Vulnerability Library

ID
Packages
Summary
Affected versions
Published
Fix
GHSA-hfg7-j82c-fr3w
  • Maven/org.soot-oss:soot
Soot Infinite Loop vulnerability
  • 4.1.0
  • 4.2.0
  • 4.2.1
  • 4.3.0
  • 4.4.0
2024-05-24T20:09:40Z Fix available
GHSA-w8cp-frxc-55pj
  • Maven/tech.kwik:kwik
Kwik does not discard unused encryption keys
  • See details.
2024-05-24T19:00:28Z Fix available
GHSA-cw5r-jx8r-9f7x
  • Maven/org.jenkins-ci.plugins:report-info
Jenkins Report Info Plugin Path Traversal vulnerability
  • 1.0
  • 1.1
  • 1.2
2024-05-24T18:52:08Z No fix available
GHSA-hjfc-6jxr-j2rx
  • Maven/org.eclipse.ditto:ditto
Eclipse Ditto vulnerable to Cross-site Scripting
  • 3.0.0
  • 3.1.0
  • 3.1.0-M1
  • 3.1.1
  • 3.1.2
  • 3.2.0
  • 3.2.1
  • ...
2024-05-23T12:31:02Z Fix available
GHSA-9rrw-82r2-623p
  • Maven/org.silverpeas:silverpeas-core
Silverpeas Core vulnerable to Cross Site Scripting
  • See details.
2024-05-22T18:30:40Z No fix available
GHSA-qxqf-2mfx-x8jw
  • Maven/org.verapdf:core
  • Maven/org.verapdf:core-jakarta
  • Maven/org.verapdf:core-arlington
  • Maven/org.verapdf:library-arlington
  • Maven/org.verapdf:library
  • Maven/org.verapdf:library-jakarta
veraPDF has potential XSLT injection vulnerability when using policy files
  • 1.10.1
  • 1.10.2
  • 1.10.3
  • 1.12.1
  • 1.14.1-RC
  • 1.14.100
  • 1.14.101
  • ...
2024-05-20T14:57:07Z Fix available
GHSA-76v2-48w6-crxr
  • Maven/org.bonitasoft.engine:bonita-server
Bonitasoft Runtime Community edition's contains an insecure direct object references vulnerability
  • 6.1.0
  • 6.1.1
  • 6.1.2
  • 6.2.0
  • 6.2.1
  • 6.2.2
  • 6.2.3
  • ...
2024-05-15T18:30:35Z Fix available
GHSA-x3wm-hffr-chwm
  • Maven/com.amazon.redshift:redshift-jdbc42
Amazon JDBC Driver for Redshift SQL Injection via line comment generation
  • 2.0.0.3
  • 2.0.0.4
  • 2.0.0.5
  • 2.0.0.6
  • 2.0.0.7
  • 2.1.0.1
  • 2.1.0.10
  • ...
2024-05-15T17:10:49Z Fix available
GHSA-g95v-3pj6-j433
  • Maven/io.antmedia:ant-media-server
Ant Media Server does not properly authorize non-administrative API calls
  • 1.2.0
  • 1.2.2
  • 1.2.3
  • 1.2.4
  • 1.2.5
  • 1.2.6
  • 1.3.0
  • ...
2024-05-14T18:30:52Z No fix available
GHSA-338x-hfx8-vx9x
  • Maven/org.apache.karaf:cave
Apache Karaf Cave: Cave SSRF and arbitrary file access
  • 2.3.0
  • 3.0.0
  • 4.0.0
  • 4.1.0
  • 4.1.1
  • 4.1.2
2024-05-14T18:30:50Z No fix available
GHSA-8xfc-gm6g-vgpv
  • Maven/org.bouncycastle:bcprov-jdk18on
  • Maven/org.bouncycastle:bcprov-jdk15on
  • Maven/org.bouncycastle:bcprov-jdk15to18
  • Maven/org.bouncycastle:bcprov-jdk14
  • Maven/org.bouncycastle:bctls-jdk18on
  • Maven/org.bouncycastle:bctls-jdk14
  • Maven/org.bouncycastle:bctls-jdk15to18
  • Maven/org.bouncycastle:bcpkix-jdk18on
  • Maven/org.bouncycastle:bcpkix-jdk15to18
  • Maven/org.bouncycastle:bcpkix-jdk14
  • Maven/org.bouncycastle:bc-fips
  • NuGet/BouncyCastle
  • NuGet/BouncyCastle.Cryptography
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.
  • 1.71
  • 1.71.1
  • 1.72
  • 1.73
  • 1.74
  • 1.75
  • 1.76
  • ...
2024-05-14T15:32:54Z Fix available
GHSA-m44j-cfrm-g8qc
  • Maven/org.bouncycastle:bcprov-jdk18on
  • Maven/org.bouncycastle:bcprov-jdk15on
  • Maven/org.bouncycastle:bcprov-jdk15to18
  • Maven/org.bouncycastle:bcprov-jdk14
  • Maven/org.bouncycastle:bctls-jdk18on
  • Maven/org.bouncycastle:bctls-jdk14
  • Maven/org.bouncycastle:bctls-jdk15to18
  • Maven/org.bouncycastle:bcpkix-jdk18on
  • Maven/org.bouncycastle:bcpkix-jdk15to18
  • Maven/org.bouncycastle:bcpkix-jdk14
  • NuGet/BouncyCastle
  • NuGet/BouncyCastle.Cryptography
Bouncy Castle crafted signature and public key can be used to trigger an infinite loop
  • 1.71
  • 1.71.1
  • 1.72
  • 1.73
  • 1.74
  • 1.75
  • 1.76
  • ...
2024-05-14T15:32:54Z Fix available
GHSA-v435-xc8x-wvr9
  • Maven/org.bouncycastle:bctls-fips
  • Maven/org.bouncycastle:bcprov-jdk18on
  • Maven/org.bouncycastle:bcprov-jdk15on
  • Maven/org.bouncycastle:bcprov-jdk15to18
  • Maven/org.bouncycastle:bcprov-jdk14
  • Maven/org.bouncycastle:bctls-jdk18on
  • Maven/org.bouncycastle:bctls-jdk14
  • Maven/org.bouncycastle:bctls-jdk15to18
  • NuGet/BouncyCastle
  • NuGet/BouncyCastle.Cryptography
  • Maven/org.bouncycastle:bcpkix-jdk18on
  • Maven/org.bouncycastle:bcpkix-jdk15to18
  • Maven/org.bouncycastle:bcpkix-jdk14
Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")
  • 1.0.0
  • 1.0.1
  • 1.0.10
  • 1.0.10.1
  • 1.0.10.2
  • 1.0.10.3
  • 1.0.11
  • ...
2024-05-14T15:32:54Z Fix available
GHSA-wpcv-5jgp-69f3
  • Maven/com.netflix.genie:genie-web
Genie Path Traversal vulnerability via File Uploads
  • 0.20
  • 0.21
  • 0.22
  • 0.23
  • 0.24
  • 1.0.0
  • 1.0.1
  • ...
2024-05-09T21:35:23Z Fix available
GHSA-fgh3-pwmp-3qw3
  • Maven/org.apache.inlong:manager-pojo
Apache Inlong Deserialization of Untrusted Data vulnerability
  • 1.10.0
  • 1.11.0
  • 1.7.0
  • 1.8.0
  • 1.9.0
2024-05-08T15:30:42Z Fix available
GHSA-p343-9qwp-pqxv
  • Maven/org.neo4j:neo4j-cypher
Neo4j Cypher component mishandles IMMUTABLE privileges
  • 1.4
  • 1.4.1
  • 1.4.2
  • 1.4.M04
  • 1.4.M05
  • 1.4.M06
  • 1.5
  • ...
2024-05-07T18:30:34Z Fix available