Vulnerabilities

ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-h4pc-58cc-hc95
  • Maven/com.ctrip.framework.apollo:apollo
Apollo ConfigService access key authentication bypass via raw config file appId parsing 2 hours ago
  • No fix available
  • Severity - 7.5 (High)
GHSA-4w3q-qpfq-v992
  • Maven/com.ctrip.framework.apollo:apollo
Apollo ConfigService access key authentication bypass via appId parsing and non-canonical matching 2 hours ago
  • No fix available
  • Severity - 7.5 (High)
GHSA-jxpj-9j24-w337
  • Maven/com.ctrip.framework.apollo:apollo
Apollo Portal: There is a risk of unauthorized access to the Apollo configuration center 4 hours ago
  • No fix available
  • Severity - 6.5 (Medium)
GHSA-7cmj-v6x8-frvv
  • Maven/ca.uhn.hapi.fhir:org.hl7.fhir.dstu2
  • Maven/ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may
  • Maven/ca.uhn.hapi.fhir:org.hl7.fhir.dstu3
  • Maven/ca.uhn.hapi.fhir:org.hl7.fhir.r4
  • Maven/ca.uhn.hapi.fhir:org.hl7.fhir.r4b
  • ... 3 more
org.hl7.fhir.core: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint 4 days ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-q6gh-6v2r-hjv3
  • Maven/io.micronaut:micronaut-http-client
Micronaut: DefaultHttpClient follows redirects, forwarding Authorization, Cookie, and Proxy-Authorization headers 4 days ago
  • Fix available
  • Severity - 6.8 (Medium)
GHSA-387m-935m-c4vw
  • Maven/io.micronaut:micronaut-http-client
Micronaut doesn't set a maximum redirect count for its HTTP Client, enabling infinite loop DoS 4 days ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-6h3c-r723-7fx3
  • Maven/nl.nl-portal:taak
NL Portal: IDOR allows any authenticated user to complete and tamper with another user's taak 5 days ago
  • Fix available
  • Severity - 8.1 (High)
GHSA-qpm9-h556-mwxm
  • Maven/nl.nl-portal:besluiten
  • Maven/nl.nl-portal:documenten-api
NL Portal: Missing per-user authorization on document and decision GraphQL queries in nl-portal-backend-libraries 5 days ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-9qm4-rh6w-pq5x
  • Maven/org.dspace:dspace-api
DSpace: Path Traversal is possible through LDN message generation 5 days ago
  • Fix available
  • Severity - 5.5 (Medium)
GHSA-c827-pw3m-67w7
  • Maven/org.dspace:dspace-api
DSpace: ORE resource URI does not validate scheme for non-web resources 5 days ago
  • Fix available
  • Severity - 4.4 (Medium)
GHSA-v66x-68f2-pxf5
  • Maven/org.dspace:dspace-api
DSpace has a possible Path Traversal Vulnerability in its Curation Task Reporter output path 5 days ago
  • Fix available
  • Severity - 5.5 (Medium)
GHSA-9x82-rm84-c6x7
  • Maven/org.dspace:dspace-api
DSpace has possible Remote Code Execution (RCE) through Velocity Templates used by LDN 5 days ago
  • Fix available
  • Severity - 8.0 (High)
GHSA-qj4x-9g63-25g6
  • Maven/org.xwiki.platform:xwiki-platform-oldcore
XWiki Platform Old Core: Resource path traversal via /skin/ action endpoint in Jetty 12+ 6 days ago
  • Fix available
  • Severity - 8.2 (High)
GHSA-cgfv-jrfp-2r7v
  • Maven/io.openremote:openremote-manager
OpenRemote has Authenticated SQL Injection via Datapoint Crosstab Export 6 days ago
  • Fix available
  • Severity - 7.2 (High)
GHSA-7v6w-c3f4-9wpq
  • Maven/io.openremote:openremote-agent
OpenRemote has an incomplete fix for CVE-2026-40882: XXE in KNXProtocol.startAssetImport() allows arbitrary file read via unprotected XMLInputFactory 06 Jul
  • Fix available
  • Severity - 7.6 (High)
GHSA-xqr9-4wvv-gvch
  • Maven/io.openremote:openremote-manager
OpenRemote has Cross-Realm User Information Disclosure in UserResourceImpl 06 Jul
  • Fix available
  • Severity - 7.7 (High)