Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-2rgp-f66f-4499
  • Maven/io.goobi.viewer:viewer-core
 Goobi viewer - Core: Unauthenticated Solr Streaming Expression Proxy 2 hours ago
  • No fix available
  • Severity - 9.8 (Critical)
GHSA-q7m6-wpvf-mvwx
  • Maven/org.mapfish.print:print-lib
  • Maven/org.mapfish.print:print-servlet
 Mapfish Print: Remote Code Injection (RCE) in Dynamic table 16 hours ago
  • Fix available
  • Severity - 9.3 (Critical)
GHSA-x3r2-fj3r-g5mv
  • Maven/io.github.davidalmeidac:sealed-env-core
  • npm/sealed-env
 sealed-env: TOTP secret embedded in unseal token payload (enterprise mode) yesterday
  • Fix available
  • Severity - 9.1 (Critical)
GHSA-qqcj-rghw-829x
  • Maven/io.unitycatalog:unitycatalog-server
 Unity Catalog has a JWT Issuer Validation Bypass tht Allows Complete User Impersonation 2 days ago
  • Fix available
  • Severity - 9.1 (Critical)
GHSA-3jh5-rr2q-xfv7
  • Maven/com.ritense.valtimo:web
 Valtimo has sensitive data exposure through HTTP request/response logging in LoggingRestClientCustomizer 2 days ago
  • Fix available
  • Severity - 7.6 (High)
GHSA-3g76-f9xq-8vp6
  • Maven/io.vertx:vertx-core
 Vert.x has a DoS via unbounded server-side SNI SslContext cache growth 4 days ago
  • No fix available
  • Severity - 6.9 (Medium)
GHSA-g8r3-5hwf-qp96
  • Maven/com.oviva.telematik:epa4all-client
 epa4all-client has a VAU Signature bypass 4 days ago
  • Fix available
  • Severity - 8.1 (High)
GHSA-hfcf-v2f8-x9pc
  • Maven/org.bitcoinj:bitcoinj-core
 bitcoinj has a ScriptExecution P2PKH/P2WPKH Verification Bypass 5 days ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-2mh5-3cw6-hrrq
  • Maven/org.springframework.cloud:spring-cloud-config
 Spring Cloud Config has an Authorization Bypass Through User-Controlled Key 6 days ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-6g23-24mc-hx6x
  • Maven/org.springframework.cloud:spring-cloud-config-server
 Spring Cloud Config vulnerable to Path Traversal 6 days ago
  • Fix available
  • Severity - 9.1 (Critical)
GHSA-86wq-234q-r6wg
  • Maven/org.springframework.cloud:spring-cloud-config-server
 Spring Cloud Config Server Susceptible To TOCTOU Attack 6 days ago
  • Fix available
  • Severity - 7.2 (High)
GHSA-j6hh-h3cf-c2hf
  • Maven/org.springframework.cloud:spring-cloud-config-server
 Spring Cloud Config Server Logged Sensitive Information 6 days ago
  • Fix available
  • Severity - 4.4 (Medium)
GHSA-jfg9-48mv-9qgx
  • Maven/io.netty:netty-codec-mqtt
 Netty MQTT: Resource exhaustion in MqttDecoder 6 days ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-7j59-v9qr-6fq9
  • Go/github.com/microsoft/kiota-http-go
  • Maven/com.microsoft.kiota:microsoft-kiota-abstractions
  • NuGet/Microsoft.Kiota.Abstractions
  • PyPI/microsoft-kiota-http
  • npm/kiota-typescript
 Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect 6 days ago
  • Fix available
  • Severity - 7.0 (High)
GHSA-f6hv-jmp6-3vwv
  • Maven/io.netty:netty-codec-http
  • Maven/io.netty:netty-codec-http2
 Netty: HttpContentDecompressor maxAllocation bypass when Content-Encoding set to br/zstd/snappy leads to decompression bomb DoS 6 days ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-rgrr-p7gp-5xj7
  • Maven/io.netty:netty-codec-redis
 Netty Redis Codec Encoder has a CRLF Injection Issue 6 days ago
  • Fix available
  • Severity - 6.8 (Medium)
Load more...