OSV - Open Source Vulnerabilities

GHSA-qhp6-6p8p-2rqh

Maven/org.wildfly.core:wildfly-elytron-integration

Wildfly Elytron integration susceptible to brute force attacks via CLI

4 days ago

Fix available
Severity - 8.1 (High)

GHSA-rp46-r563-jrc7

Maven/org.apache.avro:avro

Apache Avro Java SDK is Vulnerable to Code Injection

4 days ago

Fix available
Severity - 6.9 (Medium)

GHSA-74rh-c5rh-88vg

Maven/org.xwiki.platform:xwiki-platform-web

XWiki vulnerable to click-jacking through CSS injection in comments

5 days ago

Fix available
Severity - 5.3 (Medium)

GHSA-pqqf-7hxm-rj5r

Maven/org.open-metadata:openmetadata-sdk

Leaky JWTs in OpenMetadata exposing highly-privileged bot users

6 days ago

Fix available
Severity - 7.6 (High)

GHSA-c4qc-4q9p-m9q9

Maven/org.apache.shiro:shiro-core

Apache Shiro Affected by an Observable Timing Discrepancy Vulnerability

10 Feb

Fix available
Severity - 1.0 (Low)

GHSA-gv3v-2cpp-3pmq

Maven/org.keycloak:keycloak-quarkus-server

Keycloak logs sensitive headers

10 Feb

Fix available
Severity - 5.0 (Medium)

GHSA-q672-hfc7-g833

Maven/org.apache.druid.extensions:druid-basic-security

Apache Druid Vulnerable to Authentication Bypass

10 Feb

Fix available
Severity - 9.3 (Critical)

GHSA-37gf-gmxv-74wv

Maven/org.keycloak:keycloak-services

Keycloak fails to verify if an Identity Provider (IdP) is enabled before issuing tokens

09 Feb

Fix available
Severity - 8.8 (High)

GHSA-fm6w-rrp3-2x4w

Maven/org.keycloak:keycloak-services

Keycloak Affected by Broken Access Control Vulnerability in the UserManagedPermissionService

09 Feb

Fix available
Severity - 5.4 (Medium)

GHSA-hcvw-475w-8g7p

Maven/org.keycloak:keycloak-services

Keycloak affected by improper invitation token validation

09 Feb

Fix available
Severity - 8.1 (High)

GHSA-c244-p6m5-vqj6

Maven/org.apache.shiro:shiro-spring

Apache Shiro has an Authentication Bypass

09 Feb

Fix available
Severity - 5.3 (Medium)

GHSA-xr72-g735-4vwp

Maven/org.neo4j:neo4j

Neo4j Enterprise and Community editions have insufficient escaping of unicode characters in query log

06 Feb

Fix available
Severity - 1.1 (Low)

GHSA-4j3g-rwwq-4p54

Maven/org.neo4j:neo4j

Neo4j Enterprise and Community vulnerable to a potential information disclosure

04 Feb

Fix available
Severity - 4.8 (Medium)

GHSA-73f3-rqqf-2j54

Maven/org.apache.syncope.client.idrepo:syncope-client-idrepo-console

Apache Syncope: Console XXE on Keymaster parameters

03 Feb

Fix available
Severity - 4.9 (Medium)

GHSA-v84m-gfw5-hm2w

Maven/org.apache.syncope.client.idrepo:syncope-client-idrepo-common-ui

Apache Syncope: Reflected XSS on Enduser Login

03 Feb

Fix available
Severity - 6.8 (Medium)

GHSA-gjx9-j8f8-7j74

Maven/com.hubspot.jinjava:jinjava

JinJava Bypass through ForTag leads to Arbitrary Java Execution

03 Feb

Fix available
Severity - 9.8 (Critical)