Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-qqw8-7c2r-jxch
  • Maven/dev.sigstore:sigstore-java
 Sigstore Java has a vulnerability with bundle verification of integratedTime 1 hour ago
  • Fix available
  • Severity - 2.0 (Low)
GHSA-4v2w-2wqp-mc85
  • Maven/org.openidentityplatform.openam:openam-oauth2
 OpenAM OAuth Authorization Bypass via PKCE Challenge yesterday
  • Fix available
  • Severity - 4.9 (Medium)
GHSA-f2cx-463q-7m2c
  • Maven/org.openidentityplatform.openam:openam-oauth2
 OpenAM OAuth Client Impersonation via JWKS Resolver Cache yesterday
  • Fix available
  • Severity - 7.1 (High)
GHSA-69j4-qvqr-hpw3
  • Maven/org.openidentityplatform.openam:openam-scripting
 OpenAM Authenticated RCE via Groovy Sandbox Escape yesterday
  • Fix available
  • Severity - 7.5 (High)
GHSA-gf57-4mp6-m85x
  • Maven/org.openidentityplatform.openam:openam-auth-oauth2
 OpenAM Account Takeover via Unverified Password Change in OAuth2 Module 4 days ago
  • Fix available
  • Severity - 8.7 (High)
GHSA-xq73-fvmr-jvmm
  • Maven/org.openidentityplatform.openam:openam-auth-msisdn
 OpenAM Authentication Bypass via MSISDN LDAP Injection 4 days ago
  • Fix available
  • Severity - 8.7 (High)
GHSA-92qf-fcph-v5wr
  • Maven/io.nextflow:nextflow
 nextflow auth login command has incorrect default permissions 4 days ago
  • Fix available
  • Severity - 5.5 (Medium)
GHSA-386j-6m86-78f9
  • Maven/org.openidentityplatform.openam:openam-radius
 OpenAM: Unauthenticated Authentication Bypass via RADIUS Spoofing 5 days ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-cj8f-2fhf-826r
  • Maven/org.openidentityplatform.openam:openam-oauth2
 OpenAM Arbitrary OAuth Token Minting via Push Registration 5 days ago
  • Fix available
  • Severity - 7.1 (High)
GHSA-pp89-732f-3g8q
  • Maven/org.openidentityplatform.openam:openam-push-notification
 OpenAM has Unsafe Java Deserialization via SNS 5 days ago
  • Fix available
  • Severity - 7.7 (High)
GHSA-p462-xxwx-pqf4
  • Maven/org.openidentityplatform.openam:openam-federation-library
 OpenAM Pre-auth User Profile Tampering via Anonymous SOAP Authn in Liberty IDPP/Discovery Endpoints 6 days ago
  • Fix available
  • Severity - 9.3 (Critical)
GHSA-6c99-87fr-6q7r
  • Maven/org.openidentityplatform.openam:openam-auth-webauthn
 OpenAM: Pre-auth RCE via Java Deserialization in WebAuthn Authenticator Storage 6 days ago
  • Fix available
  • Severity - 9.2 (Critical)
GHSA-r6fj-869h-4f6q
  • Maven/io.netty.incubator:netty-incubator-codec-ohttp
 OHttpVersionChunkDraft: Missing Final-Chunk Enforcement Leads to Undetected Stream Truncation 6 days ago
  • Fix available
  • Severity - 6.6 (Medium)
GHSA-5hh8-q8hv-fr38
  • Maven/com.fasterxml.jackson.core:jackson-databind
  • Maven/tools.jackson.core:jackson-databind
 jackson-databind has @JsonView bypass for setterless creator properties 6 days ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-9fxm-vc8v-hj55
  • Maven/com.fasterxml.jackson.core:jackson-databind
  • Maven/tools.jackson.core:jackson-databind
 jackson-databind's renamed @JsonIgnore'd setters can deserialize via private fields 6 days ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-5jmj-h7xm-6q6v
  • Maven/com.fasterxml.jackson.core:jackson-databind
  • Maven/tools.jackson.core:jackson-databind
 jackson-databind has case-insensitive deserialization bypasses per-property @JsonIgnoreProperties 6 days ago
  • Fix available
  • Severity - 5.3 (Medium)
Load more...