OSV - Open Source Vulnerabilities

CLEANSTART-2026-AV84730

CleanStart/apache-nifi

Security fixes for CVE-2026-1605, CVE-2026-22732, CVE-2026-24281, CVE-2026-33870, CVE-2026-33871, CVE-2026-3505, CVE-2026-5588, ghsa-355h-qmc2-wpwf, ghsa-3677-xxcr-wjqv, ghsa-72hv-8253-57qq, ghsa-c3fc-8qff-9hwx, ghsa-cj8j-37rh-8475, ghsa-cvc6-q2cp-2xhw, ghsa-qqpg-mvqg-649v, ghsa-vxf7-qj7q-83fh, ghsa-wg6q-6289-32hp, ghsa-x2wq-9x2f-fhj7, ghsa-x44p-gvrj-pj2r applied in versions: 2.7.2-r0, 2.7.2-r2, 2.9.0-r0, 2.9.0-r1

18 May

Fix available

CLEANSTART-2026-TK07726

CleanStart/apache-nifi

Security fixes for CVE-2026-1605, CVE-2026-22732, CVE-2026-24281, CVE-2026-33870, CVE-2026-33871, CVE-2026-3505, CVE-2026-5588, ghsa-355h-qmc2-wpwf, ghsa-3677-xxcr-wjqv, ghsa-72hv-8253-57qq, ghsa-c3fc-8qff-9hwx, ghsa-cj8j-37rh-8475, ghsa-qqpg-mvqg-649v, ghsa-wg6q-6289-32hp, ghsa-x2wq-9x2f-fhj7, ghsa-x44p-gvrj-pj2r applied in versions: 2.7.2-r0, 2.7.2-r2, 2.7.2-r3, 2.7.2-r4

18 May

Fix available

CLEANSTART-2026-DY69070

CleanStart/apache-nifi

Security fixes for CVE-2026-1605, CVE-2026-22732, CVE-2026-24281, CVE-2026-33870, CVE-2026-33871, CVE-2026-3505, CVE-2026-5588, ghsa-2m67-wjpj-xhg9, ghsa-3677-xxcr-wjqv, ghsa-6v53-7c9g-w56r, ghsa-72hv-8253-57qq, ghsa-c3fc-8qff-9hwx, ghsa-p93r-85wp-75v3, ghsa-qqpg-mvqg-649v, ghsa-wg6q-6289-32hp, ghsa-x2wq-9x2f-fhj7, ghsa-x44p-gvrj-pj2r applied in versions: 2.6.0-r0, 2.7.2-r0, 2.7.2-r2

18 May

Fix available

CLEANSTART-2026-KP10590

CleanStart/apache-nifi

Security fixes for CVE-2024-22257, CVE-2024-38821, CVE-2024-47561, CVE-2025-7962, CVE-2026-3505, CVE-2026-5588, ghsa-3677-xxcr-wjqv, ghsa-qqpg-mvqg-649v, ghsa-x44p-gvrj-pj2r applied in versions: 1.25.0-r0, 1.25.0-r1, 2.7.2-r0

18 May

Fix available

CLEANSTART-2026-SR31778

CleanStart/apache-nifi

Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc

30 Apr

Fix available
Severity - 9.8 (Critical)

CLEANSTART-2026-VN28553

CleanStart/apache-nifi

Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc

30 Apr

Fix available
Severity - 9.8 (Critical)

CLEANSTART-2026-GN46454

CleanStart/apache-nifi

When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written

30 Apr

Fix available
Severity - 9.8 (Critical)

CLEANSTART-2026-KB76878

CleanStart/apache-nifi

When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written

22 Apr

Fix available
Severity - 9.8 (Critical)

CLEANSTART-2026-EI62818

CleanStart/apache-nifi

Security fixes for ghsa-3677-xxcr-wjqv, ghsa-qqpg-mvqg-649v, ghsa-x44p-gvrj-pj2r applied in versions: 2.7.2-r0

01 Apr

Fix available

GHSA-x44p-gvrj-pj2r

Maven/software.amazon.encryption.s3:amazon-s3-encryption-client-java

Amazon S3 Encryption Client for Java has a Key Commitment Issue

18 Dec 2025

Fix available
Severity - 6.0 (Medium)

CVE-2025-14763

github.com/aws/amazon-s3-encryption-client-java

See record for full details

17 Dec 2025

Fix available
Severity - 6.0 (Medium)