Vulnerability Database
Blog
FAQ
Docs
Vulnerabilities
search
All ecosystems
313887
AlmaLinux
3768
Alpine
3721
Android
2907
Bitnami
5637
Chainguard
27653
CRAN
10
crates.io
1726
Debian
46846
GHC
3
GIT
29527
GitHub Actions
28
Go
4338
Hackage
23
Hex
37
Linux
13573
Mageia
5639
Maven
5600
MinimOS
1734
npm
27062
NuGet
1446
openSUSE
10080
OSS-Fuzz
3623
Packagist
4730
Pub
10
PyPI
15972
Red Hat
16355
Rocky Linux
1758
RubyGems
1685
SUSE
16444
SwiftURL
35
Ubuntu
46857
Wolfi
15060
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-794x-8x6x-qpfc
Maven/io.zipkin:zipkin-server
Zipkin Server vulnerable to Insecure Resource Initialization through its /heapdump endpoint
3 days ago
No fix available
Severity - 5.3 (Medium)
GHSA-m43g-m425-p68x
Maven/org.junit.platform:junit-platform-reporting
junit-platform-reporting can leak Git credentials through its OpenTestReportGeneratingListener
6 days ago
Fix available
Severity - 5.8 (Medium)
GHSA-3m86-c9x3-vwm9
Maven/org.graylog2:graylog2-server
Graylog vulnerable to privilege escalation through API tokens
30 Jun
Fix available
Severity - 8.8 (High)
GHSA-8gqp-hr9g-pg62
Maven/org.conductoross:conductor-core
Conductor vulnerable to OS command injection through unrestricted access to Java classes
30 Jun
Fix available
Severity - 9.8 (Critical)
GHSA-373j-mhpf-84wg
Maven/io.jans:jans-config-api-server
Janssen Config API returns results without scope verification
30 Jun
Fix available
Severity - 8.2 (High)
GHSA-358m-fq53-hp87
Maven/com.typesafe.akka:akka-cluster-metrics_3
Maven/com.typesafe.akka:akka-cluster-metrics_2.13
akka-cluster-metrics uses Java serialization for cluster metrics
29 Jun
No fix available
Severity - 6.0 (Medium)
GHSA-m964-fjrh-xxq2
Maven/org.apache.seata:seata-config-core
Apache Seata Vulnerable to Deserialization of Untrusted Data
28 Jun
Fix available
Severity - 9.8 (Critical)
GHSA-h46c-h94j-95f3
Maven/com.fasterxml.jackson.core:jackson-core
jackson-core can throw a StackoverflowError when processing deeply nested data
27 Jun
Fix available
Severity - 8.7 (High)
GHSA-cqm8-rg2p-jfcf
Maven/org.infinispan:infinispan-cli-client
Infinispan CLI vulnerable to Generation of Error Message Containing Sensitive Information
27 Jun
No fix available
Severity - 6.2 (Medium)
GHSA-h7qf-qmf3-85qg
Maven/io.qameta.allure.plugins:xunit-xml-plugin
Maven/io.qameta.allure.plugins:junit-xml-plugin
Maven/io.qameta.allure.plugins:trx-plugin
Allure Report allows Improper XXE Restriction via DocumentBuilderFactory
25 Jun
Fix available
Severity - 7.5 (High)
GHSA-9623-mj7j-p9v4
Maven/io.quarkus:quarkus-vertx
Quarkus potentially leaks data when duplicating a duplicated context
23 Jun
Fix available
Severity - 6.4 (Medium)
GHSA-7cjh-xx4r-qh3f
Maven/io.sentry:sentry-android
Maven/io.sentry:sentry-android-replay
sentry-android unmasked sensitive data in Android Session Replays for users of Jetpack Compose 1.8+
20 Jun
Fix available
Severity - 8.2 (High)
GHSA-5644-3vgq-2ph5
Maven/org.craftercms:crafter-studio
Crafter Studio Groovy Sandbox Bypass
19 Jun
Fix available
Severity - 7.3 (High)
GHSA-8qjw-9xgm-c9ff
Maven/com.powsybl:powsybl-iidm-criteria
Maven/com.powsybl:powsybl-contingency-api
PowSyBl Core Contains a Polynomial ReDoS in RegexCriterion
19 Jun
Fix available
Severity - 2.7 (Low)
GHSA-rqpx-f6rc-7hm5
Maven/com.powsybl:powsybl-commons
PowSyBl Core contains Polynomial REDoS’es
19 Jun
Fix available
Severity - 6.3 (Medium)
GHSA-f5cx-h789-j959
Maven/com.powsybl:powsybl-math
PowSyBl Core allows deserialization of untrusted SparseMatrix data
19 Jun
Fix available
Severity - 8.1 (High)
Load more...
Maven - OSV