Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-6fhj-vr9j-g45r
  • Maven/org.cyclonedx:cyclonedx-core-java
 CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection yesterday
  • Fix available
  • Severity - 7.5 (High)
GHSA-fvfq-q238-j7j3
  • Maven/org.wso2.carbon.mediation:org.wso2.carbon.localentry
 WSO2 Carbon Mediation vulnerable to XML External Entity (XXE) attacks 6 days ago
  • No fix available
  • Severity - 6.5 (Medium)
GHSA-j2pc-v64r-mv4f
  • Maven/io.github.ascopes:protobuf-maven-plugin
 Protobuf Maven Plugin protocDigest is ignored when using protoc from PATH 04 Nov
  • Fix available
  • Severity - 1.0 (Low)
GHSA-xf7m-v66q-76w8
  • Maven/com.liferay:com.liferay.blogs.item.selector.web
 Liferay Portal and DXP do not check permissions of images in a blog entry 01 Nov
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-6533-fhr2-f38h
  • Maven/com.liferay:com.liferay.adaptive.media.web
  • Maven/com.liferay.portal:com.liferay.portal.impl
 Liferay Portal and DXP use an incorrect cache-control header 01 Nov
  • Fix available
  • Severity - 4.6 (Medium)
GHSA-q285-wfpg-93hr
  • Maven/com.liferay:com.liferay.dynamic.data.mapping.item.selector.web
 Liferay Portal and DXP affected by multiple cross-site scripting (XSS) vulnerabilities in web content template’s select structure page 31 Oct
  • Fix available
  • Severity - 4.6 (Medium)
GHSA-2j97-4jmq-c4xf
  • Maven/com.liferay.portal:release.portal.bom
 Liferay Portal Vulnerable to Reflected XSS via the selectedLanguageId Parameter 31 Oct
  • Fix available
  • Severity - 5.1 (Medium)
GHSA-56jv-4ww3-65mw
  • Maven/com.liferay.portal:release.portal.bom
 Liferay Portal is vulnerable to XSS in the Blogs widget 30 Oct
  • Fix available
  • Severity - 4.8 (Medium)
GHSA-f5vh-4rj2-w8r8
  • Maven/com.liferay.portal:release.portal.bom
 Liferay Portal is vulnerable to DNS rebinding attacks 30 Oct
  • Fix available
  • Severity - 5.1 (Medium)
GHSA-8hw3-ghwv-crfh
  • Maven/com.liferay.portal:release.portal.bom
 Liferay Portal vulnerable to password enumeration 30 Oct
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-hv42-crpx-q355
  • Maven/org.jenkins-ci.plugins:curseforge-publisher
 Jenkins Curseforge Publisher Plugin does not mask API Keys displayed on the job configuration form 29 Oct
  • No fix available
  • Severity - 4.3 (Medium)
GHSA-m244-6mff-p355
  • Maven/org.jenkins-ci.plugins:publish-to-bitbucket
 Jenkins Publish to Bitbucket Plugin vulnerable to CSRF and missing permissions check 29 Oct
  • No fix available
  • Severity - 5.4 (Medium)
GHSA-v549-7pm5-f8qr
  • Maven/org.jenkins-ci.plugins:publish-to-bitbucket
 Jenkins Publish to Bitbucket Plugin is missing a permissions check 29 Oct
  • No fix available
  • Severity - 4.3 (Medium)
GHSA-wpr5-rc2j-99p2
  • Maven/org.jenkins-ci.plugins:publish-to-bitbucket
 Jenkins Publish to Bitbucket Plugin is missing a permissions check 29 Oct
  • No fix available
  • Severity - 5.4 (Medium)
GHSA-23vj-j6jc-w892
  • Maven/org.jenkins-ci.plugins:curseforge-publisher
 Jenkins Curseforge Publisher Plugin stores API Keys unencrypted in job config.xml files 29 Oct
  • No fix available
  • Severity - 4.3 (Medium)
GHSA-2vmr-8c82-x8xq
  • Maven/io.jenkins.plugins:byteguard-build-actions
 Jenkins ByteGuard Build Actions Plugin stores API tokens unencrypted in job config.xml files 29 Oct
  • No fix available
  • Severity - 4.3 (Medium)
Load more...