Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-m8mh-x359-vm8m
  • Maven/org.apktool:apktool-lib
 Apktool: Path Traversal to Arbitrary File Write 5 days ago
  • Fix available
  • Severity - 7.1 (High)
GHSA-49vv-25qx-mg44
  • Maven/io.openremote:openremote-manager
 OpenRemote has Improper Access Control via updateUserRealmRoles function 6 days ago
  • Fix available
  • Severity - 7.0 (High)
GHSA-69rw-45wj-g4v6
  • Maven/io.spinnaker.echo:echo-pipelinetriggers
 Spinnaker: RCE via expression parsing due to unrestricted context handling 21 Apr
  • Fix available
  • Severity - 9.9 (Critical)
GHSA-x3j7-7pgj-h87r
  • Maven/io.spinnaker.clouddriver:clouddriver-artifacts-gitrepo
 Spinnaker: RCE when using gitrepo artifact types due to improper sanitization of user input on branch and paths 21 Apr
  • Fix available
  • Severity - 9.9 (Critical)
GHSA-28jg-cgg7-j4wc
  • Maven/org.apache.kafka:kafka-clients
 Apache Kafka does not validate JWT tokens in its OAUTHBEARER authentication implementation 20 Apr
  • Fix available
  • Severity - 9.1 (Critical)
GHSA-c3fc-8qff-9hwx
  • Maven/org.bouncycastle:bcprov-jdk14
  • Maven/org.bouncycastle:bcprov-jdk15to18
  • Maven/org.bouncycastle:bcprov-jdk18on
 Bouncy Castle has an LDAP injection 17 Apr
  • Fix available
  • Severity - 5.5 (Medium)
GHSA-cj8j-37rh-8475
  • Maven/org.bouncycastle:bcpg-jdk12
  • Maven/org.bouncycastle:bcpg-jdk14
  • Maven/org.bouncycastle:bcpg-jdk15
  • Maven/org.bouncycastle:bcpg-jdk15on
  • Maven/org.bouncycastle:bcpg-jdk15to18
  • ... 2 more
 Bouncy Castle Uncontrolled Resource Consumption vulnerability 17 Apr
  • Fix available
  • Severity - 8.7 (High)
GHSA-xw5c-jc7x-gf75
  • Maven/org.pac4j:pac4j-core
 PAC4J has a Cross-Site Request Forgery (CSRF) Vulnerability 17 Apr
  • Fix available
  • Severity - 7.0 (High)
GHSA-vp6r-9m58-5xv8
  • Maven/org.omnifaces:omnifaces
 OmniFaces: EL injection via crafted resource name in wildcard CDN mapping 16 Apr
  • Fix available
  • Severity - 8.1 (High)
GHSA-hf5p-q87m-crj7
  • Maven/com.github.junrar:junrar
 Junrar: Path Traversal (Zip-Slip) via Sibling Directory Name Prefix 16 Apr
  • Fix available
  • Severity - 5.9 (Medium)
GHSA-hfrg-mcvw-8mch
  • Maven/com.ritense.valtimo:inbox
 Valtimo: Sensitive data exposure through inbox message logging in InboxHandlingService 16 Apr
  • Fix available
  • Severity - 4.9 (Medium)
GHSA-27h3-crw2-q36w
  • Maven/org.apache.skywalking:server-core
 SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information 16 Apr
  • Fix available
  • Severity - 7.5 (High)
GHSA-xjw8-8c5c-9r79
  • Maven/org.thymeleaf:thymeleaf
  • Maven/org.thymeleaf:thymeleaf-spring5
  • Maven/org.thymeleaf:thymeleaf-spring6
 Improper neutralization of specific syntax patterns for unauthorized expressions in Thymeleaf 15 Apr
  • Fix available
  • Severity - 9.0 (Critical)
GHSA-r4v4-5mwr-2fwr
  • Maven/org.thymeleaf:thymeleaf
  • Maven/org.thymeleaf:thymeleaf-spring5
  • Maven/org.thymeleaf:thymeleaf-spring6
 Improper restriction of the scope of accessible objects in Thymeleaf expressions 15 Apr
  • Fix available
  • Severity - 9.0 (Critical)
GHSA-g24f-mgc3-jwwc
  • Maven/io.openremote:openremote-manager
 OpenRemote has XXE in Velbus Asset Import 15 Apr
  • Fix available
  • Severity - 7.6 (High)
GHSA-xmj9-7625-f634
  • Maven/dev.dsf:dsf-bpe-process-api-v2
  • Maven/dev.dsf:dsf-bpe-server
 Data Sharing Framework has an Inverted Time Comparison in OIDC JWKS and Token Cache 15 Apr
  • No fix available
  • Severity - 6.3 (Medium)
Load more...