Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-rjgh-wgc7-m37j
  • Maven/com.vaadin:flow-server
  • Maven/com.vaadin:vaadin
 Vaadin Vulnerable to Authentication Bypass When Accessing the /VAADIN Endpoint Without a Trailing Slash 3 days ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-jjwr-xmw6-gf78
  • Maven/org.apache.pdfbox:pdfbox-examples
 Apache PDFBox has Path Traversal through PDComplexFileSpecification.getFilename() function 3 days ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-6w48-2g9j-v9q5
  • Maven/org.apache.iotdb:iotdb-core
 Apache IoTDB has an Improper Input Validation vulnerability 4 days ago
  • Fix available
  • Severity - 9.8 (Critical)
GHSA-74cf-pgh9-m5q2
  • Maven/org.apache.iotdb:iotdb-core
 Apache IoTDB has an Insecure Default Configuration Vulnerability 4 days ago
  • Fix available
  • Severity - 9.8 (Critical)
GHSA-7xrh-hqfc-g7qr
  • Maven/org.apache.zookeeper:zookeeper
 Apache ZooKeeper: Reverse-DNS fallback enables hostname verification bypass in ZooKeeper ZKTrustManager 6 days ago
  • Fix available
  • Severity - 7.4 (High)
GHSA-crhr-qqj8-rpxc
  • Maven/org.apache.zookeeper:zookeeper
 Apache ZooKeeper has improper handling of configuration values 6 days ago
  • Fix available
  • Severity - 8.7 (High)
GHSA-wjpw-4j6x-6rwh
  • Maven/org.eclipse.jetty:jetty-http
 org.eclipse.jetty:jetty-http has different parsing of invalid URIs 05 Mar
  • Fix available
  • Severity - 3.7 (Low)
GHSA-6wcw-r64p-qrrw
  • Maven/org.cloudfoundry.identity:cloudfoundry-identity-server
 Cloudfoundry UAA has logic error in the token revocation endpoint implementation 05 Mar
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-8cr3-vpxx-92cx
  • Maven/org.keycloak:keycloak-broker-saml
 Keycloak SAML Broken has Authentication Bypass by Primary Weakness 05 Mar
  • No fix available
  • Severity - 8.8 (High)
GHSA-m297-3jv9-m927
  • Maven/org.keycloak:keycloak-services
 Keycloak allows authentication using an Identity Provider (IdP) even after it has been disabled by an administrator 05 Mar
  • Fix available
  • Severity - 8.1 (High)
GHSA-xxh7-fcf3-rj7f
  • Maven/org.eclipse.jetty:jetty-server
 The Eclipse Jetty Server Artifact has a Gzip request memory leak 05 Mar
  • Fix available
  • Severity - 7.5 (High)
GHSA-pm7g-w2cf-q238
  • Maven/org.pac4j:pac4j-jwt
 pac4j-jwt: JwtAuthenticator Authentication Bypass via JWE-Wrapped PlainJWT 05 Mar
  • Fix available
  • Severity - 10.0 (Critical)
GHSA-6v53-7c9g-w56r
  • Maven/tools.jackson.core:jackson-core
 jackson-core has Nesting Depth Constraint Bypass in `UTF8DataInputJsonParser` potentially allowing Resource Exhaustion 04 Mar
  • Fix available
  • Severity - 8.7 (High)
GHSA-h2xq-h7f9-vh6c
  • Maven/org.xwiki.contrib.blog:application-blog-ui
 XWiki Blog Application home page vulnerable to Stored XSS via Post Title 04 Mar
  • Fix available
  • Severity - 8.6 (High)
GHSA-c825-6ph3-4h84
  • Maven/org.apache.activemq:activemq-all
  • Maven/org.apache.activemq:activemq-mqtt
  • Maven/org.apache.activemq:apache-activemq
 Apache ActiveMQ is Vulnerable to Integer Overflow or Wraparound 04 Mar
  • Fix available
  • Severity - 5.4 (Medium)
GHSA-fw88-pf9m-p947
  • Maven/org.apache.activemq:artemis-server
  • Maven/org.apache.artemis:artemis-server
 Apache Artemis and Apache ActiveMQ Artemis are Missing Authentication for Critical Functions 04 Mar
  • Fix available
  • Severity - 9.3 (Critical)
Load more...