Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-vp6r-9m58-5xv8
  • Maven/org.omnifaces:omnifaces
 OmniFaces: EL injection via crafted resource name in wildcard CDN mapping 8 hours ago
  • Fix available
  • Severity - 8.1 (High)
GHSA-hf5p-q87m-crj7
  • Maven/com.github.junrar:junrar
 Junrar: Path Traversal (Zip-Slip) via Sibling Directory Name Prefix 8 hours ago
  • Fix available
  • Severity - 5.9 (Medium)
GHSA-hfrg-mcvw-8mch
  • Maven/com.ritense.valtimo:inbox
 Valtimo: Sensitive data exposure through inbox message logging in InboxHandlingService 8 hours ago
  • Fix available
  • Severity - 4.9 (Medium)
GHSA-27h3-crw2-q36w
  • Maven/org.apache.skywalking:server-core
 SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information 14 hours ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-xjw8-8c5c-9r79
  • Maven/org.thymeleaf:thymeleaf
  • Maven/org.thymeleaf:thymeleaf-spring5
  • Maven/org.thymeleaf:thymeleaf-spring6
 Improper neutralization of specific syntax patterns for unauthorized expressions in Thymeleaf yesterday
  • Fix available
  • Severity - 9.0 (Critical)
GHSA-r4v4-5mwr-2fwr
  • Maven/org.thymeleaf:thymeleaf
  • Maven/org.thymeleaf:thymeleaf-spring5
  • Maven/org.thymeleaf:thymeleaf-spring6
 Improper restriction of the scope of accessible objects in Thymeleaf expressions yesterday
  • Fix available
  • Severity - 9.0 (Critical)
GHSA-g24f-mgc3-jwwc
  • Maven/io.openremote:openremote-manager
 OpenRemote has XXE in Velbus Asset Import yesterday
  • Fix available
  • Severity - 7.6 (High)
GHSA-xmj9-7625-f634
  • Maven/dev.dsf:dsf-bpe-process-api-v2
  • Maven/dev.dsf:dsf-bpe-server
 Data Sharing Framework has an Inverted Time Comparison in OIDC JWKS and Token Cache yesterday
  • No fix available
  • Severity - 6.3 (Medium)
GHSA-gj7p-595x-qwf5
  • Maven/dev.dsf:dsf-bpe-server
  • Maven/dev.dsf:dsf-common-jetty
  • Maven/dev.dsf:dsf-fhir-server
 Data Sharing Framework is Missing Session Timeout for OIDC Sessions yesterday
  • No fix available
  • Severity - 6.8 (Medium)
GHSA-wg6q-6289-32hp
  • Maven/org.bouncycastle:bcpkix-debug-jdk14
  • Maven/org.bouncycastle:bcpkix-debug-jdk15to18
  • Maven/org.bouncycastle:bcpkix-debug-jdk18on
  • Maven/org.bouncycastle:bcpkix-jdk14
  • Maven/org.bouncycastle:bcpkix-jdk15on
  • ... 2 more
 Bouncy Castle Crypto Package For Java: Use of a Broken or Risky Cryptographic Algorithm vulnerability in bcpkix modules yesterday
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-355h-qmc2-wpwf
  • Maven/org.eclipse.jetty:jetty-http
 Jetty has HTTP Request Smuggling via Chunked Extension Quoted-String Parsing 2 days ago
  • Fix available
  • Severity - 7.4 (High)
GHSA-mrqg-xmgm-rc5g
  • Maven/org.xwiki.platform:xwiki-platform-legacy-oldcore
  • Maven/org.xwiki.platform:xwiki-platform-oldcore
 XWiki's REST APIs can list all pages/spaces, leading to unavailability 2 days ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-w4fj-87j5-f25c
  • Maven/org.xwiki.platform:xwiki-platform-web-templates
 XWiki has Reflected Cross-Site Scripting (XSS) in page history compare 2 days ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-7mqr-33rv-p3mp
  • Maven/io.openremote:openremote-manager
 Expression Injection in OpenRemote 2 days ago
  • Fix available
  • Severity - 9.9 (Critical)
GHSA-m32f-8vh9-2hh3
  • Maven/org.keycloak:keycloak-services
 Keycloak: Arbitrary code execution via Stored Cross-Site Scripting (XSS) in organization selection login page 2 days ago
  • No fix available
  • Severity - 6.9 (Medium)
GHSA-gcj8-76p4-g2fq
  • Maven/org.apache.pdfbox:pdfbox-examples
 Apache PDFBox Examples: Path Traversal in PDFBox ExtractEmbeddedFiles Example Code 2 days ago
  • Fix available
  • Severity - 4.3 (Medium)
Load more...