiki-platform-rest-server
 XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName} yesterday
  • Fix available
  • Severity - 9.3 (Critical)
GHSA-xq3r-2qv5-vqqm
  • Maven/org.xwiki.commons:xwiki-commons-classloader-api
 XWiki Platform has path traversal via resources parameter in ssx and jsx endpoints when using leading slash yesterday
  • Fix available
  • Severity - 9.3 (Critical)
GHSA-9vmh-whc4-7phg
  • Maven/org.open-metadata:openmetadata-service
 OpenMetadata: TEST_CONNECTION workflow leaks ingestion-bot JWT and database password to regular users 6 days ago
  • Fix available
  • Severity - 8.3 (High)
GHSA-7xpr-hc2w-34m9
  • Maven/com.squareup.wire:wire-runtime
  • Maven/com.squareup.wire:wire-runtime-jvm
 Wire: skipGroup() missing negative-length check allows 10-byte payload to crash any Wire-decoding service 19 May
  • Fix available
  • Severity - 7.5 (High)
GHSA-xm96-gfjx-jcrc
  • Maven/land.oras:oras-java-sdk
 ORAS Java: Path traversal in pullArtifact via attacker-controlled org.opencontainers.image.title annotation 19 May
  • Fix available
  • Severity - 8.1 (High)
GHSA-wg5x-3g47-v38r
  • Maven/org.hyperledger.fabric-chaincode-java:fabric-chaincode-shim
 fabric-chaincode-java: TLS Private Key Password Disclosed in INFO Startup Logs in Chaincode-as-a-Service Mode 19 May
  • Fix available
  • Severity - 5.5 (Medium)
GHSA-3653-68v6-rq57
  • Maven/ca.uhn.hapi.fhir:org.hl7.fhir.dstu2
  • Maven/ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may
  • Maven/ca.uhn.hapi.fhir:org.hl7.fhir.dstu3
  • Maven/ca.uhn.hapi.fhir:org.hl7.fhir.r4
  • Maven/ca.uhn.hapi.fhir:org.hl7.fhir.r4b
  • ... 3 more
 HAPI FHIR: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint 18 May
  • Fix available
  • Severity - 7.5 (High)
GHSA-fmxf-pm6p-7xgm
  • Maven/org.asynchttpclient:async-http-client
 async-http-client: Cookie header not stripped on cross-origin redirect 18 May
  • Fix available
  • Severity - 7.4 (High)
GHSA-qjp4-4jvr-xqg3
  • Maven/org.springaicommunity:mcp-client-security
 Spring AI MCP Security: Unvalidated URL Fetching (SSRF) 18 May
  • Fix available
  • Severity - 7.2 (High)
Load more...