Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-hv2w-8mjj-jw22
  • Maven/io.modelcontextprotocol.sdk:mcp-core
 MCP Java SDK has a Hardcoded Wildcard CORS (Access-Control-Allow-Origin: *) 8 hours ago
  • Fix available
  • Severity - 6.1 (Medium)
GHSA-vr79-8m62-wh98
  • Maven/ca.uhn.hapi.fhir:org.hl7.fhir.validation
 FHIR Validator HTTP service has SSRF via /loadIG Chains with startsWith() Credential Leak for Authentication Token Theft 8 hours ago
  • Fix available
  • Severity - 9.3 (Critical)
GHSA-3ww8-jw56-9f5h
  • Maven/ca.uhn.hapi.fhir:org.hl7.fhir.core
 FHIR Validator: Unauthenticated Blind SSRF via /loadIG Endpoint Enables Internal Network Probing 8 hours ago
  • Fix available
  • Severity - 5.8 (Medium)
GHSA-fgv2-4q4g-wc35
  • Maven/ca.uhn.hapi.fhir:org.hl7.fhir.core
  • Maven/ca.uhn.hapi.fhir:org.hl7.fhir.utilities
 HAPI FHIR Core has Authentication Credential Leakage via Improper URL Prefix Matching on HTTP Redirect 8 hours ago
  • Fix available
  • Severity - 7.4 (High)
GHSA-x27p-5f68-m644
  • Maven/io.trino:trino-iceberg
 Trino: Iceberg REST catalog static and vended credentials are accessible via query JSON yesterday
  • Fix available
  • Severity - 7.7 (High)
GHSA-443w-3rq3-5m5h
  • Maven/software.amazon.awssdk:cloudfront
 AWS SDK for Java 2.0: Improper Handling of Special Characters in CloudFront Signing Utilities 3 days ago
  • Fix available
  • Severity - 7.7 (High)
GHSA-44f4-gvwj-6qg3
  • Maven/org.springframework.ai:spring-ai-redis-store
 Spring AI Redis Store has TAG Field Query Injection Through Improper Neutralization of Special Characters 3 days ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-7cj7-rcw6-p68v
  • Maven/org.springframework.ai:spring-ai-neo4j-store
 Spring AI has a Cypher Injection vulnerability in Neo4jVectorFilterExpressionConverter 3 days ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-mhrg-94vw-45c5
  • Maven/org.springframework.ai:spring-ai-bedrock-converse
 Spring AI: Insufficient Validation causes SSRF when processing multimodal messages with user-supplied URLs 3 days ago
  • Fix available
  • Severity - 8.6 (High)
GHSA-fvh3-672c-7p6c
  • Maven/org.springframework.ai:spring-ai-vector-store
 Spring AI: SpEL injection is triggered when a user-supplied value is used as a filter expression key 3 days ago
  • Fix available
  • Severity - 9.8 (Critical)
GHSA-7xf9-4jfc-wgm4
  • Maven/org.keycloak:keycloak-services
 Keycloak: manage-clients permission escalates to full realm admin access 4 days ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-q35r-vvhv-vx5h
  • Maven/org.keycloak:keycloak-model-jpa
  • Maven/org.keycloak:keycloak-server-spi-private
  • Maven/org.keycloak:keycloak-services
 Keycloak: Missing Role Enforcement on UMA 2.0 Permission Ticket Endpoint Leads to Information Disclosure 4 days ago
  • Fix available
  • Severity - 4.3 (Medium)
GHSA-w9fj-cfpg-grvv
  • Maven/io.netty:netty-codec-http2
 Netty HTTP/2 CONTINUATION Frame Flood DoS via Zero-Byte Frame Bypass 4 days ago
  • Fix available
  • Severity - 8.7 (High)
GHSA-pwqr-wmgm-9rr8
  • Maven/io.netty:netty-codec-http
 Netty: HTTP Request Smuggling via Chunked Extension Quoted-String Parsing 4 days ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-h8w2-rv57-vc6f
  • Maven/com.splunk:splunk-otel-javaagent
 splunk-otel-javaagent: Unsafe deserialization in RMI instrumentation may lead to Remote Code Execution 4 days ago
  • Fix available
  • Severity - 9.3 (Critical)
GHSA-579q-h82j-r5v2
  • Maven/com.datadoghq:dd-java-agent
 dd-trace-java: Unsafe deserialization in RMI instrumentation may lead to remote code execution 4 days ago
  • Fix available
  • Severity - 9.3 (Critical)
Load more...