Vulnerability Library

ID
Packages
Summary
Affected versions
Last modified
Fix
GHSA-7xgj-j9hp-c692
  • Maven/org.jenkins-ci.plugins:wso2id-oauth
Jenkins WSO2 Oauth Plugin cross-site request forgery vulnerability
  • 1.0
2023-05-30T15:59:08.306801Z No fix available
GHSA-rq2w-37h9-vg94
  • Maven/org.apache.tomcat:tomcat
  • Maven/org.apache.tomcat:tomcat
  • Maven/org.apache.tomcat:tomcat
Apache Tomcat improperly escapes input from JsonErrorReportValve
  • 8.5.83
  • 9.0.40
  • 9.0.41
  • 9.0.43
  • 9.0.44
  • 9.0.45
  • 9.0.46
  • ...
2023-05-30T07:12:23.755711Z Fix available
GHSA-h79m-5cm2-278c
  • Maven/org.apache.inlong:manager-dao
  • Maven/org.apache.inlong:manager-pojo
  • Maven/org.apache.inlong:manager-service
  • Maven/org.apache.inlong:manager-web
User data exposure in Apache InLong
  • 1.5.0
  • 1.6.0
  • 1.5.0
  • 1.6.0
  • 1.5.0
  • 1.6.0
  • 1.5.0
  • ...
2023-05-30T07:04:29.611476Z Fix available
GHSA-p22x-g9px-3945
  • Maven/org.apache.tomcat:tomcat
  • Maven/org.apache.tomcat:tomcat
  • Maven/org.apache.tomcat:tomcat
  • Maven/org.apache.tomcat:tomcat
Apache Tomcat may reject request containing invalid Content-Length header
  • 8.5.0
  • 8.5.11
  • 8.5.12
  • 8.5.13
  • 8.5.14
  • 8.5.15
  • 8.5.16
  • ...
2023-05-30T07:04:03.540697Z Fix available
GHSA-hfrx-6qgj-fp6c
  • Maven/commons-fileupload:commons-fileupload
Apache Commons FileUpload denial of service vulnerability
  • 1.0
  • 1.0-beta-1
  • 1.0-rc1
  • 1.1
  • 1.1.1
  • 1.2
  • 1.2.1
  • ...
2023-05-30T06:50:57.612080Z Fix available
GHSA-gw42-f939-fhvm
  • Maven/org.igniterealtime.openfire:xmppserver
  • Maven/org.igniterealtime.openfire:xmppserver
Administration Console authentication bypass in openfire xmppserver
  • 4.2.0
2023-05-29T16:19:46.876339Z Fix available
GHSA-xf96-w227-r7c4
  • Maven/org.springframework.boot:spring-boot-autoconfigure
  • Maven/org.springframework.boot:spring-boot-autoconfigure
  • Maven/org.springframework.boot:spring-boot-autoconfigure
  • Maven/org.springframework.boot:spring-boot-autoconfigure
Spring Boot Welcome Page Denial of Service
  • 3.0.0
  • 3.0.1
  • 3.0.2
  • 3.0.3
  • 3.0.4
  • 3.0.5
  • 3.0.6
  • ...
2023-05-26T22:19:11.350118Z Fix available
GHSA-qw69-rqj8-6qw8
  • Maven/org.eclipse.jetty:jetty-server
  • Maven/org.eclipse.jetty:jetty-server
  • Maven/org.eclipse.jetty:jetty-server
OutOfMemoryError for large multipart without filename in Eclipse Jetty
  • 7.0.0.M0
  • 7.0.0.M1
  • 7.0.0.M2
  • 7.0.0.M3
  • 7.0.0.M4
  • 7.0.0.RC0
  • 7.0.0.RC1
  • ...
2023-05-26T22:05:33.642814Z Fix available
GHSA-x873-6rgc-94jc
  • Maven/org.springframework.security:spring-security-core
  • Maven/org.springframework.security:spring-security-core
  • Maven/org.springframework.security:spring-security-core
Spring Security logout not clearing security context
  • 5.7.0
  • 5.7.1
  • 5.7.2
  • 5.7.3
  • 5.7.4
  • 5.7.5
  • 5.7.6
  • ...
2023-05-26T22:05:13.214873Z Fix available
GHSA-p26g-97m4-6q7c
  • Maven/org.eclipse.jetty:jetty-server
  • Maven/org.eclipse.jetty:jetty-server
  • Maven/org.eclipse.jetty:jetty-server
  • Maven/org.eclipse.jetty:jetty-server
Eclipse Jetty's cookie parsing of quoted values can exfiltrate values from other cookies
  • 7.0.0.M0
  • 7.0.0.M1
  • 7.0.0.M2
  • 7.0.0.M3
  • 7.0.0.M4
  • 7.0.0.RC0
  • 7.0.0.RC1
  • ...
2023-05-26T22:04:46.442641Z Fix available
GHSA-c892-cwq6-qrqf
  • Maven/org.keycloak:keycloak-core
Keycloak vulnerable to untrusted certificate validation
  • 1.0-alpha-1
  • 1.0-alpha-1-12062013
  • 1.0-alpha-2
  • 1.0-alpha-3
  • 1.0-alpha-4
  • 1.0-beta-1
  • 1.0-beta-1-20150521
  • ...
2023-05-26T21:34:07.094405Z No fix available
GHSA-9mmj-64jh-ph9c
  • Maven/com.xuxueli:xxl-job
Privilege escalation in XXL-Job
  • 1.4.1
  • 1.4.2
  • 1.5.0
  • 1.5.1
  • 1.5.2
  • 1.6.0
  • 1.6.1
  • ...
2023-05-26T21:19:10.237509Z No fix available
GHSA-rv6g-3v76-cvf9
  • Maven/org.jenkins-ci.plugins:azure-vm-agents
Jenkins Azure VM Agents Plugin missing permission checks
  • 0.4.0
  • 0.4.1
  • 0.4.2
  • 0.4.3
  • 0.4.4
  • 0.4.5
  • 0.4.5.1
  • ...
2023-05-26T18:05:17.508077Z Fix available
GHSA-5gj6-62g7-vmgf
  • Maven/com.hazelcast:hazelcast
Hazelcast vulnerable to unmasked password exposure
  • 1.5
  • 1.5.1
  • 1.5.2
  • 1.5.3
  • 1.6
  • 1.6-RC1
  • 1.7
  • ...
2023-05-26T18:04:59.003331Z Fix available
GHSA-6v6h-rw43-97fh
  • Maven/io.jenkins.plugins:miniorange-saml-sp
Jenkins SAML Single Sign On(SSO) Plugin missing hostname validation
  • 1.0.1
  • 1.0.10
  • 1.0.11
  • 1.0.14
  • 1.0.15
  • 1.0.16
  • 1.0.18
  • ...
2023-05-26T18:04:41.316396Z Fix available
GHSA-3xf9-pgc2-mr9c
  • Maven/io.jenkins.plugins:miniorange-saml-sp
Jenkins SAML Single Sign On(SSO) Plugin missing permission checks
  • 1.0.1
  • 1.0.10
  • 1.0.11
  • 1.0.14
  • 1.0.15
  • 1.0.16
  • 1.0.18
  • ...
2023-05-26T18:04:24.736109Z Fix available