OSV - Open Source Vulnerabilities

GHSA-hxf2-gm22-7vcm

Maven/gov.nsa.emissary:emissary

Emissary has a Path Traversal via Blacklist Bypass in Configuration API

2 hours ago

Fix available
Severity - 5.3 (Medium)

GHSA-6c37-7w4p-jg9v

Maven/gov.nsa.emissary:emissary

Emissary has a Command Injection via PLACE_NAME Configuration in Executrix

2 hours ago

Fix available
Severity - 7.2 (High)

GHSA-3g6g-gq4r-xjm9

Maven/gov.nsa.emissary:emissary

Emissary has GitHub Actions Shell Injection via Workflow Inputs

2 hours ago

Fix available
Severity - 9.1 (Critical)

GHSA-cpm7-cfpx-3hvp

Maven/gov.nsa.emissary:emissary

Emissary has Stored XSS via Navigation Template Link Injection

6 hours ago

Fix available
Severity - 4.8 (Medium)

GHSA-8jxr-pr72-r468

Maven/io.modelcontextprotocol.sdk:mcp-core

Java-SDK has a DNS Rebinding Vulnerability

6 hours ago

Fix available
Severity - 7.6 (High)

GHSA-2cqq-rpvq-g5qj

Maven/org.openidentityplatform.openam:openam

OpenIdentityPlatform OpenAM: Pre-Authentication Remote Code Execution via `jato.clientSession` Deserialization in OpenAM

10 hours ago

Fix available
Severity - 9.3 (Critical)

GHSA-5v8v-xvjv-57x7

Maven/org.keycloak:keycloak-services

Keycloak vulnerable to information disclosure via CORS header injection due to unvalidated JWT azp claim

yesterday

No fix available
Severity - 3.7 (Low)

GHSA-2m67-wjpj-xhg9

Maven/tools.jackson.core:jackson-core

Jackson Core: Document length constraint bypass in blocking, async, and DataInput parsers

3 days ago

No fix available
Severity - 7.5 (High)

GHSA-f2hx-5fx3-hmcv

Maven/org.keycloak:keycloak-services

Keycloak: UMA Policy Resource Injection Allows Unauthorized Cross-User Permission Grants

5 days ago

Fix available
Severity - 8.1 (High)

GHSA-h4wv-g838-66g3

Maven/org.keycloak:keycloak-services

Keycloak: Application-Level DoS via Scope Processing

5 days ago

Fix available
Severity - 7.5 (High)

GHSA-hj93-h7pg-fh6v

Maven/org.keycloak:keycloak-services

Keycloak: Privilege escalation via forged authorization codes due to SingleUseObjectProvider isolation flaw

5 days ago

Fix available
Severity - 7.4 (High)

GHSA-rx66-hj7g-28h7

Maven/org.keycloak:keycloak-services

Keycloak: Replay of action tokens via improper handling of single-use entries

5 days ago

Fix available
Severity - 5.3 (Medium)

GHSA-cjm2-j6cm-6p6m

Maven/org.keycloak:keycloak-services

Keycloak: Redirect URI validation bypass via ..;/ path traversal in OIDC auth endpoint

5 days ago

Fix available
Severity - 7.3 (High)

GHSA-hv2w-8mjj-jw22

Maven/io.modelcontextprotocol.sdk:mcp-core

MCP Java SDK has a Hardcoded Wildcard CORS (Access-Control-Allow-Origin: *)

30 Mar

Fix available
Severity - 6.1 (Medium)

GHSA-vr79-8m62-wh98

Maven/ca.uhn.hapi.fhir:org.hl7.fhir.validation

FHIR Validator HTTP service has SSRF via /loadIG Chains with startsWith() Credential Leak for Authentication Token Theft

30 Mar

Fix available
Severity - 9.3 (Critical)

GHSA-3ww8-jw56-9f5h

Maven/ca.uhn.hapi.fhir:org.hl7.fhir.core

FHIR Validator: Unauthenticated Blind SSRF via /loadIG Endpoint Enables Internal Network Probing

30 Mar

Fix available
Severity - 5.8 (Medium)