Vulnerability Library

ID
Packages
Summary
Affected versions
Last modified
Fix
GHSA-5h9j-q6j2-253f
  • Maven/org.eclipse.jetty:jetty-server
  • Maven/org.eclipse.jetty:jetty-server
  • Maven/org.eclipse.jetty:jetty-server
Unescaped exception messages in error responses in Jetty
  • 9.4.21.v20190926
  • 9.4.22.v20191022
  • 9.4.23.v20191118
  • 9.4.22.v20191022
  • 9.4.23.v20191118
  • 9.4.23.v20191118
2022-08-15T09:12:52.664188Z Fix available
GHSA-wcp5-m52f-mhh5
  • Maven/net.sf.mpxj:mpxj
Improper Restriction of XML External Entity Reference in MPXJ
  • 4.7.1
  • 4.7.2
  • 4.7.3
  • 4.7.4
  • 4.7.5
  • 4.7.6
  • 5.0.0
  • ...
2022-08-15T09:12:51.731638Z Fix available
GHSA-wp2f-hrg2-3r5m
  • Maven/org.apache.uima:uimafit-core
  • Maven/org.apache.uima:uimaj-core
  • Maven/org.apache.uima:uimaj-core
  • Maven/org.apache.uima:uimaj-as-core
Improper Restriction of XML External Entity Reference in Apache uimaj
  • 2.0.0
  • 2.1.0
  • 2.2.0
  • 2.3.0
  • 2.10.0
  • 2.10.1
  • 2.3.1
  • ...
2022-08-15T09:12:51.611460Z Fix available
GHSA-h4x4-5qp2-wp46
  • Maven/com.fasterxml.jackson.datatype:jackson-datatype-jsr310
Moderate severity vulnerability that affects com.fasterxml.jackson.datatype:jackson-datatype-jsr353
  • 2.2.0-beta1
  • 2.2.1-beta2
  • 2.2.2-beta3
  • 2.2.2-beta4
  • 2.2.3-beta5
  • 2.3.0-beta6
  • 2.3.0-beta7
  • ...
2022-08-15T09:12:51.452737Z Fix available
GHSA-54fx-gm74-q676
  • Maven/io.smallrye.config:smallrye-config
Permissions bypass in SmallRye
  • 1.5.0
  • 1.5.1
  • 1.6.0
  • 1.6.1
2022-08-15T09:12:50.490946Z Fix available
GHSA-6g3c-2mh5-7q6x
  • Maven/com.manydesigns:portofino
Missing validation of JWT signature in `ManyDesigns/Portofino`
  • 5.0.0
  • 5.0.1
  • 5.0.2
  • 5.0.3
  • 5.1.0
  • 5.1.1
  • 5.1.2
  • ...
2022-08-15T09:12:48.741134Z Fix available
GHSA-9q69-g5gc-9fgf
  • Maven/io.vertx:vertx-web
  • Maven/io.vertx:vertx-web
  • Maven/io.vertx:vertx-web
  • Maven/io.vertx:vertx-web
Cross-Site Request Forgery in Vert.x-Web framework
  • 4.0.0-milestone1
  • 4.0.0-milestone2
  • 4.0.0-milestone3
  • 4.0.0-milestone4
  • 4.0.0-milestone2
  • 4.0.0-milestone3
  • 4.0.0-milestone4
  • ...
2022-08-15T09:12:46.824799Z Fix available
GHSA-rmrm-75hp-phr2
  • Maven/org.hibernate.validator:hibernate-validator
  • Maven/org.hibernate.validator:hibernate-validator
Improper Input Validation in Hibernate Validator
  • 6.1.0.Final
  • 6.1.1.Final
  • 6.1.2.Final
  • 6.1.3.Final
  • 6.1.4.Final
  • 6.0.0.Alpha1
  • 6.0.0.Alpha2
  • ...
2022-08-15T09:12:45.222496Z Fix available
GHSA-4ph4-q9r5-6wm6
  • Maven/org.springframework.batch:spring-batch-core
Deserialization of Untrusted Data in Spring Batch
  • 4.0.0.RELEASE
  • 4.0.1.RELEASE
  • 4.0.2.RELEASE
  • 4.0.3.RELEASE
  • 4.0.4.RELEASE
  • 4.1.0.RELEASE
  • 4.1.1.RELEASE
  • ...
2022-08-15T09:12:41.389019Z Fix available
GHSA-fxph-q3j8-mv87
  • Maven/org.apache.logging.log4j:log4j
  • Maven/org.apache.logging.log4j:log4j-core
Deserialization of Untrusted Data in Log4j
  • 2.0
  • 2.0.1
  • 2.0.2
  • 2.1
  • 2.2
  • 2.3
  • 2.3.1
  • ...
2022-08-15T09:12:39.316693Z Fix available
GHSA-wm47-8v5p-wjpj
  • Maven/io.netty:netty-codec-http2
Possible request smuggling in HTTP/2 due missing validation
  • 4.1.0.Beta4
  • 4.1.0.Beta5
  • 4.1.0.Beta6
  • 4.1.0.Beta7
  • 4.1.0.Beta8
  • 4.1.0.CR1
  • 4.1.0.CR2
  • ...
2022-08-15T09:12:37.190648Z Fix available
GHSA-wg37-7mrv-cfwm
  • Maven/org.apache.jmeter:ApacheJMeter
Low severity vulnerability that affects org.apache.jmeter:ApacheJMeter
  • 2.10
  • 2.11
  • 2.12
  • 2.13
  • 2.6
  • 2.7
  • 2.8
  • ...
2022-08-15T09:12:36.083384Z Fix available
GHSA-r9ch-m4fh-fc7q
  • Maven/org.bouncycastle:bcprov-jdk14
  • Maven/org.bouncycastle:bcprov-jdk15
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
  • 1.38
  • 1.43
  • 1.44
  • 1.45
  • 1.46
  • 1.47
  • 1.48
  • ...
2022-08-15T09:12:34.024072Z Fix available
GHSA-8222-6fc8-mhvf
  • Maven/org.springframework.ws:spring-ws
  • Maven/org.springframework.ws:spring-ws
  • Maven/org.springframework.ws:spring-xml
  • Maven/org.springframework.ws:spring-xml
Vulnerability that affects org.springframework.ws:spring-ws and org.springframework.ws:spring-xml
  • 1.0-m2
  • 1.0-m3
  • 1.0-rc1
  • 1.0-rc2
  • 1.0.0
  • 1.0.1
  • 1.0.2
  • ...
2022-08-15T09:12:24.253159Z Fix available
GHSA-v7ff-8wcx-gmc5
  • Maven/org.eclipse.jetty:jetty-webapp
Authorization Before Parsing and Canonicalization in jetty
  • 9.4.37.v20210219
  • 9.4.38.v20210224
2022-08-15T09:12:22.817513Z Fix available
GHSA-7qx4-pp76-vrqh
  • Maven/org.apache.commons:commons-configuration2
Remote code execution in Apache Commons Configuration
  • 2.2
  • 2.3
  • 2.4
  • 2.5
  • 2.6
2022-08-15T09:12:18.780764Z Fix available