Vulnerabilities

ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-794x-8x6x-qpfc
  • Maven/io.zipkin:zipkin-server
Zipkin Server vulnerable to Insecure Resource Initialization through its /heapdump endpoint 3 days ago
  • No fix available
  • Severity - 5.3 (Medium)
GHSA-m43g-m425-p68x
  • Maven/org.junit.platform:junit-platform-reporting
junit-platform-reporting can leak Git credentials through its OpenTestReportGeneratingListener 6 days ago
  • Fix available
  • Severity - 5.8 (Medium)
GHSA-3m86-c9x3-vwm9
  • Maven/org.graylog2:graylog2-server
Graylog vulnerable to privilege escalation through API tokens 30 Jun
  • Fix available
  • Severity - 8.8 (High)
GHSA-8gqp-hr9g-pg62
  • Maven/org.conductoross:conductor-core
Conductor vulnerable to OS command injection through unrestricted access to Java classes 30 Jun
  • Fix available
  • Severity - 9.8 (Critical)
GHSA-373j-mhpf-84wg
  • Maven/io.jans:jans-config-api-server
Janssen Config API returns results without scope verification 30 Jun
  • Fix available
  • Severity - 8.2 (High)
GHSA-358m-fq53-hp87
  • Maven/com.typesafe.akka:akka-cluster-metrics_3
  • Maven/com.typesafe.akka:akka-cluster-metrics_2.13
akka-cluster-metrics uses Java serialization for cluster metrics 29 Jun
  • No fix available
  • Severity - 6.0 (Medium)
GHSA-m964-fjrh-xxq2
  • Maven/org.apache.seata:seata-config-core
Apache Seata Vulnerable to Deserialization of Untrusted Data 28 Jun
  • Fix available
  • Severity - 9.8 (Critical)
GHSA-h46c-h94j-95f3
  • Maven/com.fasterxml.jackson.core:jackson-core
jackson-core can throw a StackoverflowError when processing deeply nested data 27 Jun
  • Fix available
  • Severity - 8.7 (High)
GHSA-cqm8-rg2p-jfcf
  • Maven/org.infinispan:infinispan-cli-client
Infinispan CLI vulnerable to Generation of Error Message Containing Sensitive Information 27 Jun
  • No fix available
  • Severity - 6.2 (Medium)
GHSA-h7qf-qmf3-85qg
  • Maven/io.qameta.allure.plugins:xunit-xml-plugin
  • Maven/io.qameta.allure.plugins:junit-xml-plugin
  • Maven/io.qameta.allure.plugins:trx-plugin
Allure Report allows Improper XXE Restriction via DocumentBuilderFactory 25 Jun
  • Fix available
  • Severity - 7.5 (High)
GHSA-9623-mj7j-p9v4
  • Maven/io.quarkus:quarkus-vertx
Quarkus potentially leaks data when duplicating a duplicated context 23 Jun
  • Fix available
  • Severity - 6.4 (Medium)
GHSA-7cjh-xx4r-qh3f
  • Maven/io.sentry:sentry-android
  • Maven/io.sentry:sentry-android-replay
sentry-android unmasked sensitive data in Android Session Replays for users of Jetpack Compose 1.8+ 20 Jun
  • Fix available
  • Severity - 8.2 (High)
GHSA-5644-3vgq-2ph5
  • Maven/org.craftercms:crafter-studio
Crafter Studio Groovy Sandbox Bypass 19 Jun
  • Fix available
  • Severity - 7.3 (High)
GHSA-8qjw-9xgm-c9ff
  • Maven/com.powsybl:powsybl-iidm-criteria
  • Maven/com.powsybl:powsybl-contingency-api
PowSyBl Core Contains a Polynomial ReDoS in RegexCriterion 19 Jun
  • Fix available
  • Severity - 2.7 (Low)
GHSA-rqpx-f6rc-7hm5
  • Maven/com.powsybl:powsybl-commons
PowSyBl Core contains Polynomial REDoS’es 19 Jun
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-f5cx-h789-j959
  • Maven/com.powsybl:powsybl-math
PowSyBl Core allows deserialization of untrusted SparseMatrix data 19 Jun
  • Fix available
  • Severity - 8.1 (High)