Vulnerability Database
Blog
FAQ
Vulnerability Library
search
All ecosystems
47257
AlmaLinux
1436
Alpine
3151
Android
674
crates.io
1120
Debian
9217
GitHub Actions
10
Go
1394
Hex
21
Linux
13573
Maven
3527
npm
2930
NuGet
272
OSS-Fuzz
2826
Packagist
1563
Pub
4
PyPI
3988
Rocky Linux
907
RubyGems
644
ID
Packages
Summary
Affected versions
Last modified
Fix
GHSA-7xgj-j9hp-c692
Maven/org.jenkins-ci.plugins:wso2id-oauth
Jenkins WSO2 Oauth Plugin cross-site request forgery vulnerability
1.0
2023-05-30T15:59:08.306801Z
No fix available
GHSA-rq2w-37h9-vg94
Maven/org.apache.tomcat:tomcat
Maven/org.apache.tomcat:tomcat
Maven/org.apache.tomcat:tomcat
Apache Tomcat improperly escapes input from JsonErrorReportValve
8.5.83
9.0.40
9.0.41
9.0.43
9.0.44
9.0.45
9.0.46
...
2023-05-30T07:12:23.755711Z
Fix available
GHSA-h79m-5cm2-278c
Maven/org.apache.inlong:manager-dao
Maven/org.apache.inlong:manager-pojo
Maven/org.apache.inlong:manager-service
Maven/org.apache.inlong:manager-web
User data exposure in Apache InLong
1.5.0
1.6.0
1.5.0
1.6.0
1.5.0
1.6.0
1.5.0
...
2023-05-30T07:04:29.611476Z
Fix available
GHSA-p22x-g9px-3945
Maven/org.apache.tomcat:tomcat
Maven/org.apache.tomcat:tomcat
Maven/org.apache.tomcat:tomcat
Maven/org.apache.tomcat:tomcat
Apache Tomcat may reject request containing invalid Content-Length header
8.5.0
8.5.11
8.5.12
8.5.13
8.5.14
8.5.15
8.5.16
...
2023-05-30T07:04:03.540697Z
Fix available
GHSA-hfrx-6qgj-fp6c
Maven/commons-fileupload:commons-fileupload
Apache Commons FileUpload denial of service vulnerability
1.0
1.0-beta-1
1.0-rc1
1.1
1.1.1
1.2
1.2.1
...
2023-05-30T06:50:57.612080Z
Fix available
GHSA-gw42-f939-fhvm
Maven/org.igniterealtime.openfire:xmppserver
Maven/org.igniterealtime.openfire:xmppserver
Administration Console authentication bypass in openfire xmppserver
4.2.0
2023-05-29T16:19:46.876339Z
Fix available
GHSA-xf96-w227-r7c4
Maven/org.springframework.boot:spring-boot-autoconfigure
Maven/org.springframework.boot:spring-boot-autoconfigure
Maven/org.springframework.boot:spring-boot-autoconfigure
Maven/org.springframework.boot:spring-boot-autoconfigure
Spring Boot Welcome Page Denial of Service
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
...
2023-05-26T22:19:11.350118Z
Fix available
GHSA-qw69-rqj8-6qw8
Maven/org.eclipse.jetty:jetty-server
Maven/org.eclipse.jetty:jetty-server
Maven/org.eclipse.jetty:jetty-server
OutOfMemoryError for large multipart without filename in Eclipse Jetty
7.0.0.M0
7.0.0.M1
7.0.0.M2
7.0.0.M3
7.0.0.M4
7.0.0.RC0
7.0.0.RC1
...
2023-05-26T22:05:33.642814Z
Fix available
GHSA-x873-6rgc-94jc
Maven/org.springframework.security:spring-security-core
Maven/org.springframework.security:spring-security-core
Maven/org.springframework.security:spring-security-core
Spring Security logout not clearing security context
5.7.0
5.7.1
5.7.2
5.7.3
5.7.4
5.7.5
5.7.6
...
2023-05-26T22:05:13.214873Z
Fix available
GHSA-p26g-97m4-6q7c
Maven/org.eclipse.jetty:jetty-server
Maven/org.eclipse.jetty:jetty-server
Maven/org.eclipse.jetty:jetty-server
Maven/org.eclipse.jetty:jetty-server
Eclipse Jetty's cookie parsing of quoted values can exfiltrate values from other cookies
7.0.0.M0
7.0.0.M1
7.0.0.M2
7.0.0.M3
7.0.0.M4
7.0.0.RC0
7.0.0.RC1
...
2023-05-26T22:04:46.442641Z
Fix available
GHSA-c892-cwq6-qrqf
Maven/org.keycloak:keycloak-core
Keycloak vulnerable to untrusted certificate validation
1.0-alpha-1
1.0-alpha-1-12062013
1.0-alpha-2
1.0-alpha-3
1.0-alpha-4
1.0-beta-1
1.0-beta-1-20150521
...
2023-05-26T21:34:07.094405Z
No fix available
GHSA-9mmj-64jh-ph9c
Maven/com.xuxueli:xxl-job
Privilege escalation in XXL-Job
1.4.1
1.4.2
1.5.0
1.5.1
1.5.2
1.6.0
1.6.1
...
2023-05-26T21:19:10.237509Z
No fix available
GHSA-rv6g-3v76-cvf9
Maven/org.jenkins-ci.plugins:azure-vm-agents
Jenkins Azure VM Agents Plugin missing permission checks
0.4.0
0.4.1
0.4.2
0.4.3
0.4.4
0.4.5
0.4.5.1
...
2023-05-26T18:05:17.508077Z
Fix available
GHSA-5gj6-62g7-vmgf
Maven/com.hazelcast:hazelcast
Hazelcast vulnerable to unmasked password exposure
1.5
1.5.1
1.5.2
1.5.3
1.6
1.6-RC1
1.7
...
2023-05-26T18:04:59.003331Z
Fix available
GHSA-6v6h-rw43-97fh
Maven/io.jenkins.plugins:miniorange-saml-sp
Jenkins SAML Single Sign On(SSO) Plugin missing hostname validation
1.0.1
1.0.10
1.0.11
1.0.14
1.0.15
1.0.16
1.0.18
...
2023-05-26T18:04:41.316396Z
Fix available
GHSA-3xf9-pgc2-mr9c
Maven/io.jenkins.plugins:miniorange-saml-sp
Jenkins SAML Single Sign On(SSO) Plugin missing permission checks
1.0.1
1.0.10
1.0.11
1.0.14
1.0.15
1.0.16
1.0.18
...
2023-05-26T18:04:24.736109Z
Fix available
Load more...
Maven - OSV