Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

maven Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS0yaGpyLXZtZjMteHd2cM4AA-IR
Elasticsearch Insertion of Sensitive Information into Log File
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: about 22 hours ago
High
GSA_kwCzR0hTQS03NzI2LTQzaGctbTIzds4AA-Hy
OpenAM FreeMarker template injection
Ecosystems: maven
Packages: org.openidentityplatform.openam:openam-oauth2
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 1 day ago
Critical
GSA_kwCzR0hTQS1wNTI4LTNtdmYtZ3I4N84AA-Hu
Remote code execution in Spring Cloud Data Flow
Ecosystems: maven
Packages: org.springframework.cloud:spring-cloud-skipper
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS12NjJnLWp3ajktcmZ2eM4AA-Gd
XML External Entity Reference (XXE) in the XML Format Plugin in Apache Drill
Ecosystems: maven
Packages: org.apache.drill.exec:drill-java-exec
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: 3 days ago
High
GSA_kwCzR0hTQS04Z2o5LXI0aHYtM2pqd84AA-Gi
Apache Pinot: Unauthorized endpoint exposed sensitive information
Ecosystems: maven
Packages: org.apache.pinot:pinot-controller
Source: GitHub Advisory Database
Blast Radius: 13.1
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1jcmpnLXc1N20tcnFxZs4AA-FL
DNSJava vulnerable to KeyTrap - Denial-of-Service Algorithmic Complexity Attacks
Ecosystems: maven
Packages: dnsjava:dnsjava
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1tbXd4LXJqODctdmZncs4AA-E2
DNSJava affected by KeyTrap - NSEC3 closest encloser proof can exhaust CPU resources
Ecosystems: maven
Packages: dnsjava:dnsjava
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 5 days ago
High
GSA_kwCzR0hTQS1jZnh3LTRoNzgtaDdmd84AA-E1
DNSJava DNSSEC Bypass
Ecosystems: maven
Packages: dnsjava:dnsjava
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS04cHh2LXg2anEtNXZ3Oc4AA-Ev
Apache Syncope Improper Input Validation vulnerability
Ecosystems: maven
Packages: org.apache.syncope.client.idrepo:syncope-client-idrepo-console, org.apache.syncope.client.idrepo:syncope-client-idrepo-common-ui
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1xOXcyLWg0Y3ctOGdocM4AA-EP
Apache RocketMQ Vulnerable to Unauthorized Exposure of Sensitive Data
Ecosystems: maven
Packages: org.apache.rocketmq:rocketmq-all
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: 5 days ago
High
GSA_kwCzR0hTQS13MzZ3LTk0OGoteGhmd84AA-DC
H2O vulnerable to Deserialization of Untrusted Data
Ecosystems: maven
Packages: ai.h2o:h2o-core
Source: GitHub Advisory Database
Blast Radius: 12.0
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS02cGZmLWZtaDItNG1tZs4AA-AS
Apache CXF Denial of Service vulnerability in JOSE
Ecosystems: maven
Packages: org.apache.cxf:cxf-rt-rs-security-jose
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: 8 days ago
High
GSA_kwCzR0hTQS01bTNqLXB4aDctNDU1cM4AA-Ab
Apache CXF: SSRF vulnerability via WADL stylesheet parameter
Ecosystems: maven
Packages: org.apache.cxf:cxf-rt-rs-service-description
Source: GitHub Advisory Database
Blast Radius: 24.3
Published: 8 days ago
Low
GSA_kwCzR0hTQS00bWdnLWZxZnEtNjRoZ84AA-AU
Apache CXF allows unrestricted memory consumption in CXF HTTP clients
Ecosystems: maven
Packages: org.apache.cxf:cxf-rt-transports-http
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: 8 days ago
High
GSA_kwCzR0hTQS1xOGYyLWh4cTUtY3A0aM4AA-AD
Absent Input Validation in BinaryHttpParser
Ecosystems: maven
Packages: io.netty.incubator:netty-incubator-codec-bhttp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS14bXZnLTMzNWcteDQ0cc4AA9_m
The OpenSearch reporting plugin improperly controls tenancy access to reporting resources
Ecosystems: maven
Packages: org.opensearch.plugin:opensearch-reports-scheduler
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
High
GSA_kwCzR0hTQS0ycndtLXh2NWotNzc3cM4AA9-i
Eclipse Parsson stack overflow when parsing deeply nested input
Ecosystems: maven
Packages: org.eclipse.parsson:parsson
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: 10 days ago
High
GSA_kwCzR0hTQS02NTIzLWpmNHItYzk2Ms4AA9-c
Apache StreamPipes has potential remote code execution (RCE) via file upload
Ecosystems: maven
Packages: org.apache.streampipes:streampipes-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 days ago
Moderate
GSA_kwCzR0hTQS0ycXBoLXY5cDItcTJnds4AA9-J
Apache StreamPipes potentially allows creation of multiple identical accounts
Ecosystems: maven
Packages: org.apache.streampipes:streampipes-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 days ago
Moderate
GSA_kwCzR0hTQS05Z3I3LWdoNzQtcWc5eM4AA9-K
Apache StreamPipes has possibility of SSRF in pipeline element installation process
Ecosystems: maven
Packages: org.apache.streampipes:streampipes-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 days ago
High
GSA_kwCzR0hTQS03cXBjLTR4eDkteDVxd84AA94-
Apache Linkis DataSource's JDBC Datasource Module with DB2 has JNDI Injection vulnerability
Ecosystems: maven
Packages: org.apache.linkis:linkis-datasource
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 days ago
High
GSA_kwCzR0hTQS1qanZjLXY4Z3ctNTI1Nc4AA949
Apache Linkis DataSource remote code execution vulnerability
Ecosystems: maven
Packages: org.apache.linkis:linkis-datasource
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS1mMjJqLTlqNTktMzNqNM4AA948
Apache Linkis DataSource allows arbitrary file reading
Ecosystems: maven
Packages: org.apache.linkis:linkis-datasource
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 days ago
High
GSA_kwCzR0hTQS1oaHdjLWdoOGgtOXJycM4AA90p
Apache Wicket: Remote code execution via XSLT injection
Ecosystems: maven
Packages: org.apache.wicket:wicket-util
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS03N3ZjLXJqMzItMnIzM84AA9w7
OpenSearch Observability does not properly restrict access to private tenant resources
Ecosystems: maven
Packages: org.opensearch.plugin:opensearch-observability
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS12ZndoLWd2ZjYtbWZmOM4AA9vd
Silverpeas Core Cross-site Scripting vulnerability
Ecosystems: maven
Packages: org.silverpeas.core:silverpeas-core-seb, org.silverpeas.core:silverpeas-core-rs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 17 days ago
High
GSA_kwCzR0hTQS1qNHI3LXA5ZnAtdzNmM84AA9rZ
Spring Cloud Function Framework vulnerable to Denial of Service
Ecosystems: maven
Packages: org.springframework.cloud:spring-cloud-function-context
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS1jaDdxLWdwZmYtaDlocM4AA9on
Undertow Missing Release of Memory after Effective Lifetime vulnerability
Ecosystems: maven
Packages: io.undertow:undertow-core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 18 days ago
High
GSA_kwCzR0hTQS14cHA2LThyM2otd3c0M84AA9oi
Undertow Denial of Service vulnerability
Ecosystems: maven
Packages: io.undertow:undertow-core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS1oNjU4LXFxdjktcXd2OM4AA9nw
Apache NiFi vulnerable to Cross-site Scripting
Ecosystems: maven
Packages: org.apache.nifi:nifi-web-ui
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: 19 days ago
High
GSA_kwCzR0hTQS13bTl3LXJqajMtajM1Ns4AA9gV
Apache Tomcat - Denial of Service
Ecosystems: maven
Packages: org.apache.tomcat:tomcat-coyote, org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: 23 days ago
Critical
GSA_kwCzR0hTQS02amo2LWdtN3AtZmN2ds4AA9cr
Remote Code Execution (RCE) vulnerability in geoserver
Ecosystems: maven
Packages: org.geoserver:gs-wms, org.geoserver:gs-wfs, org.geoserver.web:gs-web-app
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 25 days ago
High
GSA_kwCzR0hTQS1qaHF4LTV2NWctbXBmM84AA9cq
Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat
Ecosystems: maven
Packages: org.geoserver:gs-gwc, org.geoserver.web:gs-web-app
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 25 days ago
Moderate
GSA_kwCzR0hTQS1qNTl2LXZnY3ItaHh2Zs4AA9cp
GeoServer's Server Status shows sensitive environmental variables and Java properties
Ecosystems: maven
Packages: org.geoserver:gs-main, org.geoserver.web:gs-web-app
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 25 days ago
Low
GSA_kwCzR0hTQS14ZngzLWNyNzQteDNjds4AA9Xv
Exposure of secrets through system log in Jenkins Structs Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:structs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS0zY3BxLXJ3MzYtY3Bwds4AA9Xt
Secret file credentials stored unencrypted in rare cases by Plain Credentials Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:plain-credentials
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS14OG1mLWpjbWYtcjc5Zs4AA9Xs
Bitbucket OAuth access token exposed in the build log by Bitbucket Branch Source Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Low
GSA_kwCzR0hTQS05NGNjLXhqeHItcHd2Zs4AA9WR
DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document
Ecosystems: maven
Packages: org.dspace:dspace-server-webapp
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: about 1 month ago
High
GSA_kwCzR0hTQS02ODN4LTQ0NDQtanhoOM4AA9UM
Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java
Ecosystems: maven
Packages: org.cyclonedx:cyclonedx-core-java
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1xY2ozLXdwZ20tcXB4aM4AA9UF
XWiki programming rights may be inherited by inclusion
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-rendering-macro-include
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1jZjNxLXZnOHctbXc4NM4AA9Tl
Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation
Ecosystems: maven
Packages: org.apache.streampipes:streampipes-resource-management
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS0zNmdmLXZwajItajQyd84AA9Tg
Cross site scripting in Apache JSPWiki
Ecosystems: maven
Packages: org.apache.jspwiki:jspwiki-main
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1jMjVoLWMyN3EtNXFwds4AA9SS
Keycloak leaks configured LDAP bind credentials through the Keycloak admin console
Ecosystems: maven
Packages: org.keycloak:keycloak-ldap-federation
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS12MnhtLTc2cHEtcGhjZs4AA9Qy
ClassGraph XML External Entity Reference
Ecosystems: maven
Packages: io.github.classgraph:classgraph
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1qNTg0LWoydmotM2Y5M84AA9Pv
XWiki Platform allows remote code execution from user account
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS05NDQyLWdtNHYtcjIyMs4AA9Ps
Undertow's url-encoded request path information can be broken on ajp-listener
Ecosystems: maven
Packages: io.undertow:undertow-core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: about 1 month ago
High
GSA_kwCzR0hTQS1xMnh4LWY4cjMtOW1nNc4AA9It
STRIMZI incorrect access control
Ecosystems: maven
Packages: io.strimzi:strimzi
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS13ODc3LWpmdzctNDZyas4AA9Ik
DeepJavaLibrary API absolute path traversal
Ecosystems: maven
Packages: ai.djl:api
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1odzJjLTh4Z3ctbWY1N84AA9He
SonarQube logs sensitive information
Ecosystems: maven
Packages: org.sonarsource.sonarqube:sonar-web
Source: GitHub Advisory Database
Blast Radius: 1.5
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS14MjY4LXFwZzYtdzlnMs4AA9DM
CrateDB has a Client initialized Session-Renegotiation DoS
Ecosystems: maven
Packages: io.crate:crate
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS00cTIyLTQyMmctbTRwas4AA9C9
Elasticsearch StackOverflow vulnerability
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1jcTQyLXZodjcteHI3cM4AA8_H
Keycloak Denial of Service via account lockout
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: about 1 month ago
Low
GSA_kwCzR0hTQS00dmM4LXBnNWMtdmc0eM4AA8_G
Keycloak's improper input validation allows using email as username
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: about 1 month ago
High
GSA_kwCzR0hTQS12NzRjLXFjNDYtOWdnOc4AA8-d
Apache Submarine Server Core has a SQL Injection Vulnerability
Ecosystems: maven
Packages: org.apache.submarine:submarine-server-core
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS02cTk3LTh2M2ctcnB4d84AA8-X
Apache Submarine Server Core Incorrect Authorization vulnerability
Ecosystems: maven
Packages: org.apache.submarine:submarine-server-core
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1qd2NnLXd2NXgtdmczZ84AA8-T
Apache Submarine Commons Utils has a hard-coded secret
Ecosystems: maven
Packages: org.apache.submarine:submarine-commons-utils
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS00YzdxLW03aGMtcGM5Ms4AA8-U
Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: about 1 month ago
High
GSA_kwCzR0hTQS0yY3d3LWZnbWctNGpxY84AA88y
Keycloak's admin API allows low privilege users to use administrative functions
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 22.3
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1tNXZ2LTZyNGgtM3ZqOc4AA88w
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
Ecosystems: nuget, maven, npm, go, pypi
Packages: Microsoft.Identity.Client, com.microsoft.azure:msal4j, @azure/msal-node, Azure.Identity, github.com/Azure/azure-sdk-for-go/sdk/azidentity, com.azure:azure-identity, @azure/identity, azure-identity
Source: GitHub Advisory Database
Blast Radius: 78.6
Published: about 2 months ago
High
GSA_kwCzR0hTQS02OWZwLTdjOHAtY3Jqcs4AA84T
Keycloak exposes sensitive information in Pushed Authorization Requests (PAR)
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 20.6
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS05MndwLWpnaHItaGg4N84AA8yL
Weak encryption in Ninja Core
Ecosystems: maven
Packages: org.ninjaframework:ninja-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1nNzYyLWg4NnctODc0Oc4AA8uP
BoringSSLAEADContext in Netty Repeats Nonces
Ecosystems: maven
Packages: io.netty.incubator:netty-incubator-codec-ohttp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS04d2gyLTZxaGotaDdqOc4AA8st
iq80 Snappy out-of-bounds read when uncompressing data, leading to JVM crash
Ecosystems: maven
Packages: org.iq80.snappy:snappy
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS00dzU0LXd3YzkteDYyY84AA8m1
Silverpeas authentication bypass
Ecosystems: maven
Packages: org.silverpeas.core:silverpeas-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS05NzN4LTY1ajcteGNmNM4AA8mR
Decompressors can crash the JVM and leak memory content in Aircompressor
Ecosystems: maven
Packages: io.airlift:aircompressor
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS12ZzZ4LXBjaHEtOThtZ84AA8kL
OpenCMS Cross-Site Scripting vulnerability
Ecosystems: maven
Packages: org.opencms:opencms-core
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: about 2 months ago
High
GSA_kwCzR0hTQS1nM2hyLXA4NnAtNTkzaM4AA8i5
OpenAPI Generator Online - Arbitrary File Read/Delete
Ecosystems: maven
Packages: org.openapitools:openapi-generator-online
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS1oZmc3LWo4MmMtZnIzd84AA8iY
Soot Infinite Loop vulnerability
Ecosystems: maven
Packages: org.soot-oss:soot
Source: GitHub Advisory Database
Blast Radius: 13.1
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS13OGNwLWZyeGMtNTVwas4AA8iX
Kwik does not discard unused encryption keys
Ecosystems: maven
Packages: tech.kwik:kwik
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1jdzVyLWp4OHItOWY3eM4AA8iW
Jenkins Report Info Plugin Path Traversal vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:report-info
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1oamZjLTZqeHItajJyeM4AA8hY
Eclipse Ditto vulnerable to Cross-site Scripting
Ecosystems: maven
Packages: org.eclipse.ditto:ditto
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS05cnJ3LTgycjItNjIzcM4AA8f1
Silverpeas Core vulnerable to Cross Site Scripting
Ecosystems: maven
Packages: org.silverpeas:silverpeas-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
High
GSA_kwCzR0hTQS1xeHFmLTJtZngteDhqd84AA8Vj
veraPDF has potential XSLT injection vulnerability when using policy files
Ecosystems: maven
Packages: org.verapdf:library-jakarta, org.verapdf:library, org.verapdf:library-arlington, org.verapdf:core-arlington, org.verapdf:core-jakarta, org.verapdf:core
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS03NnYyLTQ4dzYtY3J4cs4AA8GY
Bonitasoft Runtime Community edition's contains an insecure direct object references vulnerability
Ecosystems: maven
Packages: org.bonitasoft.engine:bonita-server
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 2 months ago
Critical
GSA_kwCzR0hTQS14M3dtLWhmZnItY2h3bc4AA8GB
Amazon JDBC Driver for Redshift SQL Injection via line comment generation
Ecosystems: maven
Packages: com.amazon.redshift:redshift-jdbc42
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1nOTV2LTNwajYtajQzM84AA7-q
Ant Media Server does not properly authorize non-administrative API calls
Ecosystems: maven
Packages: io.antmedia:ant-media-server
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 2 months ago
Critical
GSA_kwCzR0hTQS0zMzh4LWhmeDgtdng5eM4AA78P
Apache Karaf Cave: Cave SSRF and arbitrary file access
Ecosystems: maven
Packages: org.apache.karaf:cave
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS04eGZjLWdtNmctdmdwds4AA75b
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.
Ecosystems: nuget, maven
Packages: BouncyCastle.Cryptography, BouncyCastle, org.bouncycastle:bc-fips, org.bouncycastle:bcpkix-jdk14, org.bouncycastle:bcpkix-jdk15to18, org.bouncycastle:bcpkix-jdk18on, org.bouncycastle:bctls-jdk15to18, org.bouncycastle:bctls-jdk14, org.bouncycastle:bctls-jdk18on, org.bouncycastle:bcprov-jdk14, org.bouncycastle:bcprov-jdk15to18, org.bouncycastle:bcprov-jdk15on, org.bouncycastle:bcprov-jdk18on
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS12NDM1LXhjOHgtd3ZyOc4AA76H
Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")
Ecosystems: maven, nuget
Packages: org.bouncycastle:bcpkix-jdk14, org.bouncycastle:bcpkix-jdk15to18, org.bouncycastle:bcpkix-jdk18on, BouncyCastle.Cryptography, BouncyCastle, org.bouncycastle:bctls-jdk15to18, org.bouncycastle:bctls-jdk14, org.bouncycastle:bctls-jdk18on, org.bouncycastle:bcprov-jdk14, org.bouncycastle:bcprov-jdk15to18, org.bouncycastle:bcprov-jdk15on, org.bouncycastle:bcprov-jdk18on, org.bouncycastle:bctls-fips
Source: GitHub Advisory Database
Blast Radius: 26.2
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1tNDRqLWNmcm0tZzhxY84AA76G
Bouncy Castle crafted signature and public key can be used to trigger an infinite loop
Ecosystems: nuget, maven
Packages: BouncyCastle.Cryptography, BouncyCastle, org.bouncycastle:bcpkix-jdk14, org.bouncycastle:bcpkix-jdk15to18, org.bouncycastle:bcpkix-jdk18on, org.bouncycastle:bctls-jdk15to18, org.bouncycastle:bctls-jdk14, org.bouncycastle:bctls-jdk18on, org.bouncycastle:bcprov-jdk14, org.bouncycastle:bcprov-jdk15to18, org.bouncycastle:bcprov-jdk15on, org.bouncycastle:bcprov-jdk18on
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: 2 months ago
Critical
GSA_kwCzR0hTQS13cGN2LTVqZ3AtNjlmM84AA74R
Genie Path Traversal vulnerability via File Uploads
Ecosystems: maven
Packages: com.netflix.genie:genie-web
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1mZ2gzLXB3bXAtM3F3M84AA73r
Apache Inlong Deserialization of Untrusted Data vulnerability
Ecosystems: maven
Packages: org.apache.inlong:manager-pojo
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1wMzQzLTlxd3AtcHF4ds4AA71B
Neo4j Cypher component mishandles IMMUTABLE privileges
Ecosystems: maven
Packages: org.neo4j:neo4j-cypher
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS02NGNtLTNjajMtNjdoZs4AA70r
MS Basic Cross-site Scripting vulnerability
Ecosystems: maven
Packages: net.mingsoft:ms-basic
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0yeDUyLThmMjktN2Nqcs4AA70W
Eclipse Dataspace Components vulnerable to OAuth2 client secret disclosure
Ecosystems: maven
Packages: org.eclipse.edc:connector-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS00aDhmLTJ3dngtZ2c1d84AA7vg
Bouncy Castle Java Cryptography API vulnerable to DNS poisoning
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk12, org.bouncycastle:bcprov-jdk13, org.bouncycastle:bcprov-jdk14, org.bouncycastle:bcprov-jdk15to18, org.bouncycastle:bcprov-jdk18on
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS12cHczLTNwcmYtMzk3NM4AA7uX
Apache Hive Code Injection vulnerability
Ecosystems: maven
Packages: org.apache.hive:hive-jdbc
Source: GitHub Advisory Database
Blast Radius: 22.3
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS14N2c2LXJ3aGMtZzdtas4AA7fv
Wildfly vulnerable to denial of service
Ecosystems: maven
Packages: org.wildfly:wildfly-domain-http
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS05NHByLXc5NjgtaDkyM84AA7fp
Jenkins Telegram Bot Plugin stores the Telegram Bot token in plaintext
Ecosystems: maven
Packages: org.jenkins-ci.plugins:telegrambot
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS14aDljLXZjZjktaDk0bc4AA7fo
Jenkins Git server Plugin does not perform a permission check
Ecosystems: maven
Packages: org.jenkins-ci.plugins:git-server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS12NjNnLXYzMzktMjY3M84AA7fm
Jenkins Script Security Plugin has sandbox bypass vulnerability involving crafted constructor bodies
Ecosystems: maven
Packages: org.jenkins-ci.plugins:script-security
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1waGgzLTJwOW0tdzZqNc4AA7fq
Jenkins Subversion Partial Release Manager Plugin programmatically disables the fix for CVE-2016-3721
Ecosystems: maven
Packages: org.jenkins-ci.plugins:partial-release-manager
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS0yZzRxLTl2bTktOWZ3NM4AA7fn
Jenkins Script Security Plugin sandbox bypass vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:script-security
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1najVtLW04OGotdjdjM84AA7fS
Apache ActiveMQ's default configuration doesn't secure the API web context
Ecosystems: maven
Packages: org.apache.activemq:apache-activemq
Source: GitHub Advisory Database
Blast Radius: 12.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS1jaGZtLTY4dnYtcHZ3Nc4AA7eI
XMLUnit for Java has Insecure Defaults when Processing XSLT Stylesheets
Ecosystems: maven
Packages: org.xmlunit:xmlunit-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS05d21mLXhmM2gtcjhwcs4AA7T1
Jberet: jberet-core logging database credentials
Ecosystems: maven
Packages: org.jberet:jberet-core
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0yNXc0LWhmcWctNHI1Ms4AA7T0
Quarkus: authorization flaw in quarkus resteasy reactive and classic
Ecosystems: maven
Packages: io.quarkus:quarkus-resteasy-reactive-common, io.quarkus:quarkus-resteasy-reactive-common-deployment
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1tdjY0LTg2ZzgtY3FxN84AA7Tz
Quarkus: security checks in resteasy reactive may trigger a denial of service
Ecosystems: maven
Packages: io.quarkus.resteasy.reactive:resteasy-reactive
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: 3 months ago
High
GSA_kwCzR0hTQS01eHYzLWZtN2ctODY1cs4AA7R-
OpenMetadata vulnerable to a SpEL Injection in `GET /api/v1/policies/validation/condition/<expr>` (`GHSL-2023-236`)
Ecosystems: maven
Packages: org.open-metadata:openmetadata-service
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS04cDVyLTZtdnYtMjQzNc4AA7R9
OpenMetadata vulnerable to a SpEL Injection in `PUT /api/v1/events/subscriptions` (`GHSL-2023-251`)
Ecosystems: maven
Packages: org.open-metadata:openmetadata-service
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Statistics
Advisories: 19,584
Packages: 8,642
Repositories: 999
Ecosystems: 12
Filter by Severity
Moderate 8,559 High 6,707 Critical 2,930 Low 1,073
Filter by Ecosystem
maven 5,662 packagist 4,372 pypi 4,006 npm 3,637 go 2,075 nuget 1,467 rubygems 827 cargo 824 swift 31 hex 30 actions 16 pub 8
Filter by Package
org.jenkins-ci.main:jenkins-core 189 org.apache.tomcat:tomcat 133 com.fasterxml.jackson.core:jackson-databind 69 org.apache.struts:struts2-core 55 org.keycloak:keycloak-core 47 com.liferay.portal:release.portal.bom 45 org.apache.tomcat.embed:tomcat-embed-core 37 com.thoughtworks.xstream:xstream 36 com.jfinal:jfinal 36 org.xwiki.platform:xwiki-platform-oldcore 35 net.mingsoft:ms-mcms 35 org.elasticsearch:elasticsearch 35 org.jenkins-ci.plugins:script-security 32 org.keycloak:keycloak-services 31 io.undertow:undertow-core 30 org.apache.solr:solr-core 25 org.keycloak:keycloak-parent 25 org.eclipse.jetty:jetty-server 23 org.springframework.security:spring-security-core 23 org.bouncycastle:bcprov-jdk14 22 org.apache.nifi:nifi 22 org.apache.openmeetings:openmeetings-parent 21 org.cloudfoundry.identity:cloudfoundry-identity-server 20 org.springframework:spring-core 19 com.vaadin:vaadin-bom 18 com.liferay.portal:release.dxp.bom 18 org.xwiki.platform:xwiki-platform-web-templates 17 org.apache.geode:geode-core 17 org.apache.activemq:activemq-client 16 org.apache.jspwiki:jspwiki-main 16 org.apache.dubbo:dubbo 16 org.bouncycastle:bcprov-jdk15 16 org.apache.struts.xwork:xwork-core 15 org.xwiki.platform:xwiki-platform-web 14 org.apache.inlong:manager-pojo 14 org.apache.hadoop:hadoop-main 13 org.apache.cxf:cxf 13 org.jenkins-ci.plugins:git 12 com.vaadin:flow-server 12 org.apache.tomcat:tomcat-coyote 12 org.bouncycastle:bcprov-jdk15on 12 org.jenkins-ci.plugins.workflow:workflow-cps 12 org.mortbay.jetty:jetty 11 org.apache.hadoop:hadoop-common 11 org.apache.commons:commons-compress 11 org.apache.camel:camel-core 11 org.apache.jspwiki:jspwiki-war 11 org.apache.james:james-server 11 org.apache.cxf:cxf-core 11 org.apache.tika:tika-core 11 org.jeecgframework.boot:jeecg-boot-common 11 com.xuxueli:xxl-job 11 org.igniterealtime.openfire:parent 11 org.apache.ranger:ranger 11 org.jeecgframework.boot:jeecg-boot-parent 11 org.jenkins-ci.plugins:email-ext 11 org.apache.dolphinscheduler:dolphinscheduler 11 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 10 org.jboss.netty:netty 10 org.apache.inlong:manager-service 10 io.netty:netty 10 org.xwiki.platform:xwiki-platform-administration-ui 10 org.craftercms:crafter-studio 9 org.bouncycastle:bcprov-jdk15to18 9 com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer 9 org.opennms:opennms 9 io.jenkins:configuration-as-code 9 org.apache.tapestry:tapestry-core 9 org.springframework:spring-webmvc 9 org.apache.archiva:archiva 9 org.springframework:spring-web 9 org.jenkins-ci.plugins:config-file-provider 9 org.apache.shiro:shiro-core 9 org.opencms:opencms-core 9 org.jenkins-ci.plugins:active-directory 9 cn.hutool:hutool-core 9 org.apache.xmlgraphics:batik 9 org.opencrx:opencrx-core-models 9 org.jenkins-ci.plugins:electricflow 9 org.apache.tomcat:tomcat-catalina 9 org.apache.hive:hive 9 com.hazelcast:hazelcast 8 org.graylog2:graylog2-server 8 io.jenkins.blueocean:blueocean 8 org.apache.kylin:kylin 8 org.apache.santuario:xmlsec 8 org.jenkins-ci.plugins:ec2 8 org.apache.hive:hive-exec 8 org.webjars.npm:jquery 8 jquery-rails 8 jquery 8 org.apache.pdfbox:pdfbox 8 org.apache.ozone:ozone-main 8 org.yaml:snakeyaml 8 org.apache.zeppelin:zeppelin 8 mysql:mysql-connector-java 8 org.postgresql:postgresql 8 org.apache.ambari:ambari 8 jquery-ui 7 jquery-ui-rails 7 org.webjars.npm:jquery-ui 7 jQuery.UI.Combined 7 io.jenkins.plugins:miniorange-saml-sp 7 org.owasp.antisamy:antisamy 7 org.jenkins-ci.plugins:jobConfigHistory 7 org.jeecgframework.boot:jeecg-boot-base 7 net.opentsdb:opentsdb 7 org.apache.cxf:apache-cxf 7 org.jenkins-ci.plugins:artifactory 7 org.owasp.esapi:esapi 7 org.apache.logging.log4j:log4j-core 7 org.apache.karaf:apache-karaf 7 org.jboss.resteasy:resteasy-client 7 org.apache.inlong:manager-web 7 io.jenkins.plugins:cavisson-ns-nd-integration 7 org.apache.spark:spark-core_2.11 7 org.jenkins-ci.plugins:rundeck 7 org.jenkins-ci.plugins:mercurial 7 io.dataease:dataease-plugin-common 7 org.jruby:jruby-stdlib 7 org.apache.derby:derby 7 rubygems-update 7 org.apache.tika:tika 7 org.apache.activemq:activemq-parent 7 org.apache.poi:poi 7 org.apache.atlas:atlas-common 7 org.apache.hive:hive-service 7 org.silverpeas.core:silverpeas-core-web 7 org.apache.linkis:linkis 7 io.atomix:atomix 7 org.jenkins-ci.plugins:subversion 7 io.jenkins.plugins:warnings-ng 7 org.jenkins-ci.plugins:openshift-deployer 7 jQuery 7 org.apache.shenyu:shenyu-common 6 org.apache.pulsar:pulsar-broker 6 org.apache.struts:struts2-rest-plugin 6 org.jenkins-ci.plugins:repository-connector 6 org.apache.solr:solr-parent 6 org.apache.spark:spark-core_2.10 6 hudson.plugins:project-inheritance 6 org.jenkins-ci.plugins:azure-vm-agents 6 org.apache.mesos:mesos 6 com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger 6 org.apache.httpcomponents:httpclient 6 io.netty:netty-handler 6 org.jenkins-ci.plugins:fortify-on-demand-uploader 6 io.netty:netty-codec-http 6 org.jenkins-ci.plugins:ec2-deployment-dashboard 6 de.tum.in.ase:artemis-java-test-sandbox 6 org.csanchez.jenkins.plugins:kubernetes 6 org.apache.axis:axis 6 org.opensearch.plugin:opensearch-security 6 org.opencastproject:opencast-kernel 6 com.jflyfox:jflyfox_jfinal 6 org.xwiki.commons:xwiki-commons-xml 6 axis:axis 6 commons-fileupload:commons-fileupload 6 org.jenkins-ci.plugins:pipeline-maven 6 cn.hutool:hutool-json 6 org.apache.storm:storm-core 6 org.apache.syncope:syncope-core 6 org.jenkins-ci.plugins:gitlab-oauth 6 org.bouncycastle:bcprov-jdk18on 6 com.xebialabs.deployit.ci:deployit-plugin 6 tech.powerjob:powerjob 6 org.jenkins-ci.plugins:ghprb 5 org.bouncycastle:bcprov-ext-jdk15on 5 org.apache.cassandra:cassandra-all 5 org.jenkins-ci.plugins:junit 5 info.magnolia:magnolia-core 5 org.springframework.amqp:spring-amqp 5 org.apache.druid:druid 5 org.springframework.security.oauth:spring-security-oauth2 5 org.jenkins-ci.plugins:openid 5 org.apache.zeppelin:zeppelin-server 5 com.synopsys.jenkinsci:ownership 5 org.jenkins-ci.plugins:fortify 5 com.google.protobuf:protobuf-java 5 com.ruoyi:ruoyi 5 org.apache.hadoop:hadoop-client 5 org.jboss.resteasy:resteasy-bom 5 org.jenkins-ci.plugins:extended-choice-parameter 5 org.dspace:dspace-jspui 5 org.jeecgframework.boot:jeecg-boot-base-core 5 org.neo4j.procedure:apoc 5 org.jenkins-ci.plugins:aws-codecommit-trigger 5 io.jenkins.plugins:neuvector-vulnerability-scanner 5 org.xwiki.platform:xwiki-platform-appwithinminutes-ui 5 org.apache.inlong:manager-dao 5 org.opennms:opennms-webapp 5 org.jenkins-ci.plugins:google-login 5 org.apache.zookeeper:zookeeper 5 org.jenkinsci.plugins:octoperf 5 edu.stanford.nlp:stanford-corenlp 5 org.wildfly:wildfly-parent 5 org.apache.struts:struts-core 5 org.xwiki.platform:xwiki-platform-flamingo-skin-resources 5 org.jenkins-ci.plugins:google-compute-engine 5 org.jenkins-ci.plugins:azure-ad 5
Filter by Repository
https://github.com/xwiki/xwiki-platform 174 https://github.com/jenkinsci/jenkins 148 https://github.com/apache/tomcat 97 https://github.com/FasterXML/jackson-databind 70 https://github.com/keycloak/keycloak 64 https://github.com/apache/struts 46 https://github.com/spring-projects/spring-framework 41 https://github.com/x-stream/xstream 36 https://github.com/apache/activemq 33 https://github.com/CVEProject/cvelist 28 https://github.com/apache/inlong 26 https://github.com/eclipse/jetty.project 23 https://github.com/apache/nifi 22 https://github.com/apache/cxf 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/netty/netty 20 https://github.com/OpenNMS/opennms 20 https://github.com/cloudfoundry/uaa 19 https://github.com/bcgit/bc-java 19 https://github.com/geoserver/geoserver 18 https://github.com/vaadin/platform 17 https://github.com/opencast/opencast 16 https://github.com/apache/camel 15 https://github.com/undertow-io/undertow 13 https://github.com/ming-soft/MCMS 13 https://github.com/xuxueli/xxl-job 13 https://github.com/dromara/hutool 13 https://github.com/quarkusio/quarkus 13 https://github.com/apache/dolphinscheduler 12 https://github.com/apache/kylin 12 https://github.com/igniterealtime/Openfire 11 https://github.com/vaadin/flow 11 https://github.com/apache/zeppelin 10 https://github.com/DSpace/DSpace 10 https://github.com/spring-projects/spring-security 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/apache/lucene-solr 9 https://github.com/cui2shark/cms 9 https://github.com/jquery/jquery 9 https://github.com/Graylog2/graylog2-server 9 https://github.com/xwiki/xwiki-commons 8 https://github.com/hazelcast/hazelcast 8 https://github.com/nahsra/antisamy 8 https://github.com/opensearch-project/security 8 https://github.com/jenkinsci/config-file-provider-plugin 8 https://github.com/jflyfox/jfinal_cms 7 https://github.com/vaadin/framework 7 https://github.com/apache/xmlgraphics-batik 7 https://github.com/OpenTSDB/opentsdb 7 https://github.com/dataease/dataease 7 https://github.com/pgjdbc/pgjdbc 7 https://github.com/ratpack/ratpack 7 https://github.com/RhinoSecurityLabs/CVEs 7 https://github.com/rubygems/rubygems 7 https://github.com/rundeck/rundeck 7 https://github.com/jenkinsci/blueocean-plugin 7 https://github.com/OpenAPITools/openapi-generator 6 https://github.com/cui2shark/security 6 https://github.com/apache/tika 6 https://bitbucket.org/snakeyaml/snakeyaml 6 https://github.com/jenkinsci/build-failure-analyzer-plugin 6 https://github.com/playframework/playframework 6 https://github.com/jenkinsci/fortify-on-demand-uploader-plugin 6 https://github.com/vert-x3/vertx-web 6 https://github.com/resteasy/resteasy 6 https://github.com/jenkinsci/gerrit-trigger-plugin 6 https://github.com/apache/hadoop 6 https://github.com/DrunkenShells/Disclosures 6 https://github.com/ls1intum/Ares 6 https://github.com/jquery/jquery-ui 6 https://github.com/ESAPI/esapi-java-legacy 6 https://github.com/jenkinsci/ec2-plugin 6 https://github.com/http4s/http4s 6 https://github.com/line/armeria 6 https://github.com/apache/pulsar 6 https://github.com/OpenRefine/OpenRefine 6 https://github.com/jenkinsci/electricflow-plugin 6 https://github.com/jenkinsci/configuration-as-code-plugin 6 https://github.com/JLLeitschuh/security-research 5 https://github.com/jenkinsci/email-ext-plugin 5 https://github.com/apiman/apiman 5 https://github.com/jensdietrich/xshady-release 5 https://github.com/grails/grails-core 5 https://github.com/apache/geode 5 https://bitbucket.org/connect2id/nimbus-jose-jwt 5 https://github.com/apache/openmeetings 5 https://github.com/jettison-json/jettison 5 https://github.com/PowerJob/PowerJob 5 https://github.com/jenkinsci/workflow-cps-global-lib-plugin 5 https://github.com/jenkinsci/m2release-plugin 5 https://github.com/jenkinsci/junit-plugin 5 https://github.com/alibaba/nacos 5 https://github.com/jenkinsci/subversion-plugin 5 https://github.com/apache/shenyu 5 https://github.com/jenkinsci/publish-over-ssh-plugin 5 https://github.com/jenkinsci/github-plugin 5 https://github.com/apache/shiro 5 https://github.com/alkacon/opencms-core 5 https://github.com/jenkinsci/gitlab-plugin 5 https://github.com/apache/karaf 5 https://github.com/apache/syncope 5 https://github.com/neo4j-contrib/neo4j-apoc-procedures 5 https://github.com/jenkinsci/codedx-plugin 5 https://github.com/restlet/restlet-framework-java 5 https://github.com/jenkinsci/active-directory-plugin 5 https://github.com/h2database/h2database 5 https://github.com/protocolbuffers/protobuf 5 https://github.com/jenkinsci/support-core-plugin 5 https://github.com/jenkinsci/workflow-cps-plugin 4 https://github.com/pippo-java/pippo 4 https://github.com/jenkinsci/credentials-binding-plugin 4 https://github.com/apache/solr 4 https://github.com/shopizer-ecommerce/shopizer 4 https://github.com/infinispan/infinispan 4 https://github.com/skylot/jadx 4 https://github.com/jenkinsci/warnings-ng-plugin 4 https://github.com/apache/streampipes 4 https://github.com/itext/itext7 4 https://github.com/jfinal/jfinal 4 https://github.com/jenkinsci/p4-plugin 4 https://github.com/jenkinsci/job-config-history-plugin 4 https://github.com/jenkinsci/gitlab-oauth-plugin 4 https://github.com/jenkinsci/xldeploy-plugin 4 https://github.com/reportportal/reportportal 4 https://github.com/micronaut-projects/micronaut-core 4 https://github.com/jenkinsci/rundeck-plugin 4 https://github.com/jenkinsci/fortify-plugin 4 https://github.com/jenkinsci/libvirt-slave-plugin 4 https://github.com/ktorio/ktor 4 https://github.com/xerial/snappy-java 4 https://github.com/bcgit/bc-csharp 4 https://github.com/resteasy/Resteasy 4 https://github.com/apache/activemq-artemis 4 https://github.com/jenkinsci/matrix-project-plugin 4 https://github.com/jenkinsci/htmlpublisher-plugin 4 https://github.com/jenkinsci/active-choices-plugin 4 https://github.com/yamcs/yamcs 4 https://github.com/stanfordnlp/corenlp 4 https://github.com/jenkinsci/ansible-plugin 4 https://github.com/jenkinsci/hpe-application-automation-tools-plugin 4 https://github.com/apache/httpcomponents-client 4 https://github.com/nightcloudos/new_cms 4 https://github.com/jenkinsci/nexus-platform-plugin 4 https://github.com/HtmlUnit/htmlunit 4 https://github.com/aws/aws-iot-device-sdk-java-v2 4 https://github.com/jeremylong/DependencyCheck 3 https://github.com/jenkinsci/mailer-plugin 3 https://github.com/qos-ch/logback 3 https://github.com/apache/santuario-java 3 https://github.com/Rabb1ter/cms 3 https://github.com/jenkinsci/git-parameter-plugin 3 https://github.com/li-yu320/cms 3 https://github.com/jenkinsci/gitlab-branch-source-plugin 3 https://github.com/matrix-org/matrix-android-sdk2 3 https://github.com/mbechler/marshalsec 3 https://github.com/jenkinsci/git-client-plugin 3 https://github.com/LetianYuan/My-CVE-Public-References 3 https://github.com/Adobe-Consulting-Services/acs-aem-commons 3 https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server 3 https://github.com/jenkinsci/azure-credentials-plugin 3 https://github.com/codehaus-plexus/plexus-utils 3 https://github.com/aws/amazon-redshift-jdbc-driver 3 https://github.com/AsyncHttpClient/async-http-client 3 https://github.com/jenkinsci/embeddable-build-status-plugin 3 https://github.com/jenkinsci/hashicorp-vault-plugin 3 https://github.com/opengoofy/hippo4j 3 https://github.com/OpenIdentityPlatform/OpenAM 3 https://github.com/jenkinsci/azure-vm-agents-plugin 3 https://github.com/open-metadata/OpenMetadata 3 https://github.com/ysuzhangbin/cms 3 https://github.com/jooby-project/jooby 3 https://github.com/orientechnologies/orientdb 3 https://github.com/joniles/mpxj 3 https://github.com/OWASP/json-sanitizer 3 https://github.com/crate/crate 3 https://github.com/peteroupc/CBOR-Java 3 https://github.com/pf4j/pf4j 3 https://github.com/apache/storm 3 https://github.com/jhy/jsoup 3 https://github.com/javamelody/javamelody 3 https://github.com/jenkinsci/cloudbees-jenkins-advisor-plugin 3 https://github.com/eclipse-vertx/vert.x 3 https://github.com/jenkinsci/liquibase-runner-plugin 3 https://github.com/spray/spray-json 3 https://github.com/jenkinsci/nomad-plugin 3 https://github.com/apache/commons-configuration 3 https://github.com/apache/james-project 3 https://github.com/spring-projects/spring-boot 3 https://github.com/apache/jackrabbit 3 https://github.com/jenkinsci/audit-trail-plugin 3 https://github.com/wso2/carbon-registry 3 https://github.com/apache/cxf-fediz 3 https://github.com/apache/derby 3 https://github.com/jenkinsci/mercurial-plugin 3 https://github.com/eclipse-ee4j/mojarra 3 https://github.com/jenkinsci/code-coverage-api-plugin 3 https://github.com/google/guava 3 https://github.com/jenkinsci/compuware-topaz-for-total-test-plugin 3