Vulnerability Library

ID
Packages
Summary
Affected versions
Published
Fix
GHSA-h595-vwhc-3xwx
  • Maven/org.apache.archiva:archiva
Apache Archiva Incorrect Authorization vulnerability
  • 2.0.0
  • 2.0.1
  • 2.1.0
  • 2.1.1
  • 2.2.0
  • 2.2.1
  • 2.2.10
  • ...
2024-03-01T18:30:23Z No fix available
GHSA-hp2x-6vrm-7j7v
  • Maven/org.apache.archiva:archiva-common
Apache Archiva Reflected Cross-site Scripting vulnerability
  • 2.0.0
  • 2.0.1
  • 2.1.0
  • 2.1.1
  • 2.2.0
  • 2.2.1
  • 2.2.10
  • ...
2024-03-01T18:30:23Z No fix available
GHSA-rv4h-m4wc-v99w
  • Maven/org.apache.archiva:archiva
Apache Archiva Incorrect Authorization vulnerability
  • 1.1
  • 1.1.1
  • 1.1.2
  • 1.1.3
  • 1.1.4
  • 1.2
  • 1.2-M1
  • ...
2024-03-01T18:30:23Z No fix available
GHSA-9q6v-rxmw-g3gh
  • Maven/org.apache.ambari:ambari
Apache Ambari: Various Cross site scripting problems
  • 1.7.0.0
  • 2.0.0.0
2024-03-01T15:31:38Z Fix available
GHSA-vr64-r9qj-h27f
  • Maven/org.clojure:clojure
Clojure Denial of Service vulnerability
  • 1.10.0
  • 1.10.0-RC1
  • 1.10.0-RC2
  • 1.10.0-RC3
  • 1.10.0-RC4
  • 1.10.0-RC5
  • 1.10.0-alpha1
  • ...
2024-02-29T03:33:18Z No fix available
GHSA-3hrr-xwvg-hxvr
  • Maven/org.keycloak:keycloak-core
Keycloak DoS via account lockout
  • 1.0-alpha-1
  • 1.0-alpha-1-12062013
  • 1.0-alpha-2
  • 1.0-alpha-3
  • 1.0-alpha-4
  • 1.0-beta-1
  • 1.0-beta-1-20150521
  • ...
2024-02-29T03:33:17Z No fix available
GHSA-6qvw-249j-h44c
  • Maven/org.bitbucket.b_c:jose4j
jose4j denial of service via specifically crafted JWE
  • 0.3.6
  • 0.3.7
  • 0.3.8
  • 0.3.9
  • 0.4.0
  • 0.4.1
  • 0.4.2
  • ...
2024-02-29T03:33:14Z Fix available
GHSA-xh6m-7cr7-xx66
  • Maven/com.hazelcast:hazelcast
Missing permission checks on Hazelcast client protocol
  • 1.5
  • 1.5.1
  • 1.5.2
  • 1.5.3
  • 1.6
  • 1.6-RC1
  • 1.7
  • ...
2024-02-27T21:54:15Z Fix available
GHSA-jw7r-rxff-gv24
  • Maven/org.apache.james:apache-mime4j-core
Apache James MIME4J improper input validation vulnerability
  • 0.7
  • 0.7.1
  • 0.7.2
  • 0.8.0
  • 0.8.1
  • 0.8.2
  • 0.8.3
  • ...
2024-02-27T18:31:02Z Fix available
GHSA-qrp9-23p7-g5mf
  • Maven/org.apache.ambari.contrib.views:wfmanager
Apache Ambari XML External Entity injection
  • See details.
2024-02-27T18:31:02Z Fix available
GHSA-p5q9-86w4-2xr5
  • Maven/org.apache.james:james-project
Apache James vulnerable to SMTP smuggling
  • 1.1
  • 1.2
  • 1.3
  • 1.5
  • 1.6
  • 1.7
  • 1.8
  • ...
2024-02-27T15:30:31Z Fix available
GHSA-px7w-c9gw-7gj3
  • Maven/org.apache.james:james-server
Apache James server: Privilege escalation via JMX pre-authentication deserialization
  • 3.0-M1
  • 3.0-M2
  • 3.0-beta2
  • 3.0-beta3
  • 3.0-beta4
  • 3.0.0
  • 3.0.0-RC1
  • ...
2024-02-27T09:31:16Z Fix available
GHSA-rghc-9fhx-h32m
  • Maven/org.apache.ambari.contrib.views:ambari-contrib-views
Apache Ambari: authenticated users could perform command injection to perform RCE
  • See details.
2024-02-27T09:31:16Z Fix available
GHSA-rggv-cv7r-mw98
  • Maven/org.eclipse.jetty.http2:http2-common
  • Maven/org.eclipse.jetty.http3:http3-common
  • Maven/org.eclipse.jetty.http2:jetty-http2-common
  • Maven/org.eclipse.jetty.http3:jetty-http3-common
Connection leaking on idle timeout when TCP congested
  • 9.3.0.v20150612
  • 9.3.1.v20150714
  • 9.3.10.M0
  • 9.3.10.v20160621
  • 9.3.11.M0
  • 9.3.11.v20160721
  • 9.3.12.v20160915
  • ...
2024-02-26T20:13:46Z Fix available
GHSA-hx5q-v6pj-533r
  • Maven/com.linecorp.centraldogma:centraldogma-server-auth-saml
SAML authentication bypass due to missing validation on unsigned SAML messages
  • 0.33.0
  • 0.34.0
  • 0.35.0
  • 0.35.1
  • 0.36.0
  • 0.37.0
  • 0.38.0
  • ...
2024-02-26T20:04:50Z Fix available
GHSA-4m6j-23p2-8c54
  • Maven/com.linecorp.armeria:armeria-saml
Armeria SAML authentication bypass due to missing validation on unsigned SAML messages
  • 0.69.0
  • 0.70.0
  • 0.70.1
  • 0.71.0
  • 0.71.1
  • 0.72.0
  • 0.73.0
  • ...
2024-02-26T20:04:37Z Fix available