OSV - Open Source Vulnerabilities

GHSA-794x-8x6x-qpfc

Maven/io.zipkin:zipkin-server

Zipkin Server vulnerable to Insecure Resource Initialization through its /heapdump endpoint

3 days ago

No fix available
Severity - 5.3 (Medium)

GHSA-m43g-m425-p68x

Maven/org.junit.platform:junit-platform-reporting

junit-platform-reporting can leak Git credentials through its OpenTestReportGeneratingListener

6 days ago

Fix available
Severity - 5.8 (Medium)

GHSA-3m86-c9x3-vwm9

Maven/org.graylog2:graylog2-server

Graylog vulnerable to privilege escalation through API tokens

30 Jun

Fix available
Severity - 8.8 (High)

GHSA-8gqp-hr9g-pg62

Maven/org.conductoross:conductor-core

Conductor vulnerable to OS command injection through unrestricted access to Java classes

30 Jun

Fix available
Severity - 9.8 (Critical)

GHSA-373j-mhpf-84wg

Maven/io.jans:jans-config-api-server

Janssen Config API returns results without scope verification

30 Jun

Fix available
Severity - 8.2 (High)

GHSA-358m-fq53-hp87

Maven/com.typesafe.akka:akka-cluster-metrics_3
Maven/com.typesafe.akka:akka-cluster-metrics_2.13

akka-cluster-metrics uses Java serialization for cluster metrics

29 Jun

No fix available
Severity - 6.0 (Medium)

GHSA-m964-fjrh-xxq2

Maven/org.apache.seata:seata-config-core

Apache Seata Vulnerable to Deserialization of Untrusted Data

28 Jun

Fix available
Severity - 9.8 (Critical)

GHSA-h46c-h94j-95f3

Maven/com.fasterxml.jackson.core:jackson-core

jackson-core can throw a StackoverflowError when processing deeply nested data

27 Jun

Fix available
Severity - 8.7 (High)

GHSA-cqm8-rg2p-jfcf

Maven/org.infinispan:infinispan-cli-client

Infinispan CLI vulnerable to Generation of Error Message Containing Sensitive Information

27 Jun

No fix available
Severity - 6.2 (Medium)

GHSA-h7qf-qmf3-85qg

Maven/io.qameta.allure.plugins:xunit-xml-plugin
Maven/io.qameta.allure.plugins:junit-xml-plugin
Maven/io.qameta.allure.plugins:trx-plugin

Allure Report allows Improper XXE Restriction via DocumentBuilderFactory

25 Jun

Fix available
Severity - 7.5 (High)

GHSA-9623-mj7j-p9v4

Maven/io.quarkus:quarkus-vertx

Quarkus potentially leaks data when duplicating a duplicated context

23 Jun

Fix available
Severity - 6.4 (Medium)

GHSA-7cjh-xx4r-qh3f

Maven/io.sentry:sentry-android
Maven/io.sentry:sentry-android-replay

sentry-android unmasked sensitive data in Android Session Replays for users of Jetpack Compose 1.8+

20 Jun

Fix available
Severity - 8.2 (High)

GHSA-5644-3vgq-2ph5

Maven/org.craftercms:crafter-studio

Crafter Studio Groovy Sandbox Bypass

19 Jun

Fix available
Severity - 7.3 (High)

GHSA-8qjw-9xgm-c9ff

Maven/com.powsybl:powsybl-iidm-criteria
Maven/com.powsybl:powsybl-contingency-api

PowSyBl Core Contains a Polynomial ReDoS in RegexCriterion

19 Jun

Fix available
Severity - 2.7 (Low)

GHSA-rqpx-f6rc-7hm5

Maven/com.powsybl:powsybl-commons

PowSyBl Core contains Polynomial REDoS’es

19 Jun

Fix available
Severity - 6.3 (Medium)

GHSA-f5cx-h789-j959

Maven/com.powsybl:powsybl-math

PowSyBl Core allows deserialization of untrusted SparseMatrix data

19 Jun

Fix available
Severity - 8.1 (High)