Vulnerability Library

ID
Packages
Summary
Affected versions
Last modified
Fix
GHSA-r3qr-vwvg-43f7
  • Maven/org.opencastproject:opencast-common
Authenticated OpenRedirect Vulnerability
  • 10.0
  • 10.1
  • 10.10
  • 10.11
  • 10.12
  • 10.2
  • 10.3
  • ...
2022-12-03T04:31:50.962425Z Fix available
GHSA-rmcx-fg5w-x8j9
  • Maven/io.fusionauth:fusionauth-java-client
FusionAuth vulnerable to directory traversal attack
  • 1.37.0
  • 1.38.0
  • 1.39.0
  • 1.40.1
  • 1.41.0
2022-12-03T04:31:44.144497Z Fix available
GHSA-339q-62wm-c39w
  • Maven/io.undertow:undertow-core
Undertow vulnerable to Denial of Service (DoS) attacks
  • 1.0.0.Alpha1
  • 1.0.0.Alpha10
  • 1.0.0.Alpha11
  • 1.0.0.Alpha12
  • 1.0.0.Alpha13
  • 1.0.0.Alpha14
  • 1.0.0.Alpha15
  • ...
2022-12-03T04:30:38.170798Z Fix available
GHSA-rr2m-gffv-mgrj
  • Maven/org.apache.hadoop:hadoop-yarn-server
  • Maven/org.apache.hadoop:hadoop-yarn-server
  • Maven/org.apache.hadoop:hadoop-yarn-server
Deserialization of Untrusted Data in Apache Hadoop YARN
  • 0.23.1
  • 0.23.10
  • 0.23.11
  • 0.23.3
  • 0.23.4
  • 0.23.5
  • 0.23.6
  • ...
2022-12-03T04:30:17.774837Z Fix available
GHSA-wp4h-pvgw-5727
  • Maven/org.apache.struts:struts2-core
Improperly Controlled Modification of Dynamically-Determined Object Attributes in Apache Struts
  • 2.0.11
  • 2.0.11.1
  • 2.0.11.2
  • 2.0.12
  • 2.0.14
  • 2.0.5
  • 2.0.6
  • ...
2022-12-03T04:21:48.544048Z Fix available
GHSA-c566-2grg-mjwg
  • Maven/org.apache.tapestry:tapestry-project
Serialization vulnerability in Apache Tapestry
  • 4.1
  • 4.1.1
  • 4.1.2
  • 4.1.3
  • 4.1.5
  • 4.1.6
2022-12-03T04:21:21.847630Z Fix available
GHSA-q2hm-2h45-v5g3
  • Maven/org.xwiki.platform:xwiki-platform-security-authentication-default
  • Maven/org.xwiki.platform:xwiki-platform-security-authentication-default
Plaintext storage of password after a reset in org.xwiki.platform:xwiki-platform-security-authentication-default
  • See details.
2022-12-03T04:09:18Z Fix available
GHSA-8p36-q63g-68qh
  • Maven/org.mitre:openid-connect-parent
Autobinding vulnerability in MITREid Connect
  • 0.9.0
  • 0.9.1
  • 0.9.2
  • 0.9.3
  • 1.0.0
  • 1.0.1
  • 1.0.10
  • ...
2022-12-03T03:53:18.275450Z No fix available
GHSA-jvc3-wjf6-7c6c
  • Maven/org.apache.dolphinscheduler:dolphinscheduler-common
Apache Dolphin Scheduler has insufficiently protected credentials
  • 1.2.0
  • 1.2.1
  • 1.3.0
  • 1.3.1
  • 1.3.2
  • 1.3.3
  • 1.3.4
  • ...
2022-12-02T22:52:48.208384Z Fix available
GHSA-rc2q-x9mf-w3vf
  • Maven/org.testng:testng
TestNG is vulnerable to Path Traversal
  • 4.4.7
  • 4.6.1
  • 4.7
  • 5.0
  • 5.0.1
  • 5.0.2
  • 5.1
  • ...
2022-12-02T22:38:38.106906Z No fix available
GHSA-96vh-4rfp-c42c
  • Maven/com.github.samtools:htsjdk
HTSJDK is vulnerable to exposure of resource(s) to the wrong sphere
  • 1.128
  • 1.129
  • 1.130
  • 1.131
  • 1.132
  • 1.133
  • 1.134
  • ...
2022-12-02T22:23:10.554086Z Fix available
GHSA-455j-8hg5-8576
  • Maven/com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger
Stored Cross-site Scripting vulnerability in Jenkins Gerrit Trigger Plugin
  • 2.0
  • 2.1.0
  • 2.2.0
2022-12-02T21:38:10.364752Z Fix available
GHSA-g56w-cwg4-hxx9
  • Maven/io.quarkus:quarkus-parent
  • Maven/io.quarkus:quarkus-parent
Code injection in quarkus dev ui config editor
  • 2.14.0.Final
  • 2.14.1.Final
  • 0.11.0
  • 0.12.0
  • 0.13.0
  • 0.13.1
  • 0.13.2
  • ...
2022-12-02T21:37:04.084340Z Fix available
GHSA-hh6f-6fp5-gfpv
  • Maven/org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
  • Maven/org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
Untrusted users can modify some Pipeline libraries in Jenkins Pipeline: Deprecated Groovy Libraries Plugin
  • See details.
2022-12-02T21:35:05Z Fix available
GHSA-gp7c-xmmm-7pqr
  • Maven/org.jenkins-ci.plugins:extended-choice-parameter
Stored Cross-site Scripting vulnerabilities in Jenkins Extended Choice Parameter Plugin
  • See details.
2022-12-02T21:29:59Z No fix available
GHSA-m3p3-2gp6-ghq8
  • Maven/org.jenkins-ci.plugins:jira
  • Maven/org.jenkins-ci.plugins:jira
Stored Cross-site Scripting vulnerability in Jenkins Jira Plugin
  • See details.
2022-12-02T21:26:56Z Fix available