OSV - Open Source Vulnerabilities

GHSA-j288-q9x7-2f5v

Maven/org.apache.commons:commons-lang3
Maven/commons-lang:commons-lang

Apache Commons Lang is vulnerable to Uncontrolled Recursion when processing long inputs

2 days ago

Fix available
Severity - 6.5 (Medium)

GHSA-xwmg-2g98-w7v9

Maven/com.nimbusds:nimbus-jose-jwt

Nimbus JOSE + JWT is vulnerable to DoS attacks when processing deeply nested JSON

2 days ago

Fix available
Severity - 5.8 (Medium)

GHSA-25xr-qj8w-c4vf

Maven/org.apache.tomcat:tomcat-coyote

Apache Tomcat Coyote vulnerable to Denial of Service via excessive HTTP/2 streams

3 days ago

Fix available
Severity - 6.3 (Medium)

GHSA-4j3c-42xv-3f84

Maven/org.apache.tomcat:tomcat-util

Apache Tomcat Utilities is vulnerable to resource exhaustion when using the APR/Native connector

3 days ago

Fix available
Severity - 6.3 (Medium)

GHSA-wr62-c79q-cv37

Maven/org.apache.tomcat:tomcat-catalina

Apache Tomcat Catalina is vulnerable to DoS attack through bypassing of size limits

3 days ago

Fix available
Severity - 6.3 (Medium)

GHSA-gj52-35xm-gxjh

Maven/org.keycloak:keycloak-services

Keycloak vulnerable to phishing attacks through its Review Profile section

3 days ago

Fix available
Severity - 5.4 (Medium)

GHSA-23j7-px3w-jwp2

Maven/io.jenkins.plugins:xooa

Jenkins Xooa Plugin vulnerability does not mask its Xooa Deployment Token

4 days ago

No fix available
Severity - 4.3 (Medium)

GHSA-2g8w-9933-36vr

Maven/org.jenkins-ci.plugins:warrior

Jenkins Warrior Framework Plugin vulnerability exposes unencrypted passwords to certain authenticated users

4 days ago

No fix available
Severity - 4.3 (Medium)

GHSA-56h7-r62c-83qp

Maven/io.jenkins.plugins:xooa

Jenkins Xooa Plugin vulnerability exposes unencrypted tokens to authenticated users

4 days ago

No fix available
Severity - 4.3 (Medium)

GHSA-8gp3-m447-gw2v

Maven/org.jenkins-ci.plugins:vaddy-plugin

Jenkins VAddy Plugin vulnerability exposes plaintext keys on its job configuration form

4 days ago

No fix available
Severity - 4.3 (Medium)

GHSA-jmrv-rxgr-phvr

Maven/org.jenkins-ci.plugins:applitools-eyes

Jenkins Applitools Eyes Plugin vulnerability does not mask API keys on its job configuration form

4 days ago

No fix available
Severity - 4.3 (Medium)

GHSA-q92v-3f4w-5xg8

Maven/org.jenkins-ci.plugins:pplitools-eyes

Jenkins Applitools Eyes Plugin vulnerability exposes unencrypted keys to certain authenticated users

4 days ago

No fix available
Severity - 4.3 (Medium)

GHSA-w4xv-mj6v-p4g2

Maven/io.jenkins.plugins:user1st-utester

Jenkins User1st uTester Plugin vulnerability exposes unencrypted token to authenticated users

4 days ago

No fix available
Severity - 3.3 (Low)

GHSA-26x3-7jw5-7mg4

Maven/org.jenkins.plugins.statistics.gatherer:statistics-gatherer

Jenkins Statistics Gatherer Plugin does not mask AWS Secret Key

4 days ago

No fix available
Severity - 4.3 (Medium)

GHSA-28j3-hphh-cjr8

Maven/com.apica:ApicaLoadtest

Jenkins Apica Loadtest Plugin vulnerability exposes authentication tokens

4 days ago

No fix available
Severity - 4.3 (Medium)

GHSA-45hr-8gq6-7f7f

Maven/org.jenkins-ci.plugins:nouvola-divecloud

Jenkins Nouvola DiveCloud Plugin vulnerability stores unencrypted credentials

4 days ago

No fix available
Severity - 4.3 (Medium)