Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
BIT-parse-2026-39381
  • Bitnami/parse
 Parse Server's Endpoint `/sessions/me` bypasses `_Session` `protectedFields` 17 hours ago
  • Fix available
  • Severity - 5.3 (Medium)
BIT-parse-2026-39321
  • Bitnami/parse
 Parse Server has a login timing side-channel reveals user existence 17 hours ago
  • Fix available
  • Severity - 6.3 (Medium)
BIT-cosign-2026-39395
  • Bitnami/cosign
 Cosign's verify-blob-attestation reports false positive when payload parsing fails 23 hours ago
  • Fix available
  • Severity - 4.3 (Medium)
BIT-activemq-2026-34197
  • Bitnami/activemq
 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans 23 hours ago
  • Fix available
  • Severity - 8.8 (High)
BIT-activemq-2026-33227
  • Bitnami/activemq
 Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ: Improper Limitation of a Pathname to a Restricted Classpath Directory 23 hours ago
  • Fix available
  • Severity - 4.3 (Medium)
BIT-cassandra-2026-27315
  • Bitnami/cassandra
 Apache Cassandra: cqlsh history sensitive information leak 23 hours ago
  • Fix available
BIT-parse-2026-35200
  • Bitnami/parse
 Parse Server has a file upload Content-Type override via extension mismatch yesterday
  • Fix available
  • Severity - 2.1 (Low)
BIT-discourse-2026-34947
  • Bitnami/discourse
 Discourse: Staged user custom fields are exposed on public invite pages yesterday
  • Fix available
  • Severity - 2.7 (Low)
BIT-discourse-2026-27481
  • Bitnami/discourse
 Discourse: Hidden tag visibility bypass on tag routes yesterday
  • Fix available
  • Severity - 6.3 (Medium)
BIT-jupyterhub-2026-33709
  • Bitnami/jupyterhub
 JupyterHub has an Open Redirect Vulnerability yesterday
  • Fix available
  • Severity - 5.1 (Medium)
BIT-discourse-2026-33415
  • Bitnami/discourse
 Discourse: Improper Access Control in discourse-ai Allows Unauthorized Category Content Exposure 2 days ago
  • Fix available
  • Severity - 5.1 (Medium)
BIT-discourse-2026-33300
  • Bitnami/discourse
 Discourse: Hidden group names and access metadata are exposed to moderators through the `category-chatables` endpoint 2 days ago
  • Fix available
  • Severity - 5.3 (Medium)
BIT-discourse-2026-33185
  • Bitnami/discourse
 Discourse: Group SMTP test endpoint susceptible to SSRF 2 days ago
  • Fix available
  • Severity - 5.3 (Medium)
BIT-discourse-2026-33074
  • Bitnami/discourse
 Discourse: Vulnerability in discourse-subscriptions plugin allowing users to self-grant to higher tier subscriptions 2 days ago
  • Fix available
  • Severity - 6.3 (Medium)
BIT-discourse-2026-33073
  • Bitnami/discourse
 discourse-subscriptions plugin leaking stripe API key in multisite environment 2 days ago
  • Fix available
  • Severity - 2.0 (Low)
BIT-discourse-2026-32951
  • Bitnami/discourse
 Discourse: Authorization bypass in oneboxer via user-controlled category id 2 days ago
  • Fix available
  • Severity - 4.3 (Medium)
Load more...