OSV - Open Source Vulnerabilities

GHSA-2g22-wg49-fgv5

Maven/org.xwiki.contrib:macro-fullcalendar-pom

XWiki Full Calendar Macro vulnerable to SQL injection through Calendar.JSONService

6 hours ago

Fix available
Severity - 10.0 (Critical)

GHSA-637h-ch24-xp9m

Maven/org.xwiki.contrib:macro-fullcalendar-pom

XWiki Full Calendar Macro vulnerable to data leak through Calendar.JSONService

6 hours ago

Fix available
Severity - 5.3 (Medium)

GHSA-gv94-wp4h-vv8p

Maven/org.keycloak:keycloak-parent

Keycloak has Incorrect Behavior Order: Authorization Before Parsing and Canonicalization

yesterday

No fix available
Severity - 5.3 (Medium)

GHSA-fcqj-76g3-q7qm

Maven/ome:pom-bio-formats

Bio-Formats has an XML External Entity (XXE) vulnerability

2 days ago

No fix available
Severity - 4.6 (Medium)

GHSA-qjm3-cvp9-3jj3

Maven/ome:pom-bio-formats

Bio-Formats performs unsafe Java deserialization of attacker-controlled memoization cache files (.bfmemo) during image processing

2 days ago

No fix available
Severity - 6.8 (Medium)

GHSA-5f29-2333-h9c7

Maven/org.open-metadata:platform

OpenMetadata's Server-Side Template Injection (SSTI) in FreeMarker email templates leads to RCE

2 days ago

Fix available
Severity - 8.5 (High)

GHSA-j382-5jj3-vw4j

Maven/io.undertow:undertow-core

Undertow HTTP server core doesn't properly validate the Host header in incoming HTTP requests

2 days ago

No fix available
Severity - 9.6 (Critical)

GHSA-5rfx-cp42-p624

Maven/io.quarkus:quarkus-rest

Quarkus REST has potential worker thread starvation when HTTP connection is closed while waiting to write

2 days ago

Fix available
Severity - 5.9 (Medium)

GHSA-vrjc-q2fh-6x9h

Maven/io.spinnaker.clouddriver:clouddriver-artifacts

Spinnaker vulnerable to SSRF due to improper restrictions on http from user input

4 days ago

Fix available
Severity - 7.9 (High)

GHSA-jqmr-2pg9-vfx7

Maven/org.apache.sis.core:sis-metadata

Apache SIS has Improper Restriction of XML External Entity Reference vulnerability

4 days ago

Fix available
Severity - 6.5 (Medium)

GHSA-cw39-r4h6-8j3x

Maven/org.msgpack:msgpack-core

MessagePack for Java Vulnerable to Remote DoS via Malicious EXT Payload Allocation

4 days ago

Fix available
Severity - 7.5 (High)

GHSA-7wwv-79xw-rvvg

Maven/com.vaadin:vaadin
Maven/com.vaadin:vaadin-server
Maven/com.vaadin:vaadin-spreadsheet-flow

Vaadin vulnerable to Cross-site Scripting

4 days ago

Fix available
Severity - 4.8 (Medium)

GHSA-f8r6-6222-9pvc

Maven/org.apache.kyuubi:kyuubi-server_2.12

Apache Kyuubi Server vulnerable to Path Traversal

4 days ago

Fix available
Severity - 8.8 (High)

GHSA-5r2g-vphf-m5xc

Maven/org.apache.streampipes:streampipes-parent

Apache StreamPipes has Improper Privilege Management issue

01 Jan

Fix available
Severity - 4.9 (Medium)

GHSA-4hx9-48xh-5mxr

Maven/org.keycloak:keycloak-ldap-federation

Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization

19 Dec 2025

Fix available
Severity - 5.5 (Medium)

GHSA-v4p2-2w39-mhrj

Maven/org.apache.nifi:nifi-asana-processors

Apache NiFi GetAsanaObject Processor has Remote Code Execution via Unsafe Deserialization

19 Dec 2025

Fix available
Severity - 7.5 (High)