OSV

GHSA-wg4w-5m5r-w3p8

Maven/org.openapitools:openapi-generator-project

OpenAPI Generator vulnerable to Server-Side Request Forgery

3.0.0
3.0.1
3.0.2
3.0.3
3.1.0
3.1.1
3.1.2
...

2023-03-31T23:15:30.132700Z

No fix available

GHSA-h855-6hph-v363

Maven/cn.hippo4j:hippo4j-all

Hippo4j allows attacker to obtain sensitive info via ConfigVerifyController function of Tenant Management module

0.0.1
0.9.0
1.0.0
1.0.0-RC1
1.0.0-RC2
1.0.0-RC3
1.0.0-alpha
...

2023-03-31T23:06:14.098133Z

No fix available

GHSA-5x5q-8cgm-2hjq

Maven/com.intuit.karate:karate-core

Karate has vulnerable dependency on json-smart package (CVE-2023-1370)

1.3.1

2023-03-31T22:44:09Z

No fix available

GHSA-gpqq-59rp-3c3w

Maven/org.apache.inlong:inlong-manager

Apache InLong vulnerable to JDBC Deserialization of Untrusted Data

1.1.0-incubating
1.2.0-incubating
1.3.0
1.4.0
1.5.0

2023-03-31T16:16:15.574352Z

Fix available

GHSA-6wxg-wh7f-rqpr

Maven/org.neo4j.procedure:apoc-core
Maven/org.neo4j.procedure:apoc-core

XML External Entity (XXE) vulnerability in apoc.import.graphml

5.0.0
5.1.0
5.2.0
5.2.1
5.3.0
5.4.0
5.4.1

2023-03-31T16:16:03.332247Z

Fix available

GHSA-fg2v-w576-w4v3

Maven/net.minidev:json-smart
Maven/net.minidev:json-smart

Out of bounds read in json-smart

1.3
1.3.1
1.3.2
2.4.1
2.4.2

2023-03-31T16:15:48.743128Z

Fix available

GHSA-9wx7-jrvc-28mm

PyPI/starkbank-ecdsa
Maven/com.starkbank:ecdsa-java
NuGet/starkbank-ecdsa
npm/starkbank-ecdsa

Signature verification vulnerability in Stark Bank ecdsa libraries

0.1
0.1.1
0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
...

2023-03-31T16:02:14.827308Z

Fix available

GHSA-jjjh-jjxp-wpff

Maven/com.fasterxml.jackson.core:jackson-databind
Maven/com.fasterxml.jackson.core:jackson-databind

Uncontrolled Resource Consumption in Jackson-databind

2.10.0
2.10.0.pr1
2.10.0.pr2
2.10.0.pr3
2.10.1
2.10.2
2.10.3
...

2023-03-31T15:02:46.106250Z

Fix available

GHSA-9vx8-f5c4-862x

Maven/org.neo4j.procedure:apoc
Maven/org.neo4j.procedure:apoc

XML External Entity (XXE) vulnerability in apoc.import.graphml

1.0.0
1.0.0-RC1
1.1.0
3.0.4.1
3.0.4.2
3.0.8.4
3.0.8.5
...

2023-03-31T14:39:07.353701Z

Fix available

GHSA-7rjp-fgwj-47rw

Maven/org.apache.shenyu:shenyu-common

Missing authentication in ShenYu

2.4.0
2.4.1

2023-03-31T00:29:37.148190Z

Fix available

GHSA-73rx-3f9r-x949

Maven/org.apache.tomcat:tomcat
Maven/org.apache.tomcat:tomcat
Maven/org.apache.tomcat:tomcat
Maven/org.apache.tomcat:tomcat

Insufficient Verification of Data Authenticity in Apache Tomcat

9.0.0.M1
9.0.0.M10
9.0.0.M11
9.0.0.M13
9.0.0.M15
9.0.0.M17
9.0.0.M18
...

2023-03-30T23:33:11.254229Z

Fix available

GHSA-34m5-796p-mjcp

Maven/org.apache.uima:uima-ducc-parent

Apache UIMA DUCC allows remote code execution

1.0.0
1.1.0
2.0.0
2.0.1
2.1.0
2.2.0
2.2.1
...

2023-03-30T22:06:18.285204Z

No fix available

GHSA-m4fv-gm5m-4725

Maven/org.keycloak:keycloak-services

HTML Injection in Keycloak Admin REST API

1.0-alpha-1
1.0-alpha-1-12062013
1.0-alpha-2
1.0-alpha-3
1.0-alpha-4
1.0-beta-1
1.0-beta-1-20150521
...

2023-03-30T13:31:49.792237Z

Fix available

GHSA-cf8q-j9h3-7237

Maven/org.codehaus.mevenide:netbeans

Improper Verification of Cryptographic Signature in Apache Netbeans

1.2
1.3
1.4
3.0.10
3.0.12
3.0.9
3.1.1
...

2023-03-30T05:37:16.534827Z

No fix available

GHSA-j7xg-5549-jr3j

Maven/org.zaproxy:zap

Improper Certificate Validation in OWASP ZAP

2.10.0
2.11.0
2.11.1
2.5.0
2.6.0
2.7.0
2.8.0
...

2023-03-30T05:36:00.019870Z

No fix available

GHSA-8xjp-rp29-v5j8

Maven/ru.yandex.jenkins.plugins.debuilder:debian-package-builder

Agent-to-controller security bypass in Jenkins Debian Package Builder Plugin

1.2
1.3
1.4
1.4.1
1.4.2
1.5.1
1.5.2
...

2023-03-30T05:35:26.743892Z

No fix available

Vulnerability Library