OSV - Open Source Vulnerabilities

GHSA-25w4-hfqg-4r52

Maven/io.quarkus:quarkus-resteasy-reactive-common-deployment
Maven/io.quarkus:quarkus-resteasy-reactive-common

Quarkus: authorization flaw in quarkus resteasy reactive and classic

1.11.0.Beta1
1.11.0.Beta2
1.11.0.CR1
1.11.0.Final
1.11.1.Final
1.11.2.Final
1.11.3.Final
...

2024-04-25T18:30:39Z

Fix available

GHSA-9wmf-xf3h-r8pr

Maven/org.jberet:jberet-core

Jberet: jberet-core logging database credentials

1.0.0.Alpha1
1.0.0.Alpha2
1.0.0.Alpha3
1.0.0.Alpha4
1.0.0.Beta1
1.0.0.Beta2
1.0.0.CR1
...

2024-04-25T18:30:39Z

Fix available

GHSA-mv64-86g8-cqq7

Maven/io.quarkus.resteasy.reactive:resteasy-reactive

Quarkus: security checks in resteasy reactive may trigger a denial of service

3.8.0.CR1
3.3.0
3.3.0.CR1
3.3.1
3.3.2
3.3.3
3.4.0
...

2024-04-25T18:30:39Z

Fix available

GHSA-5xv3-fm7g-865r

Maven/org.open-metadata:openmetadata-service

OpenMetadata vulnerable to a SpEL Injection in `GET /api/v1/policies/validation/condition/<expr>` (`GHSL-2023-236`)

0.12.1
0.12.1.preview
0.12.2
0.12.2-REPUBLISHED
0.13.1
0.13.2
0.13.2-beta
...

2024-04-24T17:06:02Z

Fix available

GHSA-8p5r-6mvv-2435

Maven/org.open-metadata:openmetadata-service

OpenMetadata vulnerable to a SpEL Injection in `PUT /api/v1/events/subscriptions` (`GHSL-2023-251`)

0.12.1
0.12.1.preview
0.12.2
0.12.2-REPUBLISHED
0.13.1
0.13.2
0.13.2-beta
...

2024-04-24T17:06:00Z

Fix available

GHSA-7vf4-x5m2-r6gr

Maven/org.open-metadata:openmetadata-service

OpenMetadata vulnerable to SpEL Injection in `PUT /api/v1/policies` (`GHSL-2023-252`)

0.12.1
0.12.1.preview
0.12.2
0.12.2-REPUBLISHED
0.13.1
0.13.2
0.13.2-beta
...

2024-04-23T21:11:23Z

Fix available

GHSA-hvp5-5x4f-33fq

Maven/io.github.skylot:jadx-core

JADX file override vulnerability

1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.4.0
1.4.1
...

2024-04-22T15:56:04Z

Fix available

GHSA-qwhw-hh9j-54f5

Maven/io.antmedia:ant-media-server

Ant Media Server vulnerable to a local privilege escalation

2.6.0
2.6.1
2.6.2
2.6.3
2.6.4
2.7.0
2.8.0
...

2024-04-22T15:51:59Z

Fix available

GHSA-29rc-vq7f-x335

Maven/org.apache.hugegraph:hugegraph-api
Maven/org.apache.hugegraph:hugegraph-core

Apache HugeGraph-Server: Command execution in gremlin

1.0.0
1.2.0
1.0.0
1.2.0

2024-04-22T15:30:41Z

Fix available

GHSA-6mgp-p75r-vhjm

Maven/org.apache.hugegraph:hugegraph-api

Apache HugeGraph-Server: Bypass whitelist in Auth mode

1.0.0
1.2.0

2024-04-22T15:30:41Z

Fix available

GHSA-77x4-55q7-4vmj

Maven/org.apache.hugegraph:hugegraph-hubble

Apache HugeGraph-Hubble: SSRF in Hubble connection page

1.0.0
1.2.0

2024-04-22T15:30:41Z

Fix available

GHSA-7fpj-9hr8-28vh

Maven/org.keycloak:keycloak-services

Keycloak vulnerable to impersonation via logout token exchange

1.0-alpha-1
1.0-alpha-1-12062013
1.0-alpha-2
1.0-alpha-3
1.0-alpha-4
1.0-beta-1
1.0-beta-1-20150521
...

2024-04-17T18:25:59Z

Fix available

GHSA-c9h6-v78w-52wj

Maven/org.keycloak:keycloak-services

Keycloak vulnerable to session hijacking via re-authentication

1.0-alpha-1
1.0-alpha-1-12062013
1.0-alpha-2
1.0-alpha-3
1.0-alpha-4
1.0-beta-1
1.0-beta-1-20150521
...

2024-04-17T18:25:29Z

Fix available

GHSA-72vp-xfrc-42xm

Maven/org.keycloak:keycloak-services

Keycloak path transversal vulnerability in redirection validation

1.0-alpha-1
1.0-alpha-1-12062013
1.0-alpha-2
1.0-alpha-3
1.0-alpha-4
1.0-beta-1
1.0-beta-1-20150521
...

2024-04-17T18:25:08Z

Fix available

GHSA-m6q9-p373-g5q8

Maven/org.keycloak:keycloak-services

Keycloak's unvalidated cross-origin messages in checkLoginIframe leads to DDoS

1.0-alpha-1
1.0-alpha-1-12062013
1.0-alpha-2
1.0-alpha-3
1.0-alpha-4
1.0-beta-1
1.0-beta-1-20150521
...

2024-04-17T18:24:38Z

Fix available

GHSA-j628-q885-8gr5

Maven/org.keycloak:keycloak-services

Keycloak vulnerable to log Injection during WebAuthn authentication or registration

1.0-alpha-1
1.0-alpha-1-12062013
1.0-alpha-2
1.0-alpha-3
1.0-alpha-4
1.0-beta-1
1.0-beta-1-20150521
...

2024-04-17T18:24:03Z

Fix available

Vulnerability Library