Vulnerability Library

ID
Packages
Summary
Affected versions
Published
Fix
GHSA-cq42-vhv7-xr7p
  • Maven/org.keycloak:keycloak-services
Keycloak Denial of Service via account lockout
  • 1.0-alpha-1
  • 1.0-alpha-1-12062013
  • 1.0-alpha-2
  • 1.0-alpha-3
  • 1.0-alpha-4
  • 1.0-beta-1
  • 1.0-beta-1-20150521
  • ...
2024-06-12T19:42:21Z Fix available
GHSA-4vc8-pg5c-vg4x
  • Maven/org.keycloak:keycloak-services
Keycloak's improper input validation allows using email as username
  • 1.0-alpha-1
  • 1.0-alpha-1-12062013
  • 1.0-alpha-2
  • 1.0-alpha-3
  • 1.0-alpha-4
  • 1.0-beta-1
  • 1.0-beta-1-20150521
  • ...
2024-06-12T19:41:05Z Fix available
GHSA-6q97-8v3g-rpxw
  • Maven/org.apache.submarine:submarine-server-core
Apache Submarine Server Core Incorrect Authorization vulnerability
  • 0.4.0
  • 0.6.0
  • 0.7.0
  • 0.8.0
  • 0.8.0-RC0
2024-06-12T15:31:45Z No fix available
GHSA-v74c-qc46-9gg9
  • Maven/org.apache.submarine:submarine-server-core
Apache Submarine Server Core has a SQL Injection Vulnerability
  • 0.4.0
  • 0.6.0
  • 0.7.0
  • 0.8.0
  • 0.8.0-RC0
2024-06-12T15:31:45Z No fix available
GHSA-jwcg-wv5x-vg3g
  • Maven/org.apache.submarine:submarine-commons-utils
Apache Submarine Commons Utils has a hard-coded secret
  • 0.4.0
  • 0.6.0
  • 0.7.0
  • 0.8.0
  • 0.8.0-RC0
2024-06-12T15:31:44Z No fix available
GHSA-2cww-fgmg-4jqc
  • Maven/org.keycloak:keycloak-services
Keycloak's admin API allows low privilege users to use administrative functions
  • 1.0-alpha-1
  • 1.0-alpha-1-12062013
  • 1.0-alpha-2
  • 1.0-alpha-3
  • 1.0-alpha-4
  • 1.0-beta-1
  • 1.0-beta-1-20150521
  • ...
2024-06-11T20:22:40Z Fix available
GHSA-m5vv-6r4h-3vj9
  • PyPI/azure-identity
  • npm/@azure/identity
  • Maven/com.azure:azure-identity
  • npm/@azure/msal-node
  • NuGet/Microsoft.Identity.Client
  • Go/github.com/Azure/azure-sdk-for-go/sdk/azidentity
  • Maven/com.microsoft.azure:msal4j
  • NuGet/Azure.Identity
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
  • 1.0.0
  • 1.0.0b1
  • 1.0.0b2
  • 1.0.0b3
  • 1.0.0b4
  • 1.0.1
  • 1.1.0
  • ...
2024-06-11T18:30:50Z Fix available
GHSA-69fp-7c8p-crjr
  • Maven/org.keycloak:keycloak-services
Keycloak exposes sensitive information in Pushed Authorization Requests (PAR)
  • 1.0-alpha-1
  • 1.0-alpha-1-12062013
  • 1.0-alpha-2
  • 1.0-alpha-3
  • 1.0-alpha-4
  • 1.0-beta-1
  • 1.0-beta-1-20150521
  • ...
2024-06-10T18:36:56Z Fix available
GHSA-92wp-jghr-hh87
Weak encryption in Ninja Core
  • 7.0.0
2024-06-07T00:30:37Z No fix available
GHSA-g762-h86w-8749
  • Maven/io.netty.incubator:netty-incubator-codec-ohttp
BoringSSLAEADContext in Netty Repeats Nonces
  • 0.0.10.Final
  • 0.0.3.Final
  • 0.0.4.Final
  • 0.0.5.Final
  • 0.0.6.Final
  • 0.0.7.Final
  • 0.0.8.Final
  • ...
2024-06-05T16:53:49Z Fix available
GHSA-8wh2-6qhj-h7j9
  • Maven/org.iq80.snappy:snappy
iq80 Snappy out-of-bounds read when uncompressing data, leading to JVM crash
  • 0.1
  • 0.2
  • 0.3
  • 0.4
2024-06-04T17:38:31Z Fix available
GHSA-4w54-wwc9-x62c
  • Maven/org.silverpeas.core:silverpeas-core
Silverpeas authentication bypass
  • See details.
2024-06-03T06:30:53Z Fix available
GHSA-973x-65j7-xcf4
  • Maven/io.airlift:aircompressor
Decompressors can crash the JVM and leak memory content in Aircompressor
  • 0.10
  • 0.11
  • 0.12
  • 0.13
  • 0.14
  • 0.15
  • 0.16
  • ...
2024-06-02T22:30:02Z Fix available
GHSA-vg6x-pchq-98mg
  • Maven/org.opencms:opencms-core
OpenCMS Cross-Site Scripting vulnerability
  • 16.0
2024-05-30T19:49:04Z Fix available
GHSA-g3hr-p86p-593h
  • Maven/org.openapitools:openapi-generator-online
OpenAPI Generator Online - Arbitrary File Read/Delete
  • 3.0.0
  • 3.0.1
  • 3.0.2
  • 3.0.3
  • 3.1.0
  • 3.1.1
  • 3.1.2
  • ...
2024-05-28T15:47:57Z Fix available
GHSA-hfg7-j82c-fr3w
  • Maven/org.soot-oss:soot
Soot Infinite Loop vulnerability
  • 4.1.0
  • 4.2.0
  • 4.2.1
  • 4.3.0
  • 4.4.0
2024-05-24T20:09:40Z Fix available