Vulnerability Library

ID
Packages
Summary
Affected versions
Last modified
Fix
GHSA-rhgr-952r-6p8q
  • Maven/org.apache.maven.shared:maven-shared-utils
Command injection in Apache Maven maven-shared-utils
  • 0.1
  • 0.2
  • 0.3
  • 0.4
  • 0.5
  • 0.6
  • 0.7
  • ...
2022-09-30T08:35:38.043835Z Fix available
GHSA-jx7c-7mj5-9438
  • Maven/org.apache.tomcat:tomcat
  • Maven/org.apache.tomcat:tomcat
  • Maven/org.apache.tomcat:tomcat
  • Maven/org.apache.tomcat:tomcat
Apache Tomcat Race Condition vulnerability
  • 8.5.0
  • 8.5.11
  • 8.5.12
  • 8.5.13
  • 8.5.14
  • 8.5.15
  • 8.5.16
  • ...
2022-09-30T06:55:53.203519Z Fix available
GHSA-m54f-rp6r-rrrm
  • Maven/com.xuxueli:xxl-job-core
XXL-JOB contains a Command execution vulnerability in background tasks
  • 1.4.1
  • 1.4.2
  • 1.5.0
  • 1.5.1
  • 1.5.2
  • 1.6.0
  • 1.6.1
  • ...
2022-09-30T06:55:29.822674Z No fix available
GHSA-f36p-42jv-8rh2
  • Maven/com.wire:lithium
Lithium vulnerable to Cross Site Scripting in provided Swagger-UI
  • 3.3.0
  • 3.3.1
  • 3.3.2
  • 3.3.3
  • 3.3.4
  • 3.3.5
  • 3.3.6
  • ...
2022-09-30T05:47:30.093672Z Fix available
GHSA-2pvj-p485-cp3m
  • Maven/org.matrix.android:matrix-android-sdk2
matrix-android-sdk2 vulnerable to impersonation via forwarded Megolm sessions
  • 0.0.2
  • 1.2.1
  • 1.3.0
  • 1.3.10
  • 1.3.13
  • 1.3.14
  • 1.3.18
  • ...
2022-09-30T05:37:51.032845Z Fix available
GHSA-j3qw-g67q-7m64
  • Maven/org.apache.pulsar:pulsar-broker
  • Maven/org.apache.pulsar:pulsar-proxy
  • Maven/org.apache.pulsar:pulsar-broker
  • Maven/org.apache.pulsar:pulsar-proxy
  • Maven/org.apache.pulsar:pulsar-broker
  • Maven/org.apache.pulsar:pulsar-proxy
  • Maven/org.apache.pulsar:pulsar-broker
  • Maven/org.apache.pulsar:pulsar-proxy
Apache Pulsar Brokers and Proxies vulnerable to Improper Certificate Validation
  • 1.19.0-incubating
  • 1.20.0-incubating
  • 1.21.0-incubating
  • 1.22.0-incubating
  • 1.22.1-incubating
  • 2.0.0-rc1-incubating
  • 2.0.1-incubating
  • ...
2022-09-30T04:54:41.234572Z Fix available
GHSA-fpgf-pjjv-2qgm
  • Maven/org.matrix.android:matrix-android-sdk2
matrix-android-sdk2 vulnerable to Olm/Megolm protocol confusion
  • 0.0.2
  • 1.2.1
  • 1.3.0
  • 1.3.10
  • 1.3.13
  • 1.3.14
  • 1.3.18
  • ...
2022-09-30T04:54:28.964435Z Fix available
GHSA-cxgf-v2p8-7ph7
  • Maven/com.zaxxer:nuprocess
NuProcess vulnerable to command-line injection through insertion of NUL character(s)
  • 1.2.0
  • 1.2.1
  • 1.2.2
  • 1.2.3
  • 1.2.4
  • 1.2.5
  • 1.2.6
  • ...
2022-09-30T04:54:21.234221Z Fix available
GHSA-8qv5-68g4-248j
  • Maven/org.scala-lang:scala-library
Scala subject to file deletion, code execution due to Java deserialization chain with LazyList object deserialization
  • 2.13.0
  • 2.13.1
  • 2.13.2
  • 2.13.3
  • 2.13.4
  • 2.13.5
  • 2.13.6
  • ...
2022-09-30T02:55:13.545999Z Fix available
GHSA-c5fp-x2h5-vjv7
  • Maven/org.apache.pulsar:pulsar-client
  • Maven/org.apache.pulsar:pulsar-client
  • Maven/org.apache.pulsar:pulsar-client
  • Maven/org.apache.pulsar:pulsar-client
Apache Pulsar Java Client vulnerable to Improper Certificate Validation
  • 1.19.0-incubating
  • 1.20.0-incubating
  • 1.21.0-incubating
  • 1.22.0-incubating
  • 1.22.1-incubating
  • 2.0.0-rc1-incubating
  • 2.0.1-incubating
  • ...
2022-09-30T00:31:32.920028Z Fix available
GHSA-jvf3-mfxv-jcqr
  • Maven/org.apache.pulsar:pulsar-broker
  • Maven/org.apache.pulsar:pulsar-proxy
  • Maven/org.apache.pulsar:pulsar-broker
  • Maven/org.apache.pulsar:pulsar-proxy
  • Maven/org.apache.pulsar:pulsar-broker
  • Maven/org.apache.pulsar:pulsar-proxy
  • Maven/org.apache.pulsar:pulsar-broker
  • Maven/org.apache.pulsar:pulsar-proxy
Apache Pulsar Broker, Proxy, and WebSocket Proxy vulnerable to Improper Certificate Validation
  • 1.19.0-incubating
  • 1.20.0-incubating
  • 1.21.0-incubating
  • 1.22.0-incubating
  • 1.22.1-incubating
  • 2.0.0-rc1-incubating
  • 2.0.1-incubating
  • ...
2022-09-30T00:31:19.012272Z Fix available
GHSA-qj9p-jvmw-82rh
  • Maven/org.apache.pinot:pinot
Apache Pinot has Groovy Function support enabled by default
  • 0.1.0
  • 0.10.0
  • 0.2.0
  • 0.3.0
  • 0.4.0
  • 0.5.0
  • 0.6.0
  • ...
2022-09-29T14:50:46.851117Z Fix available
GHSA-hhxh-qphc-v423
  • Maven/com.nepxion:discovery
Nepxion Discovery vulnerable to potential Information Disclosure due to Server-Side Request Forgery
  • 1.0.0
  • 1.0.1
  • 2.0.0
  • 2.0.1
  • 2.0.10
  • 2.0.11
  • 2.0.2
  • ...
2022-09-28T04:16:42.192245Z No fix available
GHSA-q979-9m39-23mq
  • Maven/com.nepxion:discovery
Nepxion Discovery vulnerable to SpEL Injection leading to Remote Code Execution
  • 1.0.0
  • 1.0.1
  • 2.0.0
  • 2.0.1
  • 2.0.10
  • 2.0.11
  • 2.0.2
  • ...
2022-09-28T04:16:26.710101Z No fix available
GHSA-3mg9-m3f6-v7fq
  • Maven/org.apache.pulsar:pulsar
  • Maven/org.apache.pulsar:pulsar
  • Maven/org.apache.pulsar:pulsar
Proxy component of Apache Pulsar subject to abuse as Denial of Service endpoint
  • 1.19.0-incubating
  • 1.20.0-incubating
  • 1.21.0-incubating
  • 1.22.0-incubating
  • 1.22.1-incubating
  • 2.0.0-rc1-incubating
  • 2.0.1-incubating
  • ...
2022-09-28T04:16:02.611443Z Fix available
GHSA-jq8c-j47c-vvwm
  • Maven/soap:soap
Apache SOAP's RPCRouterServlet allows reading of arbitrary files over HTTP
  • 2.2
  • 2.3
  • 2.3.1
2022-09-27T22:24:38.890942Z No fix available