Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-8rr6-2qw5-pc7r
  • Maven/net.sourceforge.pmd:pmd-core
 PMD Designer has Stored XSS in VBHTMLRenderer and YAHTMLRenderer via unescaped violation messages 4 days ago
  • Fix available
  • Severity - 6.8 (Medium)
GHSA-72hv-8253-57qq
  • Maven/com.fasterxml.jackson.core:jackson-core
  • Maven/tools.jackson.core:jackson-core
 jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition 4 days ago
  • Fix available
  • Severity - 8.7 (High)
GHSA-j273-m5qq-6825
  • Maven/com.github.junrar:junrar
 Junrar has an arbitrary file write due to backslash Path Traversal bypass in LocalFolderExtractor on Linux/Unix 4 days ago
  • Fix available
  • Severity - 5.9 (Medium)
GHSA-7g5x-9c4v-4w5r
  • Maven/org.keycloak:keycloak-services
 Keycloak REST Services has a WebAuthn Attestation Statement Verification Bypass 5 days ago
  • Fix available
  • Severity - 3.1 (Low)
GHSA-v4jw-m6rm-399h
  • Maven/org.keycloak:keycloak-server-spi-private
 Keycloak Server Private SPI: Improper Access Control Allows Administrators to Bypass Attribute Visibility Restrictions and Modify Unmanaged User Profile Attributes 5 days ago
  • Fix available
  • Severity - 4.9 (Medium)
GHSA-gx6c-pv62-9mcf
  • Maven/net.snowflake:snowflake-jdbc
 Snowflake JDBC Driver is Vulnerable to Uncontrolled Resource Consumption through SdkProxyRoutePlanner 5 days ago
  • No fix available
  • Severity - 1.9 (Low)
GHSA-rx6w-2w6h-r346
  • Maven/com.github.psi-probe:psi-probe-core
 PSI Probe: Broken access control can lead to DoS 5 days ago
  • No fix available
  • Severity - 2.1 (Low)
GHSA-5476-xc4j-rqcv
  • Maven/com.mchange:c3p0
 c3p0 vulnerable to Remote Code Execution via unsafe deserialization of userOverridesAsString property 6 days ago
  • Fix available
  • Severity - 8.9 (High)
GHSA-m2cm-222f-qw44
  • Maven/com.mchange:mchange-commons-java
 mchange-commons-java: Remote Code Execution via JNDI Reference Resolution 6 days ago
  • Fix available
  • Severity - 8.9 (High)
GHSA-429q-mrc4-38fr
  • Maven/org.apache.camel:camel-leveldb
 Apache Camel Deserializes Untrusted Data in its LevelDB Component 23 Feb
  • Fix available
  • Severity - 7.1 (High)
GHSA-c3f3-cc42-xr9v
  • Maven/org.apache.camel:camel-keycloak
 Apache Camel: KeycloakSecurityPolicy does not validate issuer of JWT tokens against configured realm 23 Feb
  • Fix available
  • Severity - 9.1 (Critical)
GHSA-p6jf-79j3-33f3
  • Maven/org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.impl
 carbon-apimgt does not properly restrict uploaded files 19 Feb
  • Fix available
  • Severity - 9.1 (Critical)
GHSA-fjf4-6f34-w64q
  • Maven/org.keycloak:keycloak-services
 Keycloak: Missing Check on Disabled Client for Docker Registry Protocol 19 Feb
  • No fix available
  • Severity - 3.8 (Low)
GHSA-r9wp-qq53-qvjx
  • Maven/net.mingsoft:ms-mcms
 mingSoft MCMS does not properly restrict file uploads 18 Feb
  • No fix available
  • Severity - 2.0 (Low)
GHSA-85h6-5m3v-gx37
  • Maven/org.jenkins-ci.main:jenkins-core
 Jenkins has a stored XSS vulnerability in node offline cause description 18 Feb
  • Fix available
  • Severity - 8.0 (High)
GHSA-wfhp-qgm8-5p5c
  • Maven/org.jenkins-ci.main:jenkins-core
 Jenkins has a build information disclosure vulnerability through Run Parameter 18 Feb
  • Fix available
  • Severity - 4.3 (Medium)
Load more...