OSV - Open Source Vulnerabilities

GHSA-hvp5-5x4f-33fq

Maven/io.github.skylot:jadx-core

JADX file override vulnerability

1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.4.0
1.4.1
...

2024-04-22T15:56:04Z

Fix available

GHSA-qwhw-hh9j-54f5

Maven/io.antmedia:ant-media-server

Ant Media Server vulnerable to a local privilege escalation

2.6.0
2.6.1
2.6.2
2.6.3
2.6.4
2.7.0
2.8.0
...

2024-04-22T15:51:59Z

Fix available

GHSA-29rc-vq7f-x335

Maven/org.apache.hugegraph:hugegraph-api
Maven/org.apache.hugegraph:hugegraph-core

Apache HugeGraph-Server: Command execution in gremlin

1.0.0
1.2.0
1.0.0
1.2.0

2024-04-22T15:30:41Z

Fix available

GHSA-6mgp-p75r-vhjm

Maven/org.apache.hugegraph:hugegraph-api

Apache HugeGraph-Server: Bypass whitelist in Auth mode

1.0.0
1.2.0

2024-04-22T15:30:41Z

Fix available

GHSA-77x4-55q7-4vmj

Maven/org.apache.hugegraph:hugegraph-hubble

Apache HugeGraph-Hubble: SSRF in Hubble connection page

1.0.0
1.2.0

2024-04-22T15:30:41Z

Fix available

GHSA-7fpj-9hr8-28vh

Maven/org.keycloak:keycloak-services

Keycloak vulnerable to impersonation via logout token exchange

1.0-alpha-1
1.0-alpha-1-12062013
1.0-alpha-2
1.0-alpha-3
1.0-alpha-4
1.0-beta-1
1.0-beta-1-20150521
...

2024-04-17T18:25:59Z

Fix available

GHSA-c9h6-v78w-52wj

Maven/org.keycloak:keycloak-services

Keycloak vulnerable to session hijacking via re-authentication

1.0-alpha-1
1.0-alpha-1-12062013
1.0-alpha-2
1.0-alpha-3
1.0-alpha-4
1.0-beta-1
1.0-beta-1-20150521
...

2024-04-17T18:25:29Z

Fix available

GHSA-72vp-xfrc-42xm

Maven/org.keycloak:keycloak-services

Keycloak path transversal vulnerability in redirection validation

1.0-alpha-1
1.0-alpha-1-12062013
1.0-alpha-2
1.0-alpha-3
1.0-alpha-4
1.0-beta-1
1.0-beta-1-20150521
...

2024-04-17T18:25:08Z

Fix available

GHSA-m6q9-p373-g5q8

Maven/org.keycloak:keycloak-services

Keycloak's unvalidated cross-origin messages in checkLoginIframe leads to DDoS

1.0-alpha-1
1.0-alpha-1-12062013
1.0-alpha-2
1.0-alpha-3
1.0-alpha-4
1.0-beta-1
1.0-beta-1-20150521
...

2024-04-17T18:24:38Z

Fix available

GHSA-j628-q885-8gr5

Maven/org.keycloak:keycloak-services

Keycloak vulnerable to log Injection during WebAuthn authentication or registration

1.0-alpha-1
1.0-alpha-1-12062013
1.0-alpha-2
1.0-alpha-3
1.0-alpha-4
1.0-beta-1
1.0-beta-1-20150521
...

2024-04-17T18:24:03Z

Fix available

GHSA-46c8-635v-68r2

Maven/org.keycloak:keycloak-services

Keycloak Authorization Bypass vulnerability

1.0-alpha-1
1.0-alpha-1-12062013
1.0-alpha-2
1.0-alpha-3
1.0-alpha-4
1.0-beta-1
1.0-beta-1-20150521
...

2024-04-17T17:33:29Z

Fix available

GHSA-8rmm-gm28-pj8q

Maven/org.keycloak:keycloak-services

Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow

1.0-alpha-1
1.0-alpha-1-12062013
1.0-alpha-2
1.0-alpha-3
1.0-alpha-4
1.0-beta-1
1.0-beta-1-20150521
...

2024-04-17T17:33:04Z

Fix available

GHSA-4f53-xh3v-g8x4

Maven/org.keycloak:keycloak-services

Keycloak secondary factor bypass in step-up authentication

1.0-alpha-1
1.0-alpha-1-12062013
1.0-alpha-2
1.0-alpha-3
1.0-alpha-4
1.0-beta-1
1.0-beta-1-20150521
...

2024-04-17T17:31:50Z

Fix available

GHSA-mrv8-pqfj-7gp5

Maven/org.keycloak:keycloak-services

Keycloak path traversal vulnerability in the redirect validation

1.0-alpha-1
1.0-alpha-1-12062013
1.0-alpha-2
1.0-alpha-3
1.0-alpha-4
1.0-beta-1
1.0-beta-1-20150521
...

2024-04-17T17:31:12Z

Fix available

GHSA-r52h-fjm7-93j8

Maven/com.blazemeter.plugins:BlazeMeterJenkinsPlugin

BlazeMeter Jenkins plugin vulnerable to Cross-Site Request Forgery

1.0-beta-1
1.01-beta-2
1.02-beta-3
1.04-beta-1
1.05-beta-1
1.06-beta-1
1.07-beta-1
...

2024-04-17T15:30:43Z

Fix available

GHSA-2wrp-6fg6-hmc5

Maven/org.springframework:spring-web

Spring Framework URL Parsing with Host Validation

1.0
1.0-rc1
1.0.1
1.1
1.1-rc1
1.1-rc2
1.1.1
...

2024-04-16T06:30:28Z

Fix available

Vulnerability Library