OSV - Open Source Vulnerabilities

GHSA-jx2w-vp7f-456q

Maven/io.quarkiverse.openapi.generator:quarkus-openapi-generator

quarkus-openapi-generator extension has Zip Slip Path Traversal in ApicurioCodegenWrapper class

9 hours ago

Fix available
Severity - 6.3 (Medium)

GHSA-gc59-r5jq-98qw

Maven/org.eclipse.jetty.ee10:jetty-ee10

Eclipse Jetty: Early return from the JASPIAuthenticator code can potentially no clear ThreadLocal variables

13 hours ago

Fix available
Severity - 7.4 (High)

GHSA-h259-74h5-4rh9

Maven/org.xwiki.platform:xwiki-platform-legacy-oldcore
Maven/org.xwiki.platform:xwiki-platform-oldcore

XWiki vulnerable to remote code execution with script right through unprotected Velocity scripting API

13 hours ago

Fix available
Severity - 8.6 (High)

GHSA-hxf2-gm22-7vcm

Maven/gov.nsa.emissary:emissary

Emissary has a Path Traversal via Blacklist Bypass in Configuration API

yesterday

Fix available
Severity - 5.3 (Medium)

GHSA-6c37-7w4p-jg9v

Maven/gov.nsa.emissary:emissary

Emissary has a Command Injection via PLACE_NAME Configuration in Executrix

yesterday

Fix available
Severity - 7.2 (High)

GHSA-3g6g-gq4r-xjm9

Maven/gov.nsa.emissary:emissary

Emissary has GitHub Actions Shell Injection via Workflow Inputs

yesterday

Fix available
Severity - 9.1 (Critical)

GHSA-wpwf-v25w-54g3

Maven/tech.powerjob:powerjob-server-starter

PowerJob's GroovyEvaluator.evaluate endpoint vulnerable to code injection

yesterday

No fix available
Severity - 6.9 (Medium)

GHSA-4fp2-3xgg-jg4w

Maven/tech.powerjob:powerjob-server-starter

PowerJob vulnerable to SQL injection

yesterday

No fix available
Severity - 5.5 (Medium)

GHSA-cpm7-cfpx-3hvp

Maven/gov.nsa.emissary:emissary

Emissary has Stored XSS via Navigation Template Link Injection

yesterday

Fix available
Severity - 4.8 (Medium)

GHSA-8jxr-pr72-r468

Maven/io.modelcontextprotocol.sdk:mcp-core

Java-SDK has a DNS Rebinding Vulnerability

yesterday

Fix available
Severity - 7.6 (High)

GHSA-fh34-c629-p8xj

Maven/org.apache.cassandra:cassandra-all

Apache Cassandra has sensitive Information Leak in cqlsh

yesterday

Fix available
Severity - 6.9 (Medium)

GHSA-qffm-gf3j-6mvg

Maven/org.apache.cassandra:cassandra-all

Apache Cassandra has an authenticated DoS over CQL

yesterday

Fix available
Severity - 2.3 (Low)

GHSA-qxpc-96fq-wwmg

Maven/org.apache.cassandra:cassandra-all

Apache Cassandra is vulnerable to privilege escalation in an mTLS environment using MutualTlsAuthenticator

yesterday

Fix available
Severity - 8.8 (High)

GHSA-2cqq-rpvq-g5qj

Maven/org.openidentityplatform.openam:openam

OpenIdentityPlatform OpenAM: Pre-Authentication Remote Code Execution via `jato.clientSession` Deserialization in OpenAM

yesterday

Fix available
Severity - 9.3 (Critical)

GHSA-h2h4-5m64-m273

Maven/org.apache.activemq:activemq-all
Maven/org.apache.activemq:activemq-broker
Maven/org.apache.activemq:activemq-client
Maven/org.apache.activemq:activemq-web

Apache ActiveMQ: Improper validation and restriction of a classpath path name

yesterday

Fix available
Severity - 4.3 (Medium)

GHSA-5v8v-xvjv-57x7

Maven/org.keycloak:keycloak-services

Keycloak vulnerable to information disclosure via CORS header injection due to unvalidated JWT azp claim

2 days ago

No fix available
Severity - 3.7 (Low)