OSV - Open Source Vulnerabilities

GHSA-wpcv-5jgp-69f3

Maven/com.netflix.genie:genie-web

Genie Path Traversal vulnerability via File Uploads

0.20
0.21
0.22
0.23
0.24
1.0.0
1.0.1
...

2024-05-09T21:35:23Z

Fix available

GHSA-fgh3-pwmp-3qw3

Maven/org.apache.inlong:manager-pojo

Apache Inlong Deserialization of Untrusted Data vulnerability

1.10.0
1.11.0
1.7.0
1.8.0
1.9.0

2024-05-08T15:30:42Z

Fix available

GHSA-p343-9qwp-pqxv

Maven/org.neo4j:neo4j-cypher

Neo4j Cypher component mishandles IMMUTABLE privileges

1.4
1.4.1
1.4.2
1.4.M04
1.4.M05
1.4.M06
1.5
...

2024-05-07T18:30:34Z

Fix available

GHSA-64cm-3cj3-67hf

Maven/net.mingsoft:ms-basic

MS Basic Cross-site Scripting vulnerability

1.0.0
1.0.1
1.0.10
1.0.11
1.0.12
1.0.13
1.0.14
...

2024-05-07T18:30:33Z

No fix available

GHSA-2x52-8f29-7cjr

Maven/org.eclipse.edc:connector-core

Eclipse Dataspace Components vulnerable to OAuth2 client secret disclosure

0.2.1
0.3.0
0.3.1
0.4.0
0.4.1
0.5.0
0.5.1
...

2024-05-07T15:30:36Z

Fix available

GHSA-4h8f-2wvx-gg5w

Maven/org.bouncycastle:bcprov-jdk18on
Maven/org.bouncycastle:bcprov-jdk15to18
Maven/org.bouncycastle:bcprov-jdk14
Maven/org.bouncycastle:bcprov-jdk13
Maven/org.bouncycastle:bcprov-jdk12

Bouncy Castle Java Cryptography API vulnerable to DNS poisoning

1.71
1.71.1
1.72
1.73
1.74
1.75
1.76
...

2024-05-03T18:30:37Z

Fix available

GHSA-vpw3-3prf-3974

Maven/org.apache.hive:hive-jdbc

Apache Hive Code Injection vulnerability

4.0.0-alpha-1
4.0.0-alpha-2
4.0.0-beta-1

2024-05-03T09:30:52Z

Fix available

GHSA-2g4q-9vm9-9fw4

Maven/org.jenkins-ci.plugins:script-security

Jenkins Script Security Plugin sandbox bypass vulnerability

1.0
1.0-beta-1
1.0-beta-2
1.0-beta-3
1.0-beta-4
1.0-beta-5
1.0-beta-6
...

2024-05-02T15:30:35Z

Fix available

GHSA-94pr-w968-h923

Maven/org.jenkins-ci.plugins:telegrambot

Jenkins Telegram Bot Plugin stores the Telegram Bot token in plaintext

See details.

2024-05-02T15:30:35Z

No fix available

GHSA-phh3-2p9m-w6j5

Maven/org.jenkins-ci.plugins:partial-release-manager

Jenkins Subversion Partial Release Manager Plugin programmatically disables the fix for CVE-2016-3721

See details.

2024-05-02T15:30:35Z

No fix available

GHSA-v63g-v339-2673

Maven/org.jenkins-ci.plugins:script-security

Jenkins Script Security Plugin has sandbox bypass vulnerability involving crafted constructor bodies

1.0
1.0-beta-1
1.0-beta-2
1.0-beta-3
1.0-beta-4
1.0-beta-5
1.0-beta-6
...

2024-05-02T15:30:35Z

Fix available

GHSA-x7g6-rwhc-g7mj

Maven/org.wildfly:wildfly-domain-http

Wildfly vulnerable to denial of service

8.0.0.Alpha1
8.0.0.Alpha2
8.0.0.Alpha3
8.0.0.Alpha4
8.0.0.Beta1
8.0.0.CR1
8.0.0.Final
...

2024-05-02T15:30:35Z

No fix available

GHSA-xh9c-vcf9-h94m

Maven/org.jenkins-ci.plugins:git-server

Jenkins Git server Plugin does not perform a permission check

1.0
1.1
1.10
1.11
1.2
1.3
1.4
...

2024-05-02T15:30:35Z

Fix available

GHSA-gj5m-m88j-v7c3

Maven/org.apache.activemq:apache-activemq

Apache ActiveMQ's default configuration doesn't secure the API web context

6.0.0
6.0.1
6.1.0
6.1.1

2024-05-02T09:30:48Z

Fix available

GHSA-chfm-68vv-pvw5

Maven/org.xmlunit:xmlunit-core

XMLUnit for Java has Insecure Defaults when Processing XSLT Stylesheets

2.0.0
2.0.0-alpha-02
2.0.0-alpha-03
2.0.0-alpha-04
2.1.0
2.1.1
2.2.0
...

2024-05-01T16:40:01Z

Fix available

GHSA-25w4-hfqg-4r52

Maven/io.quarkus:quarkus-resteasy-reactive-common-deployment
Maven/io.quarkus:quarkus-resteasy-reactive-common

Quarkus: authorization flaw in quarkus resteasy reactive and classic

1.11.0.Beta1
1.11.0.Beta2
1.11.0.CR1
1.11.0.Final
1.11.1.Final
1.11.2.Final
1.11.3.Final
...

2024-04-25T18:30:39Z

Fix available

Vulnerability Library