Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
MAL-2025-191470
  • Maven/org.mvnpm:posthog-node
 Malicious code in org.mvnpm:posthog-node (Maven) 1 hour ago
  • No fix available
GHSA-g9gq-3pfx-2gw2
  • Maven/com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer
 OWASP Java HTML Sanitizer is vulnerable to XSS via noscript tag and improper style tag sanitization 8 hours ago
  • No fix available
  • Severity - 8.6 (High)
GHSA-fjf5-xgmq-5525
  • Maven/org.geoserver.web:gs-web-app
  • Maven/org.geoserver:gs-wms
 GeoServer is vulnerable to Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature 11 hours ago
  • Fix available
  • Severity - 8.2 (High)
GHSA-w66h-j855-qr72
  • Maven/org.geoserver.web:gs-web-app
  • Maven/org.geoserver:gs-wms
 GeoServer has a Reflected Cross-Site Scripting (XSS) vulnerability in its WMS GetFeatureInfo HTML format 11 hours ago
  • Fix available
  • Severity - 6.1 (Medium)
GHSA-jqg8-m35q-jh7j
  • Maven/org.apache.syncope:syncope-core
 Apache Syncope's AES encryption stores hard-coded passwords in internal database yesterday
  • Fix available
  • Severity - 7.5 (High)
GHSA-cv3m-hxpc-4hvm
  • Maven/cn.dreampie:resty
 Resty has a Path Traversal vulnerability 5 days ago
  • No fix available
  • Severity - 2.9 (Low)
GHSA-wq4c-57mh-5f7g
  • Maven/org.apache.causeway.commons:causeway-commons
  • Maven/org.apache.causeway.core:causeway-applib
  • Maven/org.apache.causeway.core:causeway-core
  • Maven/org.apache.causeway.viewer:causeway-viewer-wicket
 Apache Causeway vulnerable to deserialization in Java 6 days ago
  • Fix available
  • Severity - 9.3 (Critical)
GHSA-8c52-x9w7-vc95
  • Maven/com.xwiki.pro:xwiki-pro-macros-ui
 XWiki view file macro: User can view content of office file without view rights on the attachment 18 Nov
  • Fix available
  • Severity - 6.8 (Medium)
GHSA-7p63-w6x9-6gr7
  • Maven/org.glassfish.jersey.core:jersey-client
 Eclipse Jersey has a Race Condition 18 Nov
  • Fix available
  • Severity - 9.4 (Critical)
GHSA-v7r8-8p5c-h4xw
  • Maven/com.xwiki.admintools:application-admintools
 XWiki AdminTools application doesn't set permissions on the AdminTools space 18 Nov
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-cg6m-9276-qpjj
  • Maven/io.github.wwwlike:vlife-base
 vlife-base has Path Traversal vulnerability 17 Nov
  • No fix available
  • Severity - 5.5 (Medium)
GHSA-gwwr-j923-vq7r
  • Maven/lsfusion.platform:web-client
 lsFusion Platform has Path Traversal vulnerability 17 Nov
  • No fix available
  • Severity - 5.5 (Medium)
GHSA-5jpg-2rj5-964c
  • Maven/lsfusion.platform:web-client
 lsFusion Platform has Path Traversal vulnerability 17 Nov
  • No fix available
  • Severity - 5.5 (Medium)
GHSA-7xw4-g7mm-r4hh
  • Maven/software.amazon.jdbc:aws-advanced-jdbc-wrapper
 Amazon Web Services Advanced JDBC Wrapper: Privilege Escalation in Aurora PostgreSQL instance 13 Nov
  • Fix available
  • Severity - 8.0 (High)
GHSA-7m9g-pmxf-m9m8
  • Maven/org.keycloak:keycloak-quarkus-server
 Keycloak allows Binding to an Unrestricted IP Address 13 Nov
  • No fix available
  • Severity - 6.8 (Medium)
GHSA-39hr-239p-fhqc
  • Maven/org.openidentityplatform.openam:openam-oauth2
 OpenAM: Using arbitrary OIDC requested claims values in id_token and user_info is allowed 12 Nov
  • Fix available
  • Severity - 8.1 (High)
Load more...