Vulnerability Database
Blog
FAQ
Docs
Vulnerability Library
search
All ecosystems
149405
AlmaLinux
3014
Alpine
3485
Android
898
Bitnami
4275
Chainguard
13046
CRAN
10
crates.io
1403
Debian
16400
GIT
29013
GitHub Actions
16
Go
2579
Hackage
18
Hex
30
Linux
13573
Maven
4967
npm
17855
NuGet
1334
OSS-Fuzz
3372
Packagist
3948
Pub
8
PyPI
13756
Rocky Linux
1315
RubyGems
1585
SwiftURL
31
Ubuntu
5337
Wolfi
8137
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-2hjr-vmf3-xwvp
Maven/org.elasticsearch:elasticsearch
Elasticsearch Insertion of Sensitive Information into Log File
yesterday
Fix available
Severity - 4.1 (Medium)
GHSA-7726-43hg-m23v
Maven/org.openidentityplatform.openam:openam-oauth2
OpenAM FreeMarker template injection
yesterday
Fix available
Severity - 8.8 (High)
GHSA-p528-3mvf-gr87
Maven/org.springframework.cloud:spring-cloud-skipper
Remote code execution in Spring Cloud Data Flow
yesterday
Fix available
Severity - 9.8 (Critical)
GHSA-8gj9-r4hv-3jjw
Maven/org.apache.pinot:pinot-controller
Apache Pinot: Unauthorized endpoint exposed sensitive information
2 days ago
Fix available
Severity - 8.7 (High)
GHSA-v62g-jwj9-rfvx
Maven/org.apache.drill.exec:drill-java-exec
XML External Entity Reference (XXE) in the XML Format Plugin in Apache Drill
2 days ago
Fix available
Severity - 6.4 (Medium)
GHSA-crjg-w57m-rqqf
Maven/dnsjava:dnsjava
DNSJava vulnerable to KeyTrap - Denial-of-Service Algorithmic Complexity Attacks
4 days ago
Fix available
Severity - 7.7 (High)
GHSA-mmwx-rj87-vfgr
Maven/dnsjava:dnsjava
DNSJava affected by KeyTrap - NSEC3 closest encloser proof can exhaust CPU resources
4 days ago
Fix available
Severity - 7.1 (High)
GHSA-cfxw-4h78-h7fw
Maven/dnsjava:dnsjava
DNSJava DNSSEC Bypass
4 days ago
Fix available
Severity - 7.0 (High)
GHSA-8pxv-x6jq-5vw9
Maven/org.apache.syncope.client.idrepo:syncope-client-idrepo-common-ui
Maven/org.apache.syncope.client.idrepo:syncope-client-idrepo-console
Apache Syncope Improper Input Validation vulnerability
4 days ago
Fix available
Severity - 7.1 (High)
GHSA-q9w2-h4cw-8ghp
Maven/org.apache.rocketmq:rocketmq-all
Apache RocketMQ Vulnerable to Unauthorized Exposure of Sensitive Data
4 days ago
Fix available
Severity - 6.0 (Medium)
GHSA-w36w-948j-xhfw
Maven/ai.h2o:h2o-core
H2O vulnerable to Deserialization of Untrusted Data
5 days ago
No fix available
Severity - 7.7 (High)
GHSA-4mgg-fqfq-64hg
Maven/org.apache.cxf:cxf-rt-transports-http
Apache CXF allows unrestricted memory consumption in CXF HTTP clients
19 Jul
Fix available
Severity - 6.3 (Medium)
GHSA-5m3j-pxh7-455p
Maven/org.apache.cxf:cxf-rt-rs-service-description
Apache CXF: SSRF vulnerability via WADL stylesheet parameter
19 Jul
Fix available
Severity - 7.7 (High)
GHSA-6pff-fmh2-4mmf
Maven/org.apache.cxf:cxf-rt-rs-security-jose
Apache CXF Denial of Service vulnerability in JOSE
19 Jul
Fix available
Severity - 6.9 (Medium)
GHSA-q8f2-hxq5-cp4h
Maven/io.netty.incubator:netty-incubator-codec-bhttp
Absent Input Validation in BinaryHttpParser
18 Jul
Fix available
Severity - 8.1 (High)
GHSA-xmvg-335g-x44q
Maven/org.opensearch.plugin:opensearch-reports-scheduler
The OpenSearch reporting plugin improperly controls tenancy access to reporting resources
18 Jul
Fix available
Severity - 5.3 (Medium)
Load more...
Maven - OSV