OSV - Open Source Vulnerabilities

GHSA-mfj5-cf8g-g2fv

Maven/org.asynchttpclient:async-http-client

AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s

20 hours ago

Fix available
Severity - 9.2 (Critical)

GHSA-q4h9-7rxj-7gx2

Maven/io.lettuce:lettuce-core

Netty vulnerability included in redis lettuce

20 hours ago

Fix available
Severity - 6.8 (Medium)

GHSA-4cx5-89vm-833x

Maven/org.verapdf:core
Maven/org.verapdf:core-jakarta
Maven/org.verapdf:core-arlington
Maven/org.verapdf:verapdf.library
Maven/org.verapdf:verapdf-library-jakarta
Maven/org.verapdf:verapdf-library-arlington

veraPDF CLI has potential XXE (XML External Entity Injection) vulnerability

23 hours ago

No fix available
Severity - 2.3 (Low)

GHSA-q3v6-hm2v-pw99

Maven/org.springframework:spring-beans
Maven/org.springframework:spring-context
Maven/org.springframework:spring-core
Maven/org.springframework:spring-expression
Maven/org.springframework:spring-jdbc

Spring Framework has Authorization Bypass for Case Sensitive Comparisons

yesterday

Fix available
Severity - 6.3 (Medium)

GHSA-2gx6-qrpp-c4p3

Maven/io.antmedia:ant-media-server

Ant-Media-Server vulnerable to Improper Output Neutralization for Logs

3 days ago

Fix available
Severity - 8.7 (High)

GHSA-6q3q-6v5j-h6vg

Maven/io.github.openfeign.querydsl:querydsl-jpa
Maven/io.github.openfeign.querydsl:querydsl-apt
Maven/com.querydsl:querydsl-jpa
Maven/com.querydsl:querydsl-apt

Querydsl vulnerable to HQL injection trough orderBy

5 days ago

No fix available
Severity - 8.8 (High)

GHSA-4gwv-fpmg-cmv2

Maven/io.jenkins.plugins:simple-queue

Jenkins Simple Queue Plugin has stored cross-site scripting (XSS) vulnerability

5 days ago

Fix available
Severity - 8.6 (High)

GHSA-fwxq-3f52-5cmc

Maven/aendter.jenkins.plugins:filesystem-list-parameter-plugin

Jenkins Filesystem List Parameter Plugin has Path Traversal vulnerability

5 days ago

Fix available
Severity - 5.3 (Medium)

GHSA-q4xm-6fjc-5f6w

Maven/dev.sigstore:sigstore-java

sigstore-java has vulnerability with bundle verification

26 Nov

Fix available
Severity - 5.4 (Medium)

GHSA-v7gv-xpgf-6395

Maven/org.keycloak:keycloak-quarkus-server

Keycloak Build Process Exposes Sensitive Data

25 Nov

Fix available
Severity - 8.2 (High)

GHSA-5545-r4hg-rj4m

Maven/org.keycloak:keycloak-quarkus-server

Keycloak Path Traversal Vulnerability Due to External Control of File Name or Path

25 Nov

Fix available
Severity - 5.1 (Medium)

GHSA-wq8x-cg39-8mrr

Maven/org.keycloak:keycloak-services

org.keycloak:keycloak-services has Inefficient Regular Expression Complexity

25 Nov

Fix available
Severity - 7.1 (High)

GHSA-jh6x-7xfg-9cq2

Maven/org.opencastproject:opencast-elasticsearch-impl

Searching Opencast may cause a denial of service

20 Nov

Fix available
Severity - 6.5 (Medium)

GHSA-2x2g-32r7-p4x8

Maven/org.apache.kafka:kafka-clients

Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider

19 Nov

Fix available
Severity - 6.8 (Medium)

GHSA-vggm-3478-vm5m

Maven/org.graylog:graylog-parent

Graylog concurrent PDF report rendering can leak other users' reports

18 Nov

Fix available
Severity - 7.1 (High)

GHSA-f632-9449-3j4w

Maven/org.apache.tomcat:tomcat-jasper

Apache Tomcat - XSS in generated JSPs

18 Nov

Fix available
Severity - 6.1 (Medium)