OSV - Open Source Vulnerabilities

GHSA-76v2-48w6-crxr

Maven/org.bonitasoft.engine:bonita-server

Bonitasoft Runtime Community edition's contains an insecure direct object references vulnerability

6.1.0
6.1.1
6.1.2
6.2.0
6.2.1
6.2.2
6.2.3
...

2024-05-15T18:30:35Z

Fix available

GHSA-x3wm-hffr-chwm

Maven/com.amazon.redshift:redshift-jdbc42

Amazon JDBC Driver for Redshift SQL Injection via line comment generation

2.0.0.3
2.0.0.4
2.0.0.5
2.0.0.6
2.0.0.7
2.1.0.1
2.1.0.10
...

2024-05-15T17:10:49Z

Fix available

GHSA-g95v-3pj6-j433

Maven/io.antmedia:ant-media-server

Ant Media Server does not properly authorize non-administrative API calls

1.2.0
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.3.0
...

2024-05-14T18:30:52Z

No fix available

GHSA-338x-hfx8-vx9x

Maven/org.apache.karaf:cave

Apache Karaf Cave: Cave SSRF and arbitrary file access

2.3.0
3.0.0
4.0.0
4.1.0
4.1.1
4.1.2

2024-05-14T18:30:50Z

No fix available

GHSA-8xfc-gm6g-vgpv

Maven/org.bouncycastle:bcprov-jdk18on
Maven/org.bouncycastle:bcprov-jdk15on
Maven/org.bouncycastle:bcprov-jdk15to18
Maven/org.bouncycastle:bcprov-jdk14
Maven/org.bouncycastle:bctls-jdk18on
Maven/org.bouncycastle:bctls-jdk14
Maven/org.bouncycastle:bctls-jdk15to18
Maven/org.bouncycastle:bcpkix-jdk18on
Maven/org.bouncycastle:bcpkix-jdk15to18
Maven/org.bouncycastle:bcpkix-jdk14
Maven/org.bouncycastle:bc-fips
NuGet/BouncyCastle
NuGet/BouncyCastle.Cryptography

Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.

1.71
1.71.1
1.72
1.73
1.74
1.75
1.76
...

2024-05-14T15:32:54Z

Fix available

GHSA-m44j-cfrm-g8qc

Maven/org.bouncycastle:bcprov-jdk18on
Maven/org.bouncycastle:bcprov-jdk15on
Maven/org.bouncycastle:bcprov-jdk15to18
Maven/org.bouncycastle:bcprov-jdk14
Maven/org.bouncycastle:bctls-jdk18on
Maven/org.bouncycastle:bctls-jdk14
Maven/org.bouncycastle:bctls-jdk15to18
Maven/org.bouncycastle:bcpkix-jdk18on
Maven/org.bouncycastle:bcpkix-jdk15to18
Maven/org.bouncycastle:bcpkix-jdk14
NuGet/BouncyCastle
NuGet/BouncyCastle.Cryptography

Bouncy Castle crafted signature and public key can be used to trigger an infinite loop

1.71
1.71.1
1.72
1.73
1.74
1.75
1.76
...

2024-05-14T15:32:54Z

Fix available

GHSA-v435-xc8x-wvr9

Maven/org.bouncycastle:bctls-fips
Maven/org.bouncycastle:bcprov-jdk18on
Maven/org.bouncycastle:bcprov-jdk15on
Maven/org.bouncycastle:bcprov-jdk15to18
Maven/org.bouncycastle:bcprov-jdk14
Maven/org.bouncycastle:bctls-jdk18on
Maven/org.bouncycastle:bctls-jdk14
Maven/org.bouncycastle:bctls-jdk15to18
NuGet/BouncyCastle
NuGet/BouncyCastle.Cryptography
Maven/org.bouncycastle:bcpkix-jdk18on
Maven/org.bouncycastle:bcpkix-jdk15to18
Maven/org.bouncycastle:bcpkix-jdk14

Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")

1.0.0
1.0.1
1.0.10
1.0.10.1
1.0.10.2
1.0.10.3
1.0.11
...

2024-05-14T15:32:54Z

Fix available

GHSA-wpcv-5jgp-69f3

Maven/com.netflix.genie:genie-web

Genie Path Traversal vulnerability via File Uploads

0.20
0.21
0.22
0.23
0.24
1.0.0
1.0.1
...

2024-05-09T21:35:23Z

Fix available

GHSA-fgh3-pwmp-3qw3

Maven/org.apache.inlong:manager-pojo

Apache Inlong Deserialization of Untrusted Data vulnerability

1.10.0
1.11.0
1.7.0
1.8.0
1.9.0

2024-05-08T15:30:42Z

Fix available

GHSA-p343-9qwp-pqxv

Maven/org.neo4j:neo4j-cypher

Neo4j Cypher component mishandles IMMUTABLE privileges

1.4
1.4.1
1.4.2
1.4.M04
1.4.M05
1.4.M06
1.5
...

2024-05-07T18:30:34Z

Fix available

GHSA-64cm-3cj3-67hf

Maven/net.mingsoft:ms-basic

MS Basic Cross-site Scripting vulnerability

1.0.0
1.0.1
1.0.10
1.0.11
1.0.12
1.0.13
1.0.14
...

2024-05-07T18:30:33Z

No fix available

GHSA-2x52-8f29-7cjr

Maven/org.eclipse.edc:connector-core

Eclipse Dataspace Components vulnerable to OAuth2 client secret disclosure

0.2.1
0.3.0
0.3.1
0.4.0
0.4.1
0.5.0
0.5.1
...

2024-05-07T15:30:36Z

Fix available

GHSA-4h8f-2wvx-gg5w

Maven/org.bouncycastle:bcprov-jdk18on
Maven/org.bouncycastle:bcprov-jdk15to18
Maven/org.bouncycastle:bcprov-jdk14
Maven/org.bouncycastle:bcprov-jdk13
Maven/org.bouncycastle:bcprov-jdk12

Bouncy Castle Java Cryptography API vulnerable to DNS poisoning

1.71
1.71.1
1.72
1.73
1.74
1.75
1.76
...

2024-05-03T18:30:37Z

Fix available

GHSA-vpw3-3prf-3974

Maven/org.apache.hive:hive-jdbc

Apache Hive Code Injection vulnerability

4.0.0-alpha-1
4.0.0-alpha-2
4.0.0-beta-1

2024-05-03T09:30:52Z

Fix available

GHSA-2g4q-9vm9-9fw4

Maven/org.jenkins-ci.plugins:script-security

Jenkins Script Security Plugin sandbox bypass vulnerability

1.0
1.0-beta-1
1.0-beta-2
1.0-beta-3
1.0-beta-4
1.0-beta-5
1.0-beta-6
...

2024-05-02T15:30:35Z

Fix available

GHSA-94pr-w968-h923

Maven/org.jenkins-ci.plugins:telegrambot

Jenkins Telegram Bot Plugin stores the Telegram Bot token in plaintext

See details.

2024-05-02T15:30:35Z

No fix available

Vulnerability Library