Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-w88f-4875-99c8
  • Maven/org.apache.druid:druid
 Apache Druid’s Kerberos authenticator uses a weak fallback secret 3 days ago
  • Fix available
  • Severity - 9.8 (Critical)
MAL-2025-191470
  • Maven/org.mvnpm:posthog-node
 Malicious code in org.mvnpm:posthog-node (Maven) 3 days ago
  • No fix available
GHSA-g9gq-3pfx-2gw2
  • Maven/com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer
 OWASP Java HTML Sanitizer is vulnerable to XSS via noscript tag and improper style tag sanitization 3 days ago
  • No fix available
  • Severity - 8.6 (High)
GHSA-mw3v-mmfw-3x2g
  • Maven/org.opensearch:opensearch-common
 OpenSearch is vulnerable to DoS via complex query_string inputs 3 days ago
  • Fix available
  • Severity - 8.3 (High)
GHSA-fjf5-xgmq-5525
  • Maven/org.geoserver.web:gs-web-app
  • Maven/org.geoserver:gs-wms
 GeoServer is vulnerable to Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature 3 days ago
  • Fix available
  • Severity - 8.2 (High)
GHSA-w66h-j855-qr72
  • Maven/org.geoserver.web:gs-web-app
  • Maven/org.geoserver:gs-wms
 GeoServer has a Reflected Cross-Site Scripting (XSS) vulnerability in its WMS GetFeatureInfo HTML format 3 days ago
  • Fix available
  • Severity - 6.1 (Medium)
GHSA-93vm-mqpw-8wh3
  • Maven/org.keycloak:keycloak-ldap-federation
 Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization 3 days ago
  • Fix available
  • Severity - 5.5 (Medium)
GHSA-jqg8-m35q-jh7j
  • Maven/org.apache.syncope:syncope-core
 Apache Syncope's AES encryption stores hard-coded passwords in internal database 4 days ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-cv3m-hxpc-4hvm
  • Maven/cn.dreampie:resty
 Resty has a Path Traversal vulnerability 20 Nov
  • No fix available
  • Severity - 2.9 (Low)
GHSA-wq4c-57mh-5f7g
  • Maven/org.apache.causeway.commons:causeway-commons
  • Maven/org.apache.causeway.core:causeway-applib
  • Maven/org.apache.causeway.core:causeway-core
  • Maven/org.apache.causeway.viewer:causeway-viewer-wicket
 Apache Causeway vulnerable to deserialization in Java 19 Nov
  • Fix available
  • Severity - 9.3 (Critical)
GHSA-8c52-x9w7-vc95
  • Maven/com.xwiki.pro:xwiki-pro-macros-ui
 XWiki view file macro: User can view content of office file without view rights on the attachment 18 Nov
  • Fix available
  • Severity - 6.8 (Medium)
GHSA-7p63-w6x9-6gr7
  • Maven/org.glassfish.jersey.core:jersey-client
 Eclipse Jersey has a Race Condition 18 Nov
  • Fix available
  • Severity - 9.4 (Critical)
GHSA-v7r8-8p5c-h4xw
  • Maven/com.xwiki.admintools:application-admintools
 XWiki AdminTools application doesn't set permissions on the AdminTools space 18 Nov
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-8wf8-frjg-xv74
  • Maven/lsfusion.platform:server
 lsFusion Server is vulnerable to Path Traversal through its unpackFile function 17 Nov
  • No fix available
  • Severity - 5.3 (Medium)
GHSA-cg6m-9276-qpjj
  • Maven/io.github.wwwlike:vlife-base
 vlife-base has Path Traversal vulnerability 17 Nov
  • No fix available
  • Severity - 5.5 (Medium)
GHSA-gwwr-j923-vq7r
  • Maven/lsfusion.platform:web-client
 lsFusion Platform has a Path Traversal vulnerability 17 Nov
  • No fix available
  • Severity - 5.5 (Medium)
Load more...