Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-5r2g-vphf-m5xc
  • Maven/org.apache.streampipes:streampipes-parent
 Apache StreamPipes has Improper Privilege Management issue yesterday
  • Fix available
  • Severity - 4.9 (Medium)
GHSA-4hx9-48xh-5mxr
  • Maven/org.keycloak:keycloak-ldap-federation
 Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization 19 Dec 2025
  • Fix available
  • Severity - 5.5 (Medium)
GHSA-v4p2-2w39-mhrj
  • Maven/org.apache.nifi:nifi-asana-processors
 Apache NiFi GetAsanaObject Processor has Remote Code Execution via Unsafe Deserialization 19 Dec 2025
  • Fix available
  • Severity - 7.5 (High)
GHSA-gphj-4h6p-37xq
  • Maven/org.elasticsearch.plugin:x-pack-core
 Elasticsearch privileged authenticated users can cause DoS through Excessive Resource Allocation 19 Dec 2025
  • Fix available
  • Severity - 4.9 (Medium)
GHSA-qf7c-7r9h-mm92
  • Maven/org.elasticsearch.plugin:x-pack-security
 Elasticsearch has Excessive Allocation of Resources via Submission of Oversized User Settings Data 19 Dec 2025
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-vc5p-v9hr-52mj
  • Maven/org.apache.logging.log4j:log4j-core
 Apache Log4j does not verify the TLS hostname in its Socket Appender 18 Dec 2025
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-x44p-gvrj-pj2r
  • Maven/software.amazon.encryption.s3:amazon-s3-encryption-client-java
 Amazon S3 Encryption Client for Java has a Key Commitment Issue 18 Dec 2025
  • Fix available
  • Severity - 6.0 (Medium)
GHSA-3677-xxcr-wjqv
  • Maven/org.bitbucket.b_c:jose4j
 jose4j is vulnerable to DoS via compressed JWE content 17 Dec 2025
  • Fix available
  • Severity - 7.5 (High)
GHSA-6gvq-jcmp-8959
  • npm/altcha-lib
  • Packagist/altcha-org/altcha
  • Go/github.com/altcha-org/altcha-lib-go
  • Maven/org.altcha:altcha
  • RubyGems/altcha
  • ... 2 more
 ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay 16 Dec 2025
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-84h7-rjj3-6jx4
  • Maven/io.netty:netty-codec-http
 Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder 15 Dec 2025
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-m9gh-789g-q5pv
  • Maven/org.elasticsearch:elasticsearch
 Elasticsearch PKI Realm Authentication Bypass Vulnerability Allows User Impersonation Through Crafted Client Certificates 15 Dec 2025
  • Fix available
  • Severity - 6.8 (Medium)
GHSA-3f8c-8h8v-p54h
  • Maven/com.aizuda:snail-job
 snail-job is vulnerable to Code Injection through QLExpressEngine.doEval function 14 Dec 2025
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-vx9q-rhv9-3jvg
  • Maven/io.airlift:aircompressor-v3
 aircompressor Snappy and LZ4 Java-based decompressor implementation can leak information from reused output buffer 12 Dec 2025
  • Fix available
  • Severity - 8.2 (High)
GHSA-m5gv-vj3f-6v2p
  • Maven/com.liferay:com.liferay.object.service
 Liferay Portal and DXP Instance Admin can execute code using Objects Actions and Validations 12 Dec 2025
  • Fix available
  • Severity - 7.5 (High)
GHSA-3hg2-rh4r-8qf6
  • Maven/org.apache.streampark:streampark
 Apache StreamPark: Use the user’s password as the secret key Vulnerability 12 Dec 2025
  • Fix available
  • Severity - 8.2 (High)
GHSA-749j-2hp6-8cxm
  • Maven/org.apache.streampark:streampark
 Apache StreamPark uses a Weak Encryption Algorithm 12 Dec 2025
  • Fix available
  • Severity - 8.7 (High)
Load more...