Vulnerability Library

ID
Packages
Summary
Affected versions
Last modified
Fix
GHSA-wg4w-5m5r-w3p8
  • Maven/org.openapitools:openapi-generator-project
OpenAPI Generator vulnerable to Server-Side Request Forgery
  • 3.0.0
  • 3.0.1
  • 3.0.2
  • 3.0.3
  • 3.1.0
  • 3.1.1
  • 3.1.2
  • ...
2023-03-31T23:15:30.132700Z No fix available
GHSA-h855-6hph-v363
  • Maven/cn.hippo4j:hippo4j-all
Hippo4j allows attacker to obtain sensitive info via ConfigVerifyController function of Tenant Management module
  • 0.0.1
  • 0.9.0
  • 1.0.0
  • 1.0.0-RC1
  • 1.0.0-RC2
  • 1.0.0-RC3
  • 1.0.0-alpha
  • ...
2023-03-31T23:06:14.098133Z No fix available
GHSA-5x5q-8cgm-2hjq
  • Maven/com.intuit.karate:karate-core
Karate has vulnerable dependency on json-smart package (CVE-2023-1370)
  • 1.3.1
2023-03-31T22:44:09Z No fix available
GHSA-gpqq-59rp-3c3w
  • Maven/org.apache.inlong:inlong-manager
Apache InLong vulnerable to JDBC Deserialization of Untrusted Data
  • 1.1.0-incubating
  • 1.2.0-incubating
  • 1.3.0
  • 1.4.0
  • 1.5.0
2023-03-31T16:16:15.574352Z Fix available
GHSA-6wxg-wh7f-rqpr
  • Maven/org.neo4j.procedure:apoc-core
  • Maven/org.neo4j.procedure:apoc-core
XML External Entity (XXE) vulnerability in apoc.import.graphml
  • 5.0.0
  • 5.1.0
  • 5.2.0
  • 5.2.1
  • 5.3.0
  • 5.4.0
  • 5.4.1
2023-03-31T16:16:03.332247Z Fix available
GHSA-fg2v-w576-w4v3
  • Maven/net.minidev:json-smart
  • Maven/net.minidev:json-smart
Out of bounds read in json-smart
  • 1.3
  • 1.3.1
  • 1.3.2
  • 2.4.1
  • 2.4.2
2023-03-31T16:15:48.743128Z Fix available
GHSA-9wx7-jrvc-28mm
  • PyPI/starkbank-ecdsa
  • Maven/com.starkbank:ecdsa-java
  • NuGet/starkbank-ecdsa
  • npm/starkbank-ecdsa
Signature verification vulnerability in Stark Bank ecdsa libraries
  • 0.1
  • 0.1.1
  • 0.1.2
  • 0.1.3
  • 0.1.4
  • 0.1.5
  • 0.1.6
  • ...
2023-03-31T16:02:14.827308Z Fix available
GHSA-jjjh-jjxp-wpff
  • Maven/com.fasterxml.jackson.core:jackson-databind
  • Maven/com.fasterxml.jackson.core:jackson-databind
Uncontrolled Resource Consumption in Jackson-databind
  • 2.10.0
  • 2.10.0.pr1
  • 2.10.0.pr2
  • 2.10.0.pr3
  • 2.10.1
  • 2.10.2
  • 2.10.3
  • ...
2023-03-31T15:02:46.106250Z Fix available
GHSA-9vx8-f5c4-862x
  • Maven/org.neo4j.procedure:apoc
  • Maven/org.neo4j.procedure:apoc
XML External Entity (XXE) vulnerability in apoc.import.graphml
  • 1.0.0
  • 1.0.0-RC1
  • 1.1.0
  • 3.0.4.1
  • 3.0.4.2
  • 3.0.8.4
  • 3.0.8.5
  • ...
2023-03-31T14:39:07.353701Z Fix available
GHSA-7rjp-fgwj-47rw
  • Maven/org.apache.shenyu:shenyu-common
Missing authentication in ShenYu
  • 2.4.0
  • 2.4.1
2023-03-31T00:29:37.148190Z Fix available
GHSA-73rx-3f9r-x949
  • Maven/org.apache.tomcat:tomcat
  • Maven/org.apache.tomcat:tomcat
  • Maven/org.apache.tomcat:tomcat
  • Maven/org.apache.tomcat:tomcat
Insufficient Verification of Data Authenticity in Apache Tomcat
  • 9.0.0.M1
  • 9.0.0.M10
  • 9.0.0.M11
  • 9.0.0.M13
  • 9.0.0.M15
  • 9.0.0.M17
  • 9.0.0.M18
  • ...
2023-03-30T23:33:11.254229Z Fix available
GHSA-34m5-796p-mjcp
  • Maven/org.apache.uima:uima-ducc-parent
Apache UIMA DUCC allows remote code execution
  • 1.0.0
  • 1.1.0
  • 2.0.0
  • 2.0.1
  • 2.1.0
  • 2.2.0
  • 2.2.1
  • ...
2023-03-30T22:06:18.285204Z No fix available
GHSA-m4fv-gm5m-4725
  • Maven/org.keycloak:keycloak-services
HTML Injection in Keycloak Admin REST API
  • 1.0-alpha-1
  • 1.0-alpha-1-12062013
  • 1.0-alpha-2
  • 1.0-alpha-3
  • 1.0-alpha-4
  • 1.0-beta-1
  • 1.0-beta-1-20150521
  • ...
2023-03-30T13:31:49.792237Z Fix available
GHSA-cf8q-j9h3-7237
  • Maven/org.codehaus.mevenide:netbeans
Improper Verification of Cryptographic Signature in Apache Netbeans
  • 1.2
  • 1.3
  • 1.4
  • 3.0.10
  • 3.0.12
  • 3.0.9
  • 3.1.1
  • ...
2023-03-30T05:37:16.534827Z No fix available
GHSA-j7xg-5549-jr3j
  • Maven/org.zaproxy:zap
Improper Certificate Validation in OWASP ZAP
  • 2.10.0
  • 2.11.0
  • 2.11.1
  • 2.5.0
  • 2.6.0
  • 2.7.0
  • 2.8.0
  • ...
2023-03-30T05:36:00.019870Z No fix available
GHSA-8xjp-rp29-v5j8
  • Maven/ru.yandex.jenkins.plugins.debuilder:debian-package-builder
Agent-to-controller security bypass in Jenkins Debian Package Builder Plugin
  • 1.2
  • 1.3
  • 1.4
  • 1.4.1
  • 1.4.2
  • 1.5.1
  • 1.5.2
  • ...
2023-03-30T05:35:26.743892Z No fix available