Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-c3fc-8qff-9hwx
  • Maven/org.bouncycastle:bcprov-jdk14
  • Maven/org.bouncycastle:bcprov-jdk15to18
  • Maven/org.bouncycastle:bcprov-jdk18on
 Bouncy Castle has an LDAP injection 3 days ago
  • Fix available
  • Severity - 5.5 (Medium)
GHSA-cj8j-37rh-8475
  • Maven/org.bouncycastle:bcpg-jdk12
  • Maven/org.bouncycastle:bcpg-jdk14
  • Maven/org.bouncycastle:bcpg-jdk15
  • Maven/org.bouncycastle:bcpg-jdk15on
  • Maven/org.bouncycastle:bcpg-jdk15to18
  • ... 2 more
 Bouncy Castle Uncontrolled Resource Consumption vulnerability 3 days ago
  • Fix available
  • Severity - 8.7 (High)
GHSA-xw5c-jc7x-gf75
  • Maven/org.pac4j:pac4j-core
 PAC4J has a Cross-Site Request Forgery (CSRF) Vulnerability 3 days ago
  • Fix available
  • Severity - 7.0 (High)
GHSA-vp6r-9m58-5xv8
  • Maven/org.omnifaces:omnifaces
 OmniFaces: EL injection via crafted resource name in wildcard CDN mapping 4 days ago
  • Fix available
  • Severity - 8.1 (High)
GHSA-hf5p-q87m-crj7
  • Maven/com.github.junrar:junrar
 Junrar: Path Traversal (Zip-Slip) via Sibling Directory Name Prefix 4 days ago
  • Fix available
  • Severity - 5.9 (Medium)
GHSA-hfrg-mcvw-8mch
  • Maven/com.ritense.valtimo:inbox
 Valtimo: Sensitive data exposure through inbox message logging in InboxHandlingService 4 days ago
  • Fix available
  • Severity - 4.9 (Medium)
GHSA-27h3-crw2-q36w
  • Maven/org.apache.skywalking:server-core
 SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information 4 days ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-xjw8-8c5c-9r79
  • Maven/org.thymeleaf:thymeleaf
  • Maven/org.thymeleaf:thymeleaf-spring5
  • Maven/org.thymeleaf:thymeleaf-spring6
 Improper neutralization of specific syntax patterns for unauthorized expressions in Thymeleaf 5 days ago
  • Fix available
  • Severity - 9.0 (Critical)
GHSA-r4v4-5mwr-2fwr
  • Maven/org.thymeleaf:thymeleaf
  • Maven/org.thymeleaf:thymeleaf-spring5
  • Maven/org.thymeleaf:thymeleaf-spring6
 Improper restriction of the scope of accessible objects in Thymeleaf expressions 5 days ago
  • Fix available
  • Severity - 9.0 (Critical)
GHSA-g24f-mgc3-jwwc
  • Maven/io.openremote:openremote-manager
 OpenRemote has XXE in Velbus Asset Import 5 days ago
  • Fix available
  • Severity - 7.6 (High)
GHSA-xmj9-7625-f634
  • Maven/dev.dsf:dsf-bpe-process-api-v2
  • Maven/dev.dsf:dsf-bpe-server
 Data Sharing Framework has an Inverted Time Comparison in OIDC JWKS and Token Cache 5 days ago
  • No fix available
  • Severity - 6.3 (Medium)
GHSA-gj7p-595x-qwf5
  • Maven/dev.dsf:dsf-bpe-server
  • Maven/dev.dsf:dsf-common-jetty
  • Maven/dev.dsf:dsf-fhir-server
 Data Sharing Framework is Missing Session Timeout for OIDC Sessions 5 days ago
  • No fix available
  • Severity - 6.8 (Medium)
GHSA-wg6q-6289-32hp
  • Maven/org.bouncycastle:bcpkix-debug-jdk14
  • Maven/org.bouncycastle:bcpkix-debug-jdk15to18
  • Maven/org.bouncycastle:bcpkix-debug-jdk18on
  • Maven/org.bouncycastle:bcpkix-jdk14
  • Maven/org.bouncycastle:bcpkix-jdk15on
  • ... 2 more
 Bouncy Castle Crypto Package For Java: Use of a Broken or Risky Cryptographic Algorithm vulnerability in bcpkix modules 5 days ago
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-355h-qmc2-wpwf
  • Maven/org.eclipse.jetty:jetty-http
 Jetty has HTTP Request Smuggling via Chunked Extension Quoted-String Parsing 6 days ago
  • Fix available
  • Severity - 7.4 (High)
GHSA-mrqg-xmgm-rc5g
  • Maven/org.xwiki.platform:xwiki-platform-legacy-oldcore
  • Maven/org.xwiki.platform:xwiki-platform-oldcore
 XWiki's REST APIs can list all pages/spaces, leading to unavailability 6 days ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-w4fj-87j5-f25c
  • Maven/org.xwiki.platform:xwiki-platform-web-templates
 XWiki has Reflected Cross-Site Scripting (XSS) in page history compare 6 days ago
  • Fix available
  • Severity - 6.5 (Medium)
Load more...