Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-8c52-x9w7-vc95
  • Maven/com.xwiki.pro:xwiki-pro-macros-ui
 XWiki view file macro: User can view content of office file without view rights on the attachment 12 hours ago
  • Fix available
  • Severity - 6.8 (Medium)
GHSA-v7r8-8p5c-h4xw
  • Maven/com.xwiki.admintools:application-admintools
 XWiki AdminTools application doesn't set permissions on the AdminTools space 13 hours ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-cg6m-9276-qpjj
  • Maven/io.github.wwwlike:vlife-base
 vlife-base has Path Traversal vulnerability 2 days ago
  • No fix available
  • Severity - 5.5 (Medium)
GHSA-gwwr-j923-vq7r
  • Maven/lsfusion.platform:web-client
 lsFusion Platform has Path Traversal vulnerability 2 days ago
  • No fix available
  • Severity - 5.5 (Medium)
GHSA-5jpg-2rj5-964c
  • Maven/lsfusion.platform:web-client
 lsFusion Platform has Path Traversal vulnerability 2 days ago
  • No fix available
  • Severity - 5.5 (Medium)
GHSA-7xw4-g7mm-r4hh
  • Maven/software.amazon.jdbc:aws-advanced-jdbc-wrapper
 Amazon Web Services Advanced JDBC Wrapper: Privilege Escalation in Aurora PostgreSQL instance 5 days ago
  • Fix available
  • Severity - 8.0 (High)
GHSA-7m9g-pmxf-m9m8
  • Maven/org.keycloak:keycloak-quarkus-server
 Keycloak allows Binding to an Unrestricted IP Address 5 days ago
  • No fix available
  • Severity - 6.8 (Medium)
GHSA-39hr-239p-fhqc
  • Maven/org.openidentityplatform.openam:openam-oauth2
 OpenAM: Using arbitrary OIDC requested claims values in id_token and user_info is allowed 6 days ago
  • Fix available
  • Severity - 8.1 (High)
GHSA-6fhj-vr9j-g45r
  • Maven/org.cyclonedx:cyclonedx-core-java
 CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection 10 Nov
  • Fix available
  • Severity - 7.5 (High)
GHSA-fvfq-q238-j7j3
  • Maven/org.wso2.carbon.mediation:org.wso2.carbon.localentry
 WSO2 Carbon Mediation vulnerable to XML External Entity (XXE) attacks 05 Nov
  • No fix available
  • Severity - 6.5 (Medium)
GHSA-j2pc-v64r-mv4f
  • Maven/io.github.ascopes:protobuf-maven-plugin
 Protobuf Maven Plugin protocDigest is ignored when using protoc from PATH 04 Nov
  • Fix available
  • Severity - 1.0 (Low)
GHSA-xf7m-v66q-76w8
  • Maven/com.liferay:com.liferay.blogs.item.selector.web
 Liferay Portal and DXP do not check permissions of images in a blog entry 01 Nov
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-6533-fhr2-f38h
  • Maven/com.liferay:com.liferay.adaptive.media.web
  • Maven/com.liferay.portal:com.liferay.portal.impl
 Liferay Portal and DXP use an incorrect cache-control header 01 Nov
  • Fix available
  • Severity - 4.6 (Medium)
GHSA-q285-wfpg-93hr
  • Maven/com.liferay:com.liferay.dynamic.data.mapping.item.selector.web
 Liferay Portal and DXP affected by multiple cross-site scripting (XSS) vulnerabilities in web content template’s select structure page 31 Oct
  • Fix available
  • Severity - 4.6 (Medium)
GHSA-2j97-4jmq-c4xf
  • Maven/com.liferay.portal:release.portal.bom
 Liferay Portal Vulnerable to Reflected XSS via the selectedLanguageId Parameter 31 Oct
  • Fix available
  • Severity - 5.1 (Medium)
GHSA-56jv-4ww3-65mw
  • Maven/com.liferay.portal:release.portal.bom
 Liferay Portal is vulnerable to XSS in the Blogs widget 30 Oct
  • Fix available
  • Severity - 4.8 (Medium)
Load more...