OSV

GHSA-r3qr-vwvg-43f7

Maven/org.opencastproject:opencast-common

Authenticated OpenRedirect Vulnerability

10.0
10.1
10.10
10.11
10.12
10.2
10.3
...

2022-12-03T04:31:50.962425Z

Fix available

GHSA-rmcx-fg5w-x8j9

Maven/io.fusionauth:fusionauth-java-client

FusionAuth vulnerable to directory traversal attack

1.37.0
1.38.0
1.39.0
1.40.1
1.41.0

2022-12-03T04:31:44.144497Z

Fix available

GHSA-339q-62wm-c39w

Maven/io.undertow:undertow-core

Undertow vulnerable to Denial of Service (DoS) attacks

1.0.0.Alpha1
1.0.0.Alpha10
1.0.0.Alpha11
1.0.0.Alpha12
1.0.0.Alpha13
1.0.0.Alpha14
1.0.0.Alpha15
...

2022-12-03T04:30:38.170798Z

Fix available

GHSA-rr2m-gffv-mgrj

Maven/org.apache.hadoop:hadoop-yarn-server
Maven/org.apache.hadoop:hadoop-yarn-server
Maven/org.apache.hadoop:hadoop-yarn-server

Deserialization of Untrusted Data in Apache Hadoop YARN

0.23.1
0.23.10
0.23.11
0.23.3
0.23.4
0.23.5
0.23.6
...

2022-12-03T04:30:17.774837Z

Fix available

GHSA-wp4h-pvgw-5727

Maven/org.apache.struts:struts2-core

Improperly Controlled Modification of Dynamically-Determined Object Attributes in Apache Struts

2.0.11
2.0.11.1
2.0.11.2
2.0.12
2.0.14
2.0.5
2.0.6
...

2022-12-03T04:21:48.544048Z

Fix available

GHSA-c566-2grg-mjwg

Maven/org.apache.tapestry:tapestry-project

Serialization vulnerability in Apache Tapestry

4.1
4.1.1
4.1.2
4.1.3
4.1.5
4.1.6

2022-12-03T04:21:21.847630Z

Fix available

GHSA-q2hm-2h45-v5g3

Maven/org.xwiki.platform:xwiki-platform-security-authentication-default
Maven/org.xwiki.platform:xwiki-platform-security-authentication-default

Plaintext storage of password after a reset in org.xwiki.platform:xwiki-platform-security-authentication-default

See details.

2022-12-03T04:09:18Z

Fix available

GHSA-8p36-q63g-68qh

Maven/org.mitre:openid-connect-parent

Autobinding vulnerability in MITREid Connect

0.9.0
0.9.1
0.9.2
0.9.3
1.0.0
1.0.1
1.0.10
...

2022-12-03T03:53:18.275450Z

No fix available

GHSA-jvc3-wjf6-7c6c

Maven/org.apache.dolphinscheduler:dolphinscheduler-common

Apache Dolphin Scheduler has insufficiently protected credentials

1.2.0
1.2.1
1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
...

2022-12-02T22:52:48.208384Z

Fix available

GHSA-rc2q-x9mf-w3vf

Maven/org.testng:testng

TestNG is vulnerable to Path Traversal

4.4.7
4.6.1
4.7
5.0
5.0.1
5.0.2
5.1
...

2022-12-02T22:38:38.106906Z

No fix available

GHSA-96vh-4rfp-c42c

Maven/com.github.samtools:htsjdk

HTSJDK is vulnerable to exposure of resource(s) to the wrong sphere

1.128
1.129
1.130
1.131
1.132
1.133
1.134
...

2022-12-02T22:23:10.554086Z

Fix available

GHSA-455j-8hg5-8576

Maven/com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger

Stored Cross-site Scripting vulnerability in Jenkins Gerrit Trigger Plugin

2.0
2.1.0
2.2.0

2022-12-02T21:38:10.364752Z

Fix available

GHSA-g56w-cwg4-hxx9

Maven/io.quarkus:quarkus-parent
Maven/io.quarkus:quarkus-parent

Code injection in quarkus dev ui config editor

2.14.0.Final
2.14.1.Final
0.11.0
0.12.0
0.13.0
0.13.1
0.13.2
...

2022-12-02T21:37:04.084340Z

Fix available

GHSA-hh6f-6fp5-gfpv

Maven/org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
Maven/org.jenkins-ci.plugins.workflow:workflow-cps-global-lib

Untrusted users can modify some Pipeline libraries in Jenkins Pipeline: Deprecated Groovy Libraries Plugin

See details.

2022-12-02T21:35:05Z

Fix available

GHSA-gp7c-xmmm-7pqr

Maven/org.jenkins-ci.plugins:extended-choice-parameter

Stored Cross-site Scripting vulnerabilities in Jenkins Extended Choice Parameter Plugin

See details.

2022-12-02T21:29:59Z

No fix available

GHSA-m3p3-2gp6-ghq8

Maven/org.jenkins-ci.plugins:jira
Maven/org.jenkins-ci.plugins:jira

Stored Cross-site Scripting vulnerability in Jenkins Jira Plugin

See details.

2022-12-02T21:26:56Z

Fix available

Vulnerability Library