OSV - Open Source Vulnerabilities

GHSA-hv2w-8mjj-jw22

Maven/io.modelcontextprotocol.sdk:mcp-core

MCP Java SDK has a Hardcoded Wildcard CORS (Access-Control-Allow-Origin: *)

3 days ago

Fix available
Severity - 6.1 (Medium)

GHSA-vr79-8m62-wh98

Maven/ca.uhn.hapi.fhir:org.hl7.fhir.validation

FHIR Validator HTTP service has SSRF via /loadIG Chains with startsWith() Credential Leak for Authentication Token Theft

3 days ago

Fix available
Severity - 9.3 (Critical)

GHSA-3ww8-jw56-9f5h

Maven/ca.uhn.hapi.fhir:org.hl7.fhir.core

FHIR Validator: Unauthenticated Blind SSRF via /loadIG Endpoint Enables Internal Network Probing

3 days ago

Fix available
Severity - 5.8 (Medium)

GHSA-fgv2-4q4g-wc35

Maven/ca.uhn.hapi.fhir:org.hl7.fhir.core
Maven/ca.uhn.hapi.fhir:org.hl7.fhir.utilities

HAPI FHIR Core has Authentication Credential Leakage via Improper URL Prefix Matching on HTTP Redirect

3 days ago

Fix available
Severity - 7.4 (High)

GHSA-x27p-5f68-m644

Maven/io.trino:trino-iceberg

Trino: Iceberg REST catalog static and vended credentials are accessible via query JSON

4 days ago

Fix available
Severity - 7.7 (High)

GHSA-443w-3rq3-5m5h

Maven/software.amazon.awssdk:cloudfront

AWS SDK for Java 2.0: Improper Handling of Special Characters in CloudFront Signing Utilities

6 days ago

Fix available
Severity - 7.7 (High)

GHSA-3gv6-g396-9v4r

Maven/io.undertow:undertow-parent

Undertow is Vulnerable to HTTP Request/Response Smuggling

6 days ago

No fix available
Severity - 8.7 (High)

GHSA-8v4x-mgvp-p658

Maven/io.undertow:undertow-parent

Undertow is Vulnerable to HTTP Request/Response Smuggling

6 days ago

No fix available
Severity - 8.7 (High)

GHSA-vqqj-9cmv-hx43

Maven/io.undertow:undertow-parent

Undertow is Vulnerable to HTTP Request/Response Smuggling

6 days ago

No fix available
Severity - 8.7 (High)

GHSA-44f4-gvwj-6qg3

Maven/org.springframework.ai:spring-ai-redis-store

Spring AI Redis Store has TAG Field Query Injection Through Improper Neutralization of Special Characters

27 Mar

Fix available
Severity - 7.5 (High)

GHSA-7cj7-rcw6-p68v

Maven/org.springframework.ai:spring-ai-neo4j-store

Spring AI has a Cypher Injection vulnerability in Neo4jVectorFilterExpressionConverter

27 Mar

Fix available
Severity - 7.5 (High)

GHSA-mhrg-94vw-45c5

Maven/org.springframework.ai:spring-ai-bedrock-converse

Spring AI: Insufficient Validation causes SSRF when processing multimodal messages with user-supplied URLs

27 Mar

Fix available
Severity - 8.6 (High)

GHSA-fvh3-672c-7p6c

Maven/org.springframework.ai:spring-ai-vector-store

Spring AI: SpEL injection is triggered when a user-supplied value is used as a filter expression key

27 Mar

Fix available
Severity - 9.8 (Critical)

GHSA-7xf9-4jfc-wgm4

Maven/org.keycloak:keycloak-services

Keycloak: manage-clients permission escalates to full realm admin access

26 Mar

Fix available
Severity - 6.5 (Medium)

GHSA-q35r-vvhv-vx5h

Maven/org.keycloak:keycloak-model-jpa
Maven/org.keycloak:keycloak-server-spi-private
Maven/org.keycloak:keycloak-services

Keycloak: Missing Role Enforcement on UMA 2.0 Permission Ticket Endpoint Leads to Information Disclosure

26 Mar

Fix available
Severity - 4.3 (Medium)

GHSA-w9fj-cfpg-grvv

Maven/io.netty:netty-codec-http2

Netty HTTP/2 CONTINUATION Frame Flood DoS via Zero-Byte Frame Bypass

26 Mar

Fix available
Severity - 8.7 (High)