Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-crhr-qqj8-rpxc
  • Maven/org.apache.zookeeper:zookeeper
 Apache ZooKeeper has improper handling of configuration values 2 days ago
  • Fix available
  • Severity - 8.7 (High)
GHSA-wjpw-4j6x-6rwh
  • Maven/org.eclipse.jetty:jetty-http
 org.eclipse.jetty:jetty-http has different parsing of invalid URIs 4 days ago
  • Fix available
  • Severity - 3.7 (Low)
GHSA-6wcw-r64p-qrrw
  • Maven/org.cloudfoundry.identity:cloudfoundry-identity-server
 Cloudfoundry UAA has logic error in the token revocation endpoint implementation 4 days ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-8cr3-vpxx-92cx
  • Maven/org.keycloak:keycloak-broker-saml
 Keycloak SAML Broken has Authentication Bypass by Primary Weakness 4 days ago
  • No fix available
  • Severity - 8.8 (High)
GHSA-m297-3jv9-m927
  • Maven/org.keycloak:keycloak-services
 Keycloak allows authentication using an Identity Provider (IdP) even after it has been disabled by an administrator 4 days ago
  • Fix available
  • Severity - 8.1 (High)
GHSA-xxh7-fcf3-rj7f
  • Maven/org.eclipse.jetty:jetty-server
 The Eclipse Jetty Server Artifact has a Gzip request memory leak 4 days ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-pm7g-w2cf-q238
  • Maven/org.pac4j:pac4j-jwt
 pac4j-jwt: JwtAuthenticator Authentication Bypass via JWE-Wrapped PlainJWT 5 days ago
  • Fix available
  • Severity - 10.0 (Critical)
GHSA-6v53-7c9g-w56r
  • Maven/tools.jackson.core:jackson-core
 jackson-core has Nesting Depth Constraint Bypass in `UTF8DataInputJsonParser` potentially allowing Resource Exhaustion 5 days ago
  • Fix available
  • Severity - 8.7 (High)
GHSA-h2xq-h7f9-vh6c
  • Maven/org.xwiki.contrib.blog:application-blog-ui
 XWiki Blog Application home page vulnerable to Stored XSS via Post Title 5 days ago
  • Fix available
  • Severity - 8.6 (High)
GHSA-c825-6ph3-4h84
  • Maven/org.apache.activemq:activemq-all
  • Maven/org.apache.activemq:activemq-mqtt
  • Maven/org.apache.activemq:apache-activemq
 Apache ActiveMQ is Vulnerable to Integer Overflow or Wraparound 5 days ago
  • Fix available
  • Severity - 5.4 (Medium)
GHSA-fw88-pf9m-p947
  • Maven/org.apache.activemq:artemis-server
  • Maven/org.apache.artemis:artemis-server
 Apache Artemis and Apache ActiveMQ Artemis are Missing Authentication for Critical Functions 5 days ago
  • Fix available
  • Severity - 9.3 (Critical)
GHSA-5fvg-qwcp-r325
  • Maven/org.apache.ranger:ranger-nifi-registry-plugin
 Apache Ranger Vulnerable to Improper Validation of Certificate with Host Mismatch 6 days ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-c87w-642h-m97h
  • Maven/org.apache.ranger:ranger-plugins-common
 Apache Ranger has a Code Injection vulnerability 6 days ago
  • Fix available
  • Severity - 9.8 (Critical)
GHSA-8rr6-2qw5-pc7r
  • Maven/net.sourceforge.pmd:pmd-core
 PMD Designer has Stored XSS in VBHTMLRenderer and YAHTMLRenderer via unescaped violation messages 28 Feb
  • Fix available
  • Severity - 6.8 (Medium)
GHSA-72hv-8253-57qq
  • Maven/com.fasterxml.jackson.core:jackson-core
  • Maven/tools.jackson.core:jackson-core
 jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition 28 Feb
  • Fix available
  • Severity - 8.7 (High)
GHSA-j273-m5qq-6825
  • Maven/com.github.junrar:junrar
 Junrar has an arbitrary file write due to backslash Path Traversal bypass in LocalFolderExtractor on Linux/Unix 27 Feb
  • Fix available
  • Severity - 5.9 (Medium)
Load more...