Vulnerability Database
Blog
FAQ
Vulnerability Library
search
All ecosystems
43993
Alpine
3151
Android
582
crates.io
1104
Debian
9120
GitHub Actions
8
Go
1323
Hex
21
Linux
13573
Maven
3332
npm
2869
NuGet
262
OSS-Fuzz
2742
Packagist
1434
Pub
4
PyPI
3840
RubyGems
628
ID
Packages
Summary
Affected versions
Last modified
Fix
GHSA-wg4w-5m5r-w3p8
Maven/org.openapitools:openapi-generator-project
OpenAPI Generator vulnerable to Server-Side Request Forgery
3.0.0
3.0.1
3.0.2
3.0.3
3.1.0
3.1.1
3.1.2
...
2023-03-31T23:15:30.132700Z
No fix available
GHSA-h855-6hph-v363
Maven/cn.hippo4j:hippo4j-all
Hippo4j allows attacker to obtain sensitive info via ConfigVerifyController function of Tenant Management module
0.0.1
0.9.0
1.0.0
1.0.0-RC1
1.0.0-RC2
1.0.0-RC3
1.0.0-alpha
...
2023-03-31T23:06:14.098133Z
No fix available
GHSA-5x5q-8cgm-2hjq
Maven/com.intuit.karate:karate-core
Karate has vulnerable dependency on json-smart package (CVE-2023-1370)
1.3.1
2023-03-31T22:44:09Z
No fix available
GHSA-gpqq-59rp-3c3w
Maven/org.apache.inlong:inlong-manager
Apache InLong vulnerable to JDBC Deserialization of Untrusted Data
1.1.0-incubating
1.2.0-incubating
1.3.0
1.4.0
1.5.0
2023-03-31T16:16:15.574352Z
Fix available
GHSA-6wxg-wh7f-rqpr
Maven/org.neo4j.procedure:apoc-core
Maven/org.neo4j.procedure:apoc-core
XML External Entity (XXE) vulnerability in apoc.import.graphml
5.0.0
5.1.0
5.2.0
5.2.1
5.3.0
5.4.0
5.4.1
2023-03-31T16:16:03.332247Z
Fix available
GHSA-fg2v-w576-w4v3
Maven/net.minidev:json-smart
Maven/net.minidev:json-smart
Out of bounds read in json-smart
1.3
1.3.1
1.3.2
2.4.1
2.4.2
2023-03-31T16:15:48.743128Z
Fix available
GHSA-9wx7-jrvc-28mm
PyPI/starkbank-ecdsa
Maven/com.starkbank:ecdsa-java
NuGet/starkbank-ecdsa
npm/starkbank-ecdsa
Signature verification vulnerability in Stark Bank ecdsa libraries
0.1
0.1.1
0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
...
2023-03-31T16:02:14.827308Z
Fix available
GHSA-jjjh-jjxp-wpff
Maven/com.fasterxml.jackson.core:jackson-databind
Maven/com.fasterxml.jackson.core:jackson-databind
Uncontrolled Resource Consumption in Jackson-databind
2.10.0
2.10.0.pr1
2.10.0.pr2
2.10.0.pr3
2.10.1
2.10.2
2.10.3
...
2023-03-31T15:02:46.106250Z
Fix available
GHSA-9vx8-f5c4-862x
Maven/org.neo4j.procedure:apoc
Maven/org.neo4j.procedure:apoc
XML External Entity (XXE) vulnerability in apoc.import.graphml
1.0.0
1.0.0-RC1
1.1.0
3.0.4.1
3.0.4.2
3.0.8.4
3.0.8.5
...
2023-03-31T14:39:07.353701Z
Fix available
GHSA-7rjp-fgwj-47rw
Maven/org.apache.shenyu:shenyu-common
Missing authentication in ShenYu
2.4.0
2.4.1
2023-03-31T00:29:37.148190Z
Fix available
GHSA-73rx-3f9r-x949
Maven/org.apache.tomcat:tomcat
Maven/org.apache.tomcat:tomcat
Maven/org.apache.tomcat:tomcat
Maven/org.apache.tomcat:tomcat
Insufficient Verification of Data Authenticity in Apache Tomcat
9.0.0.M1
9.0.0.M10
9.0.0.M11
9.0.0.M13
9.0.0.M15
9.0.0.M17
9.0.0.M18
...
2023-03-30T23:33:11.254229Z
Fix available
GHSA-34m5-796p-mjcp
Maven/org.apache.uima:uima-ducc-parent
Apache UIMA DUCC allows remote code execution
1.0.0
1.1.0
2.0.0
2.0.1
2.1.0
2.2.0
2.2.1
...
2023-03-30T22:06:18.285204Z
No fix available
GHSA-m4fv-gm5m-4725
Maven/org.keycloak:keycloak-services
HTML Injection in Keycloak Admin REST API
1.0-alpha-1
1.0-alpha-1-12062013
1.0-alpha-2
1.0-alpha-3
1.0-alpha-4
1.0-beta-1
1.0-beta-1-20150521
...
2023-03-30T13:31:49.792237Z
Fix available
GHSA-cf8q-j9h3-7237
Maven/org.codehaus.mevenide:netbeans
Improper Verification of Cryptographic Signature in Apache Netbeans
1.2
1.3
1.4
3.0.10
3.0.12
3.0.9
3.1.1
...
2023-03-30T05:37:16.534827Z
No fix available
GHSA-j7xg-5549-jr3j
Maven/org.zaproxy:zap
Improper Certificate Validation in OWASP ZAP
2.10.0
2.11.0
2.11.1
2.5.0
2.6.0
2.7.0
2.8.0
...
2023-03-30T05:36:00.019870Z
No fix available
GHSA-8xjp-rp29-v5j8
Maven/ru.yandex.jenkins.plugins.debuilder:debian-package-builder
Agent-to-controller security bypass in Jenkins Debian Package Builder Plugin
1.2
1.3
1.4
1.4.1
1.4.2
1.5.1
1.5.2
...
2023-03-30T05:35:26.743892Z
No fix available
Load more...
Maven - OSV