Vulnerability Database
Blog
FAQ
Vulnerability Library
search
All ecosystems
66750
AlmaLinux
2297
Alpine
3242
Android
773
CRAN
3
crates.io
1198
Debian
9431
GitHub Actions
11
Go
1626
Hackage
14
Hex
23
Linux
13573
Maven
3938
npm
12309
NuGet
510
OSS-Fuzz
2962
Packagist
2221
Pub
6
PyPI
10911
Rocky Linux
980
RubyGems
722
ID
Packages
Summary
Affected versions
Published
Fix
GHSA-262f-77q5-rqv6
Maven/com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer
Jenkins Build Failure Analyzer Plugin Cross-site Scripting vulnerability
1.10.0
1.10.2
1.10.3
1.11.0
1.12.0
1.12.1
1.13.0
...
2023-09-20T18:30:21Z
Fix available
GHSA-279f-qwgh-h5mp
Maven/org.jenkins-ci.main:jenkins-core
Maven/org.jenkins-ci.main:jenkins-core
Jenkins does not exclude sensitive build variables from search
2.100
2.101
2.102
2.103
2.104
2.105
2.106
...
2023-09-20T18:30:21Z
Fix available
GHSA-2wwh-qgh8-w9xw
Maven/com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer
Jenkins Build Failure Analyzer Plugin Cross-Site Request Forgery vulnerability
1.10.0
1.10.2
1.10.3
1.11.0
1.12.0
1.12.1
1.13.0
...
2023-09-20T18:30:21Z
Fix available
GHSA-55q6-r3hm-7ff4
Maven/com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer
Jenkins Build Failure Analyzer Plugin missing permission check
1.10.0
1.10.2
1.10.3
1.11.0
1.12.0
1.12.1
1.13.0
...
2023-09-20T18:30:21Z
Fix available
GHSA-55wp-3pq4-w8p9
Maven/org.jenkins-ci.main:jenkins-core
Maven/org.jenkins-ci.main:jenkins-core
Jenkins temporary plugin file created with insecure permissions
2.100
2.101
2.102
2.103
2.104
2.105
2.106
...
2023-09-20T18:30:21Z
Fix available
GHSA-58rq-69jp-xc23
Maven/com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer
Jenkins Build Failure Analyzer Plugin Cross-Site Request Forgery vulnerability
1.10.0
1.10.2
1.10.3
1.11.0
1.12.0
1.12.1
1.13.0
...
2023-09-20T18:30:21Z
Fix available
GHSA-5j46-5hwq-gwh7
Maven/org.jenkins-ci.main:jenkins-core
Maven/org.jenkins-ci.main:jenkins-core
Jenkins Cross-site Scripting vulnerability
2.100
2.101
2.102
2.103
2.104
2.105
2.106
...
2023-09-20T18:30:21Z
Fix available
GHSA-hq87-h4jg-vxfw
Maven/org.jenkins-ci.main:jenkins-core
Maven/org.jenkins-ci.main:jenkins-core
Jenkins temporary uploaded file created with insecure permissions
2.100
2.101
2.102
2.103
2.104
2.105
2.106
...
2023-09-20T18:30:21Z
Fix available
GHSA-qv64-w99c-qcr9
Maven/org.jenkins-ci.main:jenkins-core
Maven/org.jenkins-ci.main:jenkins-core
Jenkins temporary uploaded file created with insecure permissions
2.100
2.101
2.102
2.103
2.104
2.105
2.106
...
2023-09-20T18:30:21Z
Fix available
GHSA-4f4r-wgv2-jjvg
Maven/io.quarkus:quarkus-vertx-http
Maven/io.quarkus:quarkus-vertx-http
Maven/io.quarkus:quarkus-vertx-http
Maven/io.quarkus:quarkus-undertow
Maven/io.quarkus:quarkus-undertow
Maven/io.quarkus:quarkus-undertow
Maven/io.quarkus:quarkus-csrf-reactive
Maven/io.quarkus:quarkus-csrf-reactive
Maven/io.quarkus:quarkus-csrf-reactive
Maven/io.quarkus:quarkus-keycloak-authorization
Maven/io.quarkus:quarkus-keycloak-authorization
Maven/io.quarkus:quarkus-keycloak-authorization
Quarkus HTTP vulnerable to incorrect evaluation of permissions
0.23.0
0.23.1
0.23.2
0.24.0
0.25.0
0.26.0
0.26.1
...
2023-09-20T12:30:22Z
Fix available
GHSA-frqc-f2h8-fjvf
Maven/org.springframework.graphql:spring-graphql
Maven/org.springframework.graphql:spring-graphql
Spring for GraphQL may be exposed to GraphQL context with values from a different session
1.1.0
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.2.0
...
2023-09-20T12:30:22Z
Fix available
GHSA-v92f-jx6p-73rx
Maven/it.geosolutions.jaiext.jiffle:jt-jiffle
Maven/it.geosolutions.jaiext.jiffle:jt-jiffle-language
Improper Control of Generation of Code ('Code Injection') in jai-ext
See details.
2023-09-19T20:35:16Z
Fix available
GHSA-3p86-9955-h393
Maven/org.eclipse.jgit:org.eclipse.jgit
Arbitrary File Overwrite in Eclipse JGit
1.2.0.201112221803-r
1.3.0.201202151440-r
2.0.0.201206130900-r
2.1.0.201209190230-r
2.2.0.201212191850-r
2.3.1.201302201838-r
3.0.0.201306101825-r
...
2023-09-18T15:30:18Z
Fix available
GHSA-pwh8-58vv-vw48
Maven/org.eclipse.jetty:jetty-openid
Maven/org.eclipse.jetty:jetty-openid
Maven/org.eclipse.jetty:jetty-openid
Jetty's OpenId Revoked authentication allows one request
9.4.21.v20190926
9.4.22.v20191022
9.4.23.v20191118
9.4.24.v20191120
9.4.25.v20191220
9.4.26.v20200117
9.4.27.v20200227
...
2023-09-15T13:36:10Z
Fix available
GHSA-hmr7-m48g-48f6
Maven/org.eclipse.jetty:jetty-http
Maven/org.eclipse.jetty:jetty-http
Maven/org.eclipse.jetty:jetty-http
Maven/org.eclipse.jetty:jetty-http
Jetty accepts "+" prefixed value in Content-Length
9.0.0.v20130308
9.0.1.v20130408
9.0.2.v20130417
9.0.3.v20130506
9.0.4.v20130625
9.0.5.v20130815
9.0.6.v20130930
...
2023-09-14T16:17:27Z
Fix available
GHSA-3gh6-v5v9-6v9j
Maven/org.eclipse.jetty:jetty-servlets
Maven/org.eclipse.jetty:jetty-servlets
Maven/org.eclipse.jetty:jetty-servlets
Maven/org.eclipse.jetty.ee10:jetty-ee10-servlets
Maven/org.eclipse.jetty.ee9:jetty-ee9-servlets
Maven/org.eclipse.jetty.ee8:jetty-ee8-servlets
Jetty vulnerable to errant command quoting in CGI Servlet
9.0.0.v20130308
9.0.1.v20130408
9.0.2.v20130417
9.0.3.v20130506
9.0.4.v20130625
9.0.5.v20130815
9.0.6.v20130930
...
2023-09-14T16:16:00Z
Fix available
Load more...
Maven - OSV