OSV - Open Source Vulnerabilities

GHSA-4h8f-2wvx-gg5w

Maven/org.bouncycastle:bcprov-jdk18on
Maven/org.bouncycastle:bcprov-jdk15to18
Maven/org.bouncycastle:bcprov-jdk14
Maven/org.bouncycastle:bcprov-jdk13
Maven/org.bouncycastle:bcprov-jdk12

Bouncy Castle Java Cryptography API vulnerable to DNS poisoning

1.71
1.71.1
1.72
1.73
1.74
1.75
1.76
...

2024-05-03T18:30:37Z

Fix available

GHSA-vpw3-3prf-3974

Maven/org.apache.hive:hive-jdbc

Apache Hive Code Injection vulnerability

4.0.0-alpha-1
4.0.0-alpha-2
4.0.0-beta-1

2024-05-03T09:30:52Z

Fix available

GHSA-2g4q-9vm9-9fw4

Maven/org.jenkins-ci.plugins:script-security

Jenkins Script Security Plugin sandbox bypass vulnerability

1.0
1.0-beta-1
1.0-beta-2
1.0-beta-3
1.0-beta-4
1.0-beta-5
1.0-beta-6
...

2024-05-02T15:30:35Z

Fix available

GHSA-94pr-w968-h923

Maven/org.jenkins-ci.plugins:telegrambot

Jenkins Telegram Bot Plugin stores the Telegram Bot token in plaintext

See details.

2024-05-02T15:30:35Z

No fix available

GHSA-phh3-2p9m-w6j5

Maven/org.jenkins-ci.plugins:partial-release-manager

Jenkins Subversion Partial Release Manager Plugin programmatically disables the fix for CVE-2016-3721

See details.

2024-05-02T15:30:35Z

No fix available

GHSA-v63g-v339-2673

Maven/org.jenkins-ci.plugins:script-security

Jenkins Script Security Plugin has sandbox bypass vulnerability involving crafted constructor bodies

1.0
1.0-beta-1
1.0-beta-2
1.0-beta-3
1.0-beta-4
1.0-beta-5
1.0-beta-6
...

2024-05-02T15:30:35Z

Fix available

GHSA-x7g6-rwhc-g7mj

Maven/org.wildfly:wildfly-domain-http

Wildfly vulnerable to denial of service

8.0.0.Alpha1
8.0.0.Alpha2
8.0.0.Alpha3
8.0.0.Alpha4
8.0.0.Beta1
8.0.0.CR1
8.0.0.Final
...

2024-05-02T15:30:35Z

No fix available

GHSA-xh9c-vcf9-h94m

Maven/org.jenkins-ci.plugins:git-server

Jenkins Git server Plugin does not perform a permission check

1.0
1.1
1.10
1.11
1.2
1.3
1.4
...

2024-05-02T15:30:35Z

Fix available

GHSA-gj5m-m88j-v7c3

Maven/org.apache.activemq:apache-activemq

Apache ActiveMQ's default configuration doesn't secure the API web context

6.0.0
6.0.1
6.1.0
6.1.1

2024-05-02T09:30:48Z

Fix available

GHSA-chfm-68vv-pvw5

Maven/org.xmlunit:xmlunit-core

XMLUnit for Java has Insecure Defaults when Processing XSLT Stylesheets

2.0.0
2.0.0-alpha-02
2.0.0-alpha-03
2.0.0-alpha-04
2.1.0
2.1.1
2.2.0
...

2024-05-01T16:40:01Z

Fix available

GHSA-25w4-hfqg-4r52

Maven/io.quarkus:quarkus-resteasy-reactive-common-deployment
Maven/io.quarkus:quarkus-resteasy-reactive-common

Quarkus: authorization flaw in quarkus resteasy reactive and classic

1.11.0.Beta1
1.11.0.Beta2
1.11.0.CR1
1.11.0.Final
1.11.1.Final
1.11.2.Final
1.11.3.Final
...

2024-04-25T18:30:39Z

Fix available

GHSA-9wmf-xf3h-r8pr

Maven/org.jberet:jberet-core

Jberet: jberet-core logging database credentials

1.0.0.Alpha1
1.0.0.Alpha2
1.0.0.Alpha3
1.0.0.Alpha4
1.0.0.Beta1
1.0.0.Beta2
1.0.0.CR1
...

2024-04-25T18:30:39Z

Fix available

GHSA-mv64-86g8-cqq7

Maven/io.quarkus.resteasy.reactive:resteasy-reactive

Quarkus: security checks in resteasy reactive may trigger a denial of service

3.8.0.CR1
3.3.0
3.3.0.CR1
3.3.1
3.3.2
3.3.3
3.4.0
...

2024-04-25T18:30:39Z

Fix available

GHSA-5xv3-fm7g-865r

Maven/org.open-metadata:openmetadata-service

OpenMetadata vulnerable to a SpEL Injection in `GET /api/v1/policies/validation/condition/<expr>` (`GHSL-2023-236`)

0.12.1
0.12.1.preview
0.12.2
0.12.2-REPUBLISHED
0.13.1
0.13.2
0.13.2-beta
...

2024-04-24T17:06:02Z

Fix available

GHSA-8p5r-6mvv-2435

Maven/org.open-metadata:openmetadata-service

OpenMetadata vulnerable to a SpEL Injection in `PUT /api/v1/events/subscriptions` (`GHSL-2023-251`)

0.12.1
0.12.1.preview
0.12.2
0.12.2-REPUBLISHED
0.13.1
0.13.2
0.13.2-beta
...

2024-04-24T17:06:00Z

Fix available

GHSA-7vf4-x5m2-r6gr

Maven/org.open-metadata:openmetadata-service

OpenMetadata vulnerable to SpEL Injection in `PUT /api/v1/policies` (`GHSL-2023-252`)

0.12.1
0.12.1.preview
0.12.2
0.12.2-REPUBLISHED
0.13.1
0.13.2
0.13.2-beta
...

2024-04-23T21:11:23Z

Fix available

Vulnerability Library