Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-4773-3jfm-qmx3
  • Maven/org.springframework:spring-webflux
  • Maven/org.springframework:spring-webmvc
 Spring Framework Improper Path Limitation with Script View Templates yesterday
  • Fix available
  • Severity - 5.9 (Medium)
GHSA-6hcq-hmm3-jj3c
  • Maven/org.springframework:spring-webflux
  • Maven/org.springframework:spring-webmvc
 Spring MVC and WebFlux has Server Sent Event stream corruption yesterday
  • Fix available
  • Severity - 2.6 (Low)
GHSA-8hfc-fq58-r658
  • Maven/org.springframework.boot:spring-boot-starter-actuator
 Spring Boot has an Authentication Bypass under Actuator Health groups paths yesterday
  • Fix available
  • Severity - 8.2 (High)
GHSA-mf92-479x-3373
  • Maven/org.springframework.security:spring-security-web
 Spring Security HTTP Headers Are not Written Under Some Conditions yesterday
  • Fix available
  • Severity - 9.1 (Critical)
GHSA-mgvc-8q2h-5pgc
  • Maven/org.springframework.boot:spring-boot-starter-actuator
 Spring Boot has an Authentication Bypass under Actuator CloudFoundry endpoints yesterday
  • Fix available
  • Severity - 8.2 (High)
GHSA-p7m9-v2cm-2h7m
  • Maven/ca.uhn.hapi.fhir:org.hl7.fhir.convertors
  • Maven/ca.uhn.hapi.fhir:org.hl7.fhir.dstu2
  • Maven/ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may
  • Maven/ca.uhn.hapi.fhir:org.hl7.fhir.dstu3
  • Maven/ca.uhn.hapi.fhir:org.hl7.fhir.dstu3.support
  • ... 7 more
 HAPI FHIR HTTP authentication leak in redirects 2 days ago
  • Fix available
  • Severity - 9.8 (Critical)
GHSA-64hm-gfwq-jppw
  • Maven/io.qameta.allure:allure-generator
 Allure Report has an Arbitrary File Read via Path Traversal in Attachment Processing (Allure 1, Allure 2, and XCTest Readers) 2 days ago
  • Fix available
  • Severity - 8.6 (High)
GHSA-p9hg-wrmv-v8cp
  • Maven/org.jenkins-ci.plugins:loadninja
 Jenkins LoadNinja Plugin does not mask LoadNinja API keys displayed on the job configuration form 2 days ago
  • Fix available
  • Severity - 4.3 (Medium)
GHSA-phhv-63fh-rrc8
  • Maven/org.jenkins-ci.main:jenkins-core
 Jenkins has a DNS rebinding vulnerability in WebSocket CLI origin validation 2 days ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-qqjr-hf5h-jx3q
  • Maven/org.jenkins-ci.plugins:loadninja
 Jenkins LoadNinja Plugin stores LoadNinja API keys unencrypted in job config.xml files 2 days ago
  • Fix available
  • Severity - 4.3 (Medium)
GHSA-r6qv-frpc-q66c
  • Maven/org.jenkins-ci.main:jenkins-core
 Jenkins has a link following vulnerability allows arbitrary file creation 2 days ago
  • Fix available
  • Severity - 8.8 (High)
GHSA-c267-rfvc-mvpm
  • Maven/org.springframework.ai:spring-ai-mariadb-store
 SQL Injection in Spring AI MariaDBFilterExpressionConverter 3 days ago
  • Fix available
  • Severity - 8.8 (High)
GHSA-rp9g-qx29-88cp
  • Maven/org.springframework.ai:spring-ai-vector-store
 JSONPath Injection in Spring AI Vector Stores FilterExpressionConverter 3 days ago
  • Fix available
  • Severity - 8.6 (High)
GHSA-xv6h-r36f-3gp5
  • Maven/org.keycloak:keycloak-saml-adapter-core
  • Maven/org.keycloak:keycloak-saml-core
  • Maven/org.keycloak:keycloak-services
 Keycloak: Denial of Service due to excessive SAMLRequest decompression 3 days ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-wmxr-6j5f-838p
  • Maven/org.keycloak:keycloak-saml-adapter-core
  • Maven/org.keycloak:keycloak-saml-core
  • Maven/org.keycloak:keycloak-services
 Keycloak: Unauthorized access via improper validation of encrypted SAML assertions 3 days ago
  • No fix available
  • Severity - 7.7 (High)
GHSA-x4p7-7chp-64hq
  • Maven/org.keycloak:keycloak-server-spi-private
  • Maven/org.keycloak:keycloak-services
 Keycloak: Unauthorized authentication via disabled SAML Identity Provider 3 days ago
  • No fix available
  • Severity - 8.1 (High)
Load more...