Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-443w-3rq3-5m5h
  • Maven/software.amazon.awssdk:cloudfront
 AWS SDK for Java 2.0: Improper Handling of Special Characters in CloudFront Signing Utilities 14 hours ago
  • Fix available
  • Severity - 7.7 (High)
GHSA-w9fj-cfpg-grvv
  • Maven/io.netty:netty-codec-http2
 Netty HTTP/2 CONTINUATION Frame Flood DoS via Zero-Byte Frame Bypass yesterday
  • Fix available
  • Severity - 8.7 (High)
GHSA-pwqr-wmgm-9rr8
  • Maven/io.netty:netty-codec-http
 Netty: HTTP Request Smuggling via Chunked Extension Quoted-String Parsing yesterday
  • Fix available
  • Severity - 7.5 (High)
GHSA-h8w2-rv57-vc6f
  • Maven/com.splunk:splunk-otel-javaagent
 splunk-otel-javaagent: Unsafe deserialization in RMI instrumentation may lead to Remote Code Execution yesterday
  • Fix available
  • Severity - 9.3 (Critical)
GHSA-579q-h82j-r5v2
  • Maven/com.datadoghq:dd-java-agent
 dd-trace-java: Unsafe deserialization in RMI instrumentation may lead to remote code execution yesterday
  • Fix available
  • Severity - 9.3 (Critical)
GHSA-22rm-wp4x-v5cx
  • Maven/org.keycloak:keycloak-services
 Keycloak Server-Side Request Forgery via OIDC token endpoint manipulation 2 days ago
  • No fix available
  • Severity - 3.1 (Low)
GHSA-5458-7hh9-v7p4
  • Maven/org.pf4j:pf4j
 pf4j is vulnerable to Path Traversal or Zip Slip attack through improper handling of zip entry names 2 days ago
  • Fix available
  • Severity - 8.7 (High)
GHSA-xw7x-h9fj-p2c7
  • Maven/io.opentelemetry.javaagent:opentelemetry-javaagent
 OpenTelemetry: Unsafe Deserialization in RMI Instrumentation may Lead to Remote Code Execution 2 days ago
  • Fix available
  • Severity - 9.3 (Critical)
GHSA-6fmv-xxpf-w3cw
  • Maven/org.codehaus.plexus:plexus-utils
 Plexus-Utils has a Directory Traversal vulnerability in its extractFile method 2 days ago
  • Fix available
GHSA-x4ff-q6h8-v7gw
  • Maven/org.scala-sbt:sbt
 sbt: Source dependency feature (via crafted VCS URL) leads to arbitrary code execution on Windows 3 days ago
  • Fix available
  • Severity - 6.7 (Medium)
GHSA-f4gc-mwrg-q36r
  • Maven/org.apache.activemq:artemis-openwire-protocol
  • Maven/org.apache.artemis:artemis-openwire-protocol
 Apache Artemis: Unauthorized Temporary Address Creation via OpenWire Protocol 4 days ago
  • Fix available
  • Severity - 2.3 (Low)
GHSA-3x3v-w654-m28m
  • Maven/io.undertow:undertow-core
 Undertow: Denial of Service via Multipart/Form-Data Parsing on HTTP GET Requests 4 days ago
  • Fix available
  • Severity - 5.9 (Medium)
GHSA-3qwq-q9vm-5j42
  • Maven/org.springframework.cloud:spring-cloud-config-server
 Spring Cloud Config Server: Path Traversal via Profile Parameter Allows Arbitrary File Access 4 days ago
  • Fix available
  • Severity - 8.6 (High)
GHSA-rhgq-f8x5-j2jc
  • Maven/org.keycloak:keycloak-services
 Keycloak's identity-first login flow exposes user information 4 days ago
  • No fix available
  • Severity - 3.7 (Low)
GHSA-4pgc-gfrr-wcmg
  • Maven/org.keycloak:keycloak-services
 Keycloak has Improper Access Control allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false 5 days ago
  • No fix available
  • Severity - 4.3 (Medium)
GHSA-4773-3jfm-qmx3
  • Maven/org.springframework:spring-webflux
  • Maven/org.springframework:spring-webmvc
 Spring Framework Improper Path Limitation with Script View Templates 20 Mar
  • Fix available
  • Severity - 5.9 (Medium)
Load more...