Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-27gc-wj6x-9w55
  • Maven/org.keycloak:keycloak-account-ui
  • Maven/org.keycloak:keycloak-admin-ui
 Keycloak error_description injection on error pages that can trigger phishing attacks 18 hours ago
  • Fix available
  • Severity - 4.3 (Medium)
GHSA-rmjr-87wv-gf87
  • npm/mammoth
  • Maven/org.zwobble.mammoth:mammoth
  • PyPI/mammoth
  • NuGet/Mammoth
 Mammoth is vulnerable to Directory Traversal yesterday
  • Fix available
  • Severity - 5.4 (Medium)
GHSA-7fch-4f2f-jcgm
  • Maven/org.springframework:spring-websocket
 Spring Framework STOMP over WebSocket applications may allow attackers to send unauthorized messages yesterday
  • Fix available
  • Severity - 4.3 (Medium)
GHSA-fwxx-wv44-7qfg
  • Maven/org.springframework.cloud:spring-cloud-gateway-server-webflux
 Spring Cloud Gateway Server Webflux is vulnerable to Expression Language Injection yesterday
  • No fix available
  • Severity - 7.5 (High)
GHSA-3xgr-h5hq-7299
  • Maven/org.opensearch.dataprepper.plugins:geoip-processor
 GeoIP processor disables SSL certificate validation when downloading databases 2 days ago
  • Fix available
  • Severity - 5.9 (Medium)
GHSA-28gg-8qqj-fhh5
  • Maven/org.opensearch.dataprepper.plugins:geoip-processor
 OpenSearch Data Prepper uses deprecated SSL protocol identifier 2 days ago
  • Fix available
  • Severity - 4.8 (Medium)
GHSA-43ff-rr26-8hx4
  • Maven/org.opensearch.dataprepper.plugins:opensearch
 OpenSearch Data Prepper plugins trust all SSL certificates by default 2 days ago
  • Fix available
  • Severity - 7.4 (High)
GHSA-jq43-27x9-3v86
  • Maven/io.netty:netty-codec-smtp
 Netty has SMTP Command Injection Vulnerability that Allows Email Forgery 2 days ago
  • Fix available
  • Severity - 7.7 (High)
GHSA-6p6v-m64v-jx8q
  • Maven/org.apache.spark:spark-network-common_2.13
  • Maven/org.apache.spark:spark-network-common_2.12
 Apache Spark has Inadequate Encryption Strength 3 days ago
  • Fix available
  • Severity - 4.6 (Medium)
GHSA-w595-4975-gm3h
  • Maven/org.apache.geode:geode-web-api
 Apache Geode web-api is vulnerable to Cross-site Scripting 3 days ago
  • Fix available
  • Severity - 6.1 (Medium)
GHSA-j4f7-gj7q-xg9m
  • Maven/com.liferay:com.liferay.site.navigation.menu.item.asset.vocabulary
 Liferay has Incorrect Permission Assignment for Critical Resource 4 days ago
  • Fix available
  • Severity - 4.8 (Medium)
GHSA-3cm9-jrf5-h2cx
  • Maven/com.liferay:com.liferay.change.tracking.web
 Liferay Account Admin Web vulnerable to Authorization Bypass Through User-Controlled Key 4 days ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-fhcw-px4q-pmvv
  • Maven/com.liferay.commerce:com.liferay.commerce.order.content.web
 Liferay Commerce Order Content Web is Vulnerable to Authorization Bypass Through User-Controlled Key 4 days ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-mj68-2xr5-28xh
  • Maven/com.liferay:com.liferay.mentions.web
 Liferay Mentions Web is Vulnerable to Cross-site Scripting 4 days ago
  • Fix available
  • Severity - 4.8 (Medium)
GHSA-pfwq-mr9g-gq6m
  • Maven/com.liferay.portal:com.liferay.portal.impl
 Liferay is Vulnerable to Authorization Bypass Through User-Controlled Key 4 days ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-2hfj-jv6q-762v
  • Maven/com.liferay:com.liferay.change.tracking.web
 Liferay Publications vulnerable to Authorization Bypass Through User-Controlled Key 4 days ago
  • Fix available
  • Severity - 4.8 (Medium)
Load more...