Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-xr72-g735-4vwp
  • Maven/org.neo4j:neo4j
 Neo4j Enterprise and Community editions have insufficient escaping of unicode characters in query log 3 days ago
  • Fix available
  • Severity - 1.1 (Low)
GHSA-4j3g-rwwq-4p54
  • Maven/org.neo4j:neo4j
 Neo4j Enterprise and Community vulnerable to a potential information disclosure 5 days ago
  • Fix available
  • Severity - 4.8 (Medium)
GHSA-73f3-rqqf-2j54
  • Maven/org.apache.syncope.client.idrepo:syncope-client-idrepo-console
 Apache Syncope: Console XXE on Keymaster parameters 6 days ago
  • Fix available
  • Severity - 4.9 (Medium)
GHSA-v84m-gfw5-hm2w
  • Maven/org.apache.syncope.client.idrepo:syncope-client-idrepo-common-ui
 Apache Syncope: Reflected XSS on Enduser Login 6 days ago
  • Fix available
  • Severity - 6.8 (Medium)
GHSA-gjx9-j8f8-7j74
  • Maven/com.hubspot.jinjava:jinjava
 JinJava Bypass through ForTag leads to Arbitrary Java Execution 6 days ago
  • Fix available
  • Severity - 9.8 (Critical)
GHSA-gj28-gw7w-3pxc
  • Maven/org.craftercms:craftercms
 Crafter CMS has Improper Control of Dynamically-Managed Code Resources 02 Feb
  • Fix available
  • Severity - 4.5 (Medium)
GHSA-wj3h-wx8g-x699
  • Maven/ai.h2o:h2o-core
  • PyPI/h2o
 H2O has an External Control of File Name or Path vulnerability 02 Feb
  • No fix available
  • Severity - 9.1 (Critical)
GHSA-fwhw-chw4-gh37
  • Maven/org.keycloak:keycloak-parent
 Keycloak Server-Side Request Forgery (SSRF) vulnerability 02 Feb
  • No fix available
  • Severity - 2.7 (Low)
GHSA-g78x-7vwx-9f58
  • Maven/org.keycloak:keycloak-services
 Keycloak Admin API allows an administrator with limited privileges to retrieve sensitive custom attributes 02 Feb
  • Fix available
  • Severity - 2.7 (Low)
GHSA-33hj-rcmx-86mv
  • Maven/io.undertow:undertow-core
 Undertow Servlets Vulnerable to Remote DoS via OutOfMemoryError when Passed Large Parameter Names 30 Jan
  • Fix available
  • Severity - 7.5 (High)
GHSA-23f4-hfmq-94mj
  • Maven/com.github.liuyueyi.media:batik-codec-fix
 Quick-Media Batik Codec FIX Package has Buffer Overflow Vulnerability in PNG Codec 27 Jan
  • No fix available
  • Severity - 5.3 (Medium)
GHSA-444m-px7r-qpvv
  • Maven/com.foxinmy:weixin4j-base
 weixin4j has Improperly Controlled Sequential Memory Allocation 27 Jan
  • No fix available
  • Severity - 6.3 (Medium)
GHSA-8623-9fwr-4cxv
  • Maven/com.github.liuyueyi.media:batik-codec-fix
 Quick-Media Batik Codec FIX package has Code Injection vulnerability 27 Jan
  • No fix available
  • Severity - 5.3 (Medium)
GHSA-hcx3-3q5c-r5v6
  • Maven/com.github.briandilley.jsonrpc4j:jsonrpc4j
 jsonrpc4j has Infinite Loop in RPC Stream Writer 27 Jan
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-rqfh-9r24-8c9r
  • Maven/org.assertj:assertj-core
 AssertJ has XML External Entity (XXE) vulnerability when parsing untrusted XML via isXmlEqualTo assertion 26 Jan
  • Fix available
  • Severity - 8.2 (High)
GHSA-63v5-26vq-m4vm
  • Maven/org.keycloak:keycloak-services
 Keycloak's missing timestamp validation allows attackers to extend SAML response validity periods 26 Jan
  • No fix available
  • Severity - 3.1 (Low)
Load more...