Vulnerabilities

ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-pvp8-3xj6-8c6x
  • Maven/commons-configuration:commons-configuration
Apache Commons Configuration Uncontrolled Resource Consumption 3 days ago
  • No fix available
  • Severity - 2.7 (Low)
GHSA-889j-63jv-qhr8
  • Maven/org.eclipse.jetty.http2:jetty-http2-common
Eclipse Jetty HTTP/2 client can force the server to allocate a humongous byte buffer that may lead to OoM and subsequently the JVM to exit 3 days ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-q4rv-gq96-w7c5
  • Maven/org.eclipse.jetty:jetty-server
**UNSUPPORTED WHEN ASSIGNED** GzipHandler causes part of request body to be seen as request body of a separate request 3 days ago
  • Fix available
  • Severity - 7.2 (High)
GHSA-72qj-48g4-5xgx
  • Maven/rubygems:jruby-openssl
  • Maven/org.jruby:jruby
JRuby-OpenSSL has hostname verification disabled by default 4 days ago
  • Fix available
  • Severity - 5.7 (Medium)
GHSA-76vf-mpmx-777j
  • Maven/org.graylog2:graylog2-server
Graylog Allows Session Takeover via Insufficient HTML Sanitization 4 days ago
  • Fix available
  • Severity - 8.0 (High)
GHSA-q9q2-3ppx-mwqf
  • Maven/org.graylog2:graylog2-server
Graylog Allows Stored Cross-Site Scripting via Files Plugin and API Browser 4 days ago
  • Fix available
  • Severity - 7.3 (High)
GHSA-whxr-3p84-rf3c
  • Maven/org.apache.activemq:activemq-openwire-legacy
  • Maven/org.apache.activemq:activemq-client
Apache ActiveMQ: Unchecked buffer length can cause excessive memory allocation 5 days ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-f7jh-m6wp-jm7f
  • Maven/org.jboss.hal:hal-console
HAL Cross Site Scripting (XSS) vulnerability of user input when storing it in a data store 5 days ago
  • Fix available
  • Severity - 4.6 (Medium)
GHSA-p2f8-vq4r-gqg3
  • Maven/com.liferay:com.liferay.marketplace.app.manager.web
Liferay Portal Reflected XSS in marketplace-app-manager-web 5 days ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-53wx-pr6q-m3j5
  • Maven/org.apache.parquet:parquet-avro
Apache Parquet Java: Potential malicious code execution from trusted packages in the parquet-avro module when reading an Avro schema from a Parquet file metadata 6 days ago
  • Fix available
  • Severity - 7.1 (High)
GHSA-w7xj-pj5f-8pwh
  • Maven/com.baidu.mapp:brcc-core
BRCC Incorrect Access Control vulnerability 6 days ago
  • No fix available
  • Severity - 9.8 (Critical)
GHSA-h94w-8qhg-3xmc
  • Maven/org.wso2.am:am-distribution-parent
WSO2 API Manager XML External Entity (XXE) vulnerability 05 May
  • Fix available
  • Severity - 9.1 (Critical)
GHSA-5jfq-x6xp-7rw2
  • Maven/org.keycloak:keycloak-services
Keycloak vulnerable to two factor authentication bypass 30 Apr
  • Fix available
  • Severity - 5.4 (Medium)
GHSA-hw58-3793-42gg
  • Maven/org.keycloak:keycloak-services
Keycloak hostname verification 30 Apr
  • Fix available
  • Severity - 8.2 (High)
GHSA-8g2j-rhfh-hq3r
  • Maven/org.xwiki.contrib.markdown:syntax-markdown-commonmark12
org.xwiki.contrib.markdown:syntax-markdown-commonmark12 vulnerable to XSS via Markdown content 30 Apr
  • Fix available
  • Severity - 9.0 (Critical)
GHSA-f9c6-2f9p-82jj
  • Maven/org.xwiki.platform:xwiki-platform-security-authentication-ui
Any user with view access to the XWiki space can change the authenticator 30 Apr
  • Fix available
  • Severity - 8.4 (High)