Vulnerabilities

ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-j288-q9x7-2f5v
  • Maven/org.apache.commons:commons-lang3
  • Maven/commons-lang:commons-lang
Apache Commons Lang is vulnerable to Uncontrolled Recursion when processing long inputs 2 days ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-xwmg-2g98-w7v9
  • Maven/com.nimbusds:nimbus-jose-jwt
Nimbus JOSE + JWT is vulnerable to DoS attacks when processing deeply nested JSON 2 days ago
  • Fix available
  • Severity - 5.8 (Medium)
GHSA-25xr-qj8w-c4vf
  • Maven/org.apache.tomcat:tomcat-coyote
Apache Tomcat Coyote vulnerable to Denial of Service via excessive HTTP/2 streams 3 days ago
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-4j3c-42xv-3f84
  • Maven/org.apache.tomcat:tomcat-util
Apache Tomcat Utilities is vulnerable to resource exhaustion when using the APR/Native connector 3 days ago
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-wr62-c79q-cv37
  • Maven/org.apache.tomcat:tomcat-catalina
Apache Tomcat Catalina is vulnerable to DoS attack through bypassing of size limits 3 days ago
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-gj52-35xm-gxjh
  • Maven/org.keycloak:keycloak-services
Keycloak vulnerable to phishing attacks through its Review Profile section 3 days ago
  • Fix available
  • Severity - 5.4 (Medium)
GHSA-23j7-px3w-jwp2
  • Maven/io.jenkins.plugins:xooa
Jenkins Xooa Plugin vulnerability does not mask its Xooa Deployment Token 4 days ago
  • No fix available
  • Severity - 4.3 (Medium)
GHSA-2g8w-9933-36vr
  • Maven/org.jenkins-ci.plugins:warrior
Jenkins Warrior Framework Plugin vulnerability exposes unencrypted passwords to certain authenticated users 4 days ago
  • No fix available
  • Severity - 4.3 (Medium)
GHSA-56h7-r62c-83qp
  • Maven/io.jenkins.plugins:xooa
Jenkins Xooa Plugin vulnerability exposes unencrypted tokens to authenticated users 4 days ago
  • No fix available
  • Severity - 4.3 (Medium)
GHSA-8gp3-m447-gw2v
  • Maven/org.jenkins-ci.plugins:vaddy-plugin
Jenkins VAddy Plugin vulnerability exposes plaintext keys on its job configuration form 4 days ago
  • No fix available
  • Severity - 4.3 (Medium)
GHSA-jmrv-rxgr-phvr
  • Maven/org.jenkins-ci.plugins:applitools-eyes
Jenkins Applitools Eyes Plugin vulnerability does not mask API keys on its job configuration form 4 days ago
  • No fix available
  • Severity - 4.3 (Medium)
GHSA-q92v-3f4w-5xg8
  • Maven/org.jenkins-ci.plugins:pplitools-eyes
Jenkins Applitools Eyes Plugin vulnerability exposes unencrypted keys to certain authenticated users 4 days ago
  • No fix available
  • Severity - 4.3 (Medium)
GHSA-w4xv-mj6v-p4g2
  • Maven/io.jenkins.plugins:user1st-utester
Jenkins User1st uTester Plugin vulnerability exposes unencrypted token to authenticated users 4 days ago
  • No fix available
  • Severity - 3.3 (Low)
GHSA-26x3-7jw5-7mg4
  • Maven/org.jenkins.plugins.statistics.gatherer:statistics-gatherer
Jenkins Statistics Gatherer Plugin does not mask AWS Secret Key 4 days ago
  • No fix available
  • Severity - 4.3 (Medium)
GHSA-28j3-hphh-cjr8
  • Maven/com.apica:ApicaLoadtest
Jenkins Apica Loadtest Plugin vulnerability exposes authentication tokens 4 days ago
  • No fix available
  • Severity - 4.3 (Medium)
GHSA-45hr-8gq6-7f7f
  • Maven/org.jenkins-ci.plugins:nouvola-divecloud
Jenkins Nouvola DiveCloud Plugin vulnerability stores unencrypted credentials 4 days ago
  • No fix available
  • Severity - 4.3 (Medium)