Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-5rfx-cp42-p624
  • Maven/io.quarkus:quarkus-rest
 Quarkus REST has potential worker thread starvation when HTTP connection is closed while waiting to write 12 hours ago
  • Fix available
  • Severity - 5.9 (Medium)
GHSA-vrjc-q2fh-6x9h
  • Maven/io.spinnaker.clouddriver:clouddriver-artifacts
 Spinnaker vulnerable to SSRF due to improper restrictions on http from user input 2 days ago
  • Fix available
  • Severity - 7.9 (High)
GHSA-jqmr-2pg9-vfx7
  • Maven/org.apache.sis.core:sis-metadata
 Apache SIS has Improper Restriction of XML External Entity Reference vulnerability 2 days ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-cw39-r4h6-8j3x
  • Maven/org.msgpack:msgpack-core
 MessagePack for Java Vulnerable to Remote DoS via Malicious EXT Payload Allocation 2 days ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-7wwv-79xw-rvvg
  • Maven/com.vaadin:vaadin
  • Maven/com.vaadin:vaadin-server
  • Maven/com.vaadin:vaadin-spreadsheet-flow
 Vaadin vulnerable to Cross-site Scripting 2 days ago
  • Fix available
  • Severity - 4.8 (Medium)
GHSA-f8r6-6222-9pvc
  • Maven/org.apache.kyuubi:kyuubi-server_2.12
 Apache Kyuubi Server vulnerable to Path Traversal 2 days ago
  • Fix available
  • Severity - 8.8 (High)
GHSA-5r2g-vphf-m5xc
  • Maven/org.apache.streampipes:streampipes-parent
 Apache StreamPipes has Improper Privilege Management issue 6 days ago
  • Fix available
  • Severity - 4.9 (Medium)
GHSA-4hx9-48xh-5mxr
  • Maven/org.keycloak:keycloak-ldap-federation
 Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization 19 Dec 2025
  • Fix available
  • Severity - 5.5 (Medium)
GHSA-v4p2-2w39-mhrj
  • Maven/org.apache.nifi:nifi-asana-processors
 Apache NiFi GetAsanaObject Processor has Remote Code Execution via Unsafe Deserialization 19 Dec 2025
  • Fix available
  • Severity - 7.5 (High)
GHSA-gphj-4h6p-37xq
  • Maven/org.elasticsearch.plugin:x-pack-core
 Elasticsearch privileged authenticated users can cause DoS through Excessive Resource Allocation 19 Dec 2025
  • Fix available
  • Severity - 4.9 (Medium)
GHSA-qf7c-7r9h-mm92
  • Maven/org.elasticsearch.plugin:x-pack-security
 Elasticsearch has Excessive Allocation of Resources via Submission of Oversized User Settings Data 19 Dec 2025
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-vc5p-v9hr-52mj
  • Maven/org.apache.logging.log4j:log4j-core
 Apache Log4j does not verify the TLS hostname in its Socket Appender 18 Dec 2025
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-x44p-gvrj-pj2r
  • Maven/software.amazon.encryption.s3:amazon-s3-encryption-client-java
 Amazon S3 Encryption Client for Java has a Key Commitment Issue 18 Dec 2025
  • Fix available
  • Severity - 6.0 (Medium)
GHSA-3677-xxcr-wjqv
  • Maven/org.bitbucket.b_c:jose4j
 jose4j is vulnerable to DoS via compressed JWE content 17 Dec 2025
  • Fix available
  • Severity - 7.5 (High)
GHSA-6gvq-jcmp-8959
  • Go/github.com/altcha-org/altcha-lib-go
  • Hex/altcha
  • Maven/org.altcha:altcha
  • Packagist/altcha-org/altcha
  • PyPI/altcha
  • ... 2 more
 ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay 16 Dec 2025
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-84h7-rjj3-6jx4
  • Maven/io.netty:netty-codec-http
 Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder 15 Dec 2025
  • Fix available
  • Severity - 6.5 (Medium)
Load more...