Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Advisories

Loading...
Moderate
GSA_kwCzR0hTQS0zZzV3LTZwdzctNmhycM4AAxOj
Path Traversal In Eclipse GlassFish
Ecosystems: maven
Packages: org.glassfish.main.web:web
Source: GitHub Advisory Database
Published: 2 days ago
Critical
GSA_kwCzR0hTQS04bTlmLWM1cDktd3FjaM4AAxM-
Remote Code Execution in com.bstek.uflo:uflo-core
Ecosystems: maven
Packages: com.bstek.uflo:uflo-core
Source: GitHub Advisory Database
Published: 2 days ago
High
GSA_kwCzR0hTQS02NXY2LTNjOW0taG1ycM4AAxK2
Arbitrary file write in net.mingsoft:ms-mcms
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Published: 2 days ago
High
GSA_kwCzR0hTQS03NnFqLTlnd2gtcHZ2M84AAxJ8
Sandbox bypass in Jenkins Script Security Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:script-security
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS0yanB4LWg4ajItZzhtNM4AAxJW
Exposure of system-scoped Kubernetes credentials in Jenkins Kubernetes Credentials Provider Plugin
Ecosystems: maven
Packages: com.cloudbees.jenkins.plugins:kubernetes-credentials-provider
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS1yM2dtLWp3ZjQteGd2Ms4AAxJ7
Cross-site request forgery vulnerability in Jenkins JIRA Pipeline Steps Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:jira-steps
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS05NWpxLTI0Y3ItcGdycc4AAxJV
Cross-site request forgery in Jenkins Gerrit Trigger Plugin
Ecosystems: maven
Packages: com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger
Source: GitHub Advisory Database
Published: 2 days ago
Low
GSA_kwCzR0hTQS00eDY1LTRmangtcjdtNs4AAxJ4
Plaintext storage of Access Token in Jenkins GitHub Pull Request Coverage Status Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:github-pr-coverage-status
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS02ODVqLTM2cXgtM3ZwMs4AAxJ2
Cross-site request forgery vulnerability in Jenkins Bitbucket OAuth Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:bitbucket-oauth
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS04N3JoLXdjODUteHF2Y84AAxJ9
Missing permission checks in Jenkins Orka Plugin allow enumerating credentials IDs
Ecosystems: maven
Packages: io.jenkins.plugins:macstadium-orka
Source: GitHub Advisory Database
Published: 2 days ago
High
GSA_kwCzR0hTQS1oOHA4LTYzNzgtNjQ5cM4AAxJ1
XML external entity reference vulnerability on agents in Jenkins Semantic Versioning Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:semantic-versioning-plugin
Source: GitHub Advisory Database
Published: 2 days ago
Low
GSA_kwCzR0hTQS1nMjl2LTVwd2gtd3h4NM4AAxKJ
Plaintext Storage of a Password in Jenkins JIRA Pipeline Steps Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:jira-steps
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS1wY2MyLXc2bTgteDV3NM4AAxJ6
Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:semantic-versioning-plugin
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS05andoLXF2ZzctZ3I1Oc4AAxJ0
CSRF vulnerability in Jenkins Orka Plugin allow capturing credentials
Ecosystems: maven
Packages: io.jenkins.plugins:macstadium-orka
Source: GitHub Advisory Database
Published: 2 days ago
High
GSA_kwCzR0hTQS14OXE0LXF3ZmgtOWdqcc4AAxJ-
Session fixation vulnerability in Jenkins Bitbucket OAuth Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:bitbucket-oauth
Source: GitHub Advisory Database
Published: 2 days ago
High
GSA_kwCzR0hTQS1nNW1qLWMyNmctdm1wbc4AAxJx
XML Entity Expansion in Jenkins TestComplete support Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:TestComplete
Source: GitHub Advisory Database
Published: 2 days ago
High
GSA_kwCzR0hTQS05OTYzLWdtaDgtdnZtNs4AAxJN
Session fixation vulnerability in Jenkins Keycloak Authentication Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:keycloak
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS1tajYyLW02M3gtbWg4NM4AAxJy
Open redirect vulnerability in Jenkins OpenID Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:openid
Source: GitHub Advisory Database
Published: 2 days ago
Low
GSA_kwCzR0hTQS05OHFjLXY4dmctbWN4NM4AAxJQ
Plaintext Storage of a Password in Jenkins TestQuality Updater Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:testquality-updater
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS1xZ2pxLWhyaGctZjI0aM4AAxJr
Missing permission check in Jenkins RabbitMQ Consumer Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:rabbitmq-consumer
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS13NHY1LTU0cDgtbTRqNc4AAxJ3
Missing permission checks in Jenkins GitHub Pull Request Builder Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ghprb
Source: GitHub Advisory Database
Published: 2 days ago
High
GSA_kwCzR0hTQS1mOTc2LTI0aGMtbWp2cs4AAxJw
Session fixation vulnerability in Jenkins OpenID Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:openid
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS13ajc5LTlmeGotajg2cM4AAxJu
Cross-site request forgery vulnerability in Jenkins RabbitMQ Consumer Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:rabbitmq-consumer
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS04bW1oLWg0amgtMmczNM4AAxJP
Path Traversal in Jenkins visualexpert Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:visualexpert
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS14cjhoLXdqNHYtcng3Zs4AAxJR
Missing permission check in Jenkins TestQuality Updater Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:testquality-updater
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS01eHBjLWM0eHYtN3c2Ms4AAxJS
Path traversal vulnerability in Jenkins PWauth Security Realm Plugin
Ecosystems: maven
Packages: org.jvnet.hudson.plugins:pwauth
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS1jY2Y0LTloamMteHhjNM4AAxJz
Missing permission check in Jenkins GitHub Pull Request Builder Plugin allows enumerating credentials IDs
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ghprb
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS1tNnE4LW13ZjYtNm1tY84AAxJU
CSRF vulnerability in Jenkins GitHub Pull Request Builder Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ghprb
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS1nbWhmLTM3ZngtYzRxOM4AAxJT
Missing permission checks in Jenkins Orka Plugin allow capturing credentials
Ecosystems: maven
Packages: io.jenkins.plugins:macstadium-orka
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS1weDJmLWNxcmYtZjJxZ84AAxJO
CSRF vulnerability in Jenkins TestQuality Updater Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:testquality-updater
Source: GitHub Advisory Database
Published: 2 days ago
High
GSA_kwCzR0hTQS0zZzJnLXJjbTYtcnJxMs4AAxJv
Cleartext Transmission of Sensitive Information in Jenkins JIRA Pipeline Steps Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:jira-steps
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS0zcHByLTcyeDUteDY3cc4AAxKF
XML external entity vulnerability on agents in Jenkins MSTest Plugin
Ecosystems: maven
Packages: org.jvnet.hudson.plugins:mstest
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS05Nmp2LWM3bTYtcTQzZ84AAxJs
Cross-site request forgery vulnerability in Jenkins OpenID Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:openid
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS02aHc3LXg4NnYtd3JnZs4AAxJp
Passwords stored in plain text by Jenkins view-cloner Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:view-cloner
Source: GitHub Advisory Database
Published: 2 days ago
High
GSA_kwCzR0hTQS12eG1oLXA1MmotaDMzbc4AAxJ5
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:oic-auth
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS01eGhoLTZ4ZnYtN3E0Ms4AAxJi
Cross-site request forgery vulnerability in Jenkins BearyChat Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:bearychat
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS05d3JyLTRyOXYtMjZ4Y84AAxJe
CSRF vulnerability in Jenkins Keycloak Authentication Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:keycloak
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS02N3c0LXc4NzctanYyOc4AAxJq
Missing permission check in Jenkins BearyChat Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:bearychat
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS12M2NnLTdyOWgtcjJnNs4AAxIz
Field-level security issue with .keyword fields in OpenSearch
Ecosystems: maven
Packages: org.opensearch:opensearch
Source: GitHub Advisory Database
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS04NjR2LTZxajctNjJxas4AAxIy
Issue with whitespace in JWT roles in OpenSearch
Ecosystems: maven
Packages: org.opensearch:opensearch
Source: GitHub Advisory Database
Published: 5 days ago
Critical
GSA_kwCzR0hTQS1qcWg2LTk1NzQtNXgyMs4AAxIl
MITM based Zip Slip in `ca.uhn.hapi.fhir:org.hl7.fhir.core`
Ecosystems: maven
Packages: ca.uhn.hapi.fhir:org.hl7.fhir.core
Source: GitHub Advisory Database
Published: 5 days ago
Critical
GSA_kwCzR0hTQS14cjh4LXB4bTYtcHJqZ84AAxIj
MITM based Zip Slip in `org.hl7.fhir.publisher:org.hl7.fhir.publisher`
Ecosystems: maven
Packages: org.hl7.fhir.publisher:org.hl7.fhir.publisher
Source: GitHub Advisory Database
Published: 5 days ago
Critical
GSA_kwCzR0hTQS02dzg5LWM2NXctangyY84AAxE2
Jeecg-boot is vulnerable to SQL injection
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-module-system, org.jeecgframework.boot:jeecg-boot-base-core
Source: GitHub Advisory Database
Published: 10 days ago
Moderate
GSA_kwCzR0hTQS1oNDUyLTc5OTYtaDQ1aM4AAxDY
cookiejar Regular Expression Denial of Service via Cookie.parse function
Ecosystems: maven, npm
Packages: org.webjars.npm:cookiejar, cookiejar
Source: GitHub Advisory Database
Published: 11 days ago
High
GSA_kwCzR0hTQS1tNGY4LXA1OGctajhtas4AAxCR
Observable timing discrepancy in JOpenId
Ecosystems: maven
Packages: org.expressme:JOpenId
Source: GitHub Advisory Database
Published: 11 days ago
High
GSA_kwCzR0hTQS03Y3hyLWg4d20tZmc0Y84AAw-y
Apache Shiro Interpretation Conflict vulnerability
Ecosystems: maven
Packages: org.apache.shiro:shiro-root
Source: GitHub Advisory Database
Published: 15 days ago
High
GSA_kwCzR0hTQS01djh2LWd3bXctcXc5N84AAw-H
org.neo4j.procedure:apoc Path Traversal Vulnerability
Ecosystems: maven
Packages: org.neo4j.procedure:apoc
Source: GitHub Advisory Database
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS12aHZxLWpoMzQtM2ZjOM4AAw9x
Keycloak allows impersonation and lockout due to email trust not being handled correctly
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Published: 16 days ago
High
GSA_kwCzR0hTQS1qbWo2LXAyajktNjhjcM4AAw90
Wildfly-elytron possibly vulnerable to timing attacks via use of unsafe comparator
Ecosystems: maven
Packages: org.wildfly.security:wildfly-elytron
Source: GitHub Advisory Database
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS12NDM2LXEzNjgtaHZnZ84AAw8k
Keycloak has lack of validation of access token on client registrations endpoint
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS1xeHhjLTdtcTQtbWY3Oc4AAw7_
Java Merge-sort Insecure Temporary File vulnerability
Ecosystems: maven
Packages: com.fasterxml.util:java-merge-sort
Source: GitHub Advisory Database
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS0ycGoyLWdjaGYtd213N84AAw1k
Zip4j Origin Validation Error
Ecosystems: maven
Packages: net.lingala.zip4j:zip4j
Source: GitHub Advisory Database
Published: 19 days ago
Moderate
GSA_kwCzR0hTQS1xOTVqLTQ4OHEtNXEzcM4AAw0v
Apiman Manager API affected by Jackson denial of service vulnerability
Ecosystems: maven
Packages: io.apiman:apiman-manager-api-impl
Source: GitHub Advisory Database
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS0zOG0yLXZyNmctOGM5NM4AAw0n
Apache Sling App CMS vulnerable to reflected Cross-site Scripting
Ecosystems: maven
Packages: org.apache.sling:org.apache.sling.cms
Source: GitHub Advisory Database
Published: 20 days ago
Critical
GSA_kwCzR0hTQS1qanZwLXdmcDgtcnY2Oc4AAwyg
globalpom-utils has Insecure Temporary File
Ecosystems: maven
Packages: com.anrisoftware.globalpom:globalpomutils
Source: GitHub Advisory Database
Published: 22 days ago
High
GSA_kwCzR0hTQS01NHc2LXZ4ZmgtZnc3Zs4AAwyX
Http4s improperly parses User-Agent and Server headers
Ecosystems: maven
Packages: org.http4s:http4s-core
Source: GitHub Advisory Database
Published: 23 days ago
Critical
GSA_kwCzR0hTQS02bWpwLTJybTYtOWc4Nc4AAwyI
XWiki CKEditor.HTMLConverter vulnerable to Remote Code Execution via Cross-Site Request Forgery
Ecosystems: maven
Packages: org.xwiki.contrib:application-ckeditor-ui
Source: GitHub Advisory Database
Published: 23 days ago
Critical
GSA_kwCzR0hTQS03N2NjLXczd20tNndocM4AAwyB
dssp vulnerable to Improper Restriction of XML External Entity Reference
Ecosystems: maven
Packages: be.e_contract.dssp:dssp-client
Source: GitHub Advisory Database
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS12NnZwLTYydmMtODRxd84AAwyC
Apache James server allows an attacker with local access to access private user data in transit
Ecosystems: maven
Packages: org.apache.james:james-server
Source: GitHub Advisory Database
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS1xODR4LTM0NzYtOGZmMs4AAwx_
Apache James MIME4J vulnerable to information disclosure to local users
Ecosystems: maven
Packages: org.apache.james:apache-mime4j
Source: GitHub Advisory Database
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS14MzQ3LWZjOXctdzdjM84AAwxu
Nuxeo vulnerable to Reflected Cross-Site Scripting leading to Remote Code Execution
Ecosystems: maven
Packages: org.nuxeo.ecm.platform:nuxeo-platform-oauth
Source: GitHub Advisory Database
Published: 23 days ago
Critical
GSA_kwCzR0hTQS13Zzk5LTV2cngtajJnZ84AAwwt
bonita-connector-webservice XML External Entity vulnerability
Ecosystems: maven
Packages: org.bonitasoft.connectors:bonita-connector-webservice
Source: GitHub Advisory Database
Published: 24 days ago
Critical
GSA_kwCzR0hTQS1nNHI4LTI4ZnAtZjI1Nc4AAwwx
aXMLRPC XML External Entity vulnerability
Ecosystems: maven
Packages: fr.turri:aXMLRPC
Source: GitHub Advisory Database
Published: 24 days ago
Critical
GSA_kwCzR0hTQS0zeGg1LThodnEtcmM4eM4AAwvm
Apache DolphinScheduler vulnerable to Improper Input Validation
Ecosystems: maven
Packages: org.apache.dolphinscheduler:dolphinscheduler
Source: GitHub Advisory Database
Published: 25 days ago
High
GSA_kwCzR0hTQS12cDYyLW05NTgtcWo4Y84AAwu3
Gravitee API Management contains Path Traversal
Ecosystems: maven
Packages: io.gravitee.apim:gravitee-api-management
Source: GitHub Advisory Database
Published: 25 days ago
Low
GSA_kwCzR0hTQS1ycTJ3LTM3aDktdmc5NM4AAwuy
Apache Tomcat improperly escapes input from JsonErrorReportValve
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Published: 25 days ago
Critical
GSA_kwCzR0hTQS1mcHJyLXJybTgtNDUzNM4AAwuU
Apache Dubbo vulnerable to remote code execution via Telnet Handler
Ecosystems: maven
Packages: org.apache.dubbo:dubbo-parent
Source: GitHub Advisory Database
Published: 26 days ago
High
GSA_kwCzR0hTQS1qOTRwLWh2MjUtcm01Z84AAwuM
Apiman has potential permissions bypass
Ecosystems: maven
Packages: io.apiman:apiman-manager-api-rest-impl
Source: GitHub Advisory Database
Published: 26 days ago
High
GSA_kwCzR0hTQS1xMmZqLTZoNjItNTltMs4AAwrK
Apiman Vert.x Gateway has Transitive Hazelcast connection caching issue
Ecosystems: maven
Packages: io.apiman:apiman-distro-vertx, io.apiman:apiman-gateway-platforms-vertx
Source: GitHub Advisory Database
Published: 29 days ago
High
GSA_kwCzR0hTQS05cDYyLXgzYzUtaHI1cM4AAwql
Path Traversal In MeterSpere leads to upload file to any path
Ecosystems: maven
Packages: io.metersphere:metersphere
Source: GitHub Advisory Database
Published: 30 days ago
High
GSA_kwCzR0hTQS1mOGNjLWc3ajgteHhwbc4AAwqj
XStream can cause a Denial of Service by injecting deeply nested objects raising a stack overflow
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Published: 30 days ago
High
GSA_kwCzR0hTQS1mNXE5LWo5cjItMzRncc4AAwqT
Apache Kylin vulnerable to Command injection by Useless configuration
Ecosystems: maven
Packages: org.apache.kylin:kylin
Source: GitHub Advisory Database
Published: 30 days ago
Critical
GSA_kwCzR0hTQS1qNjlmLWZnaDUtZjdtY84AAwqU
iText RUPS XML External Entity vulnerability
Ecosystems: maven
Packages: com.itextpdf:itext-rups
Source: GitHub Advisory Database
Published: 30 days ago
Critical
GSA_kwCzR0hTQS13OXJ2LXhtZjcteDNnaM4AAwqa
Apache Kylin vulnerable to Command injection by Diagnosis Controller
Ecosystems: maven
Packages: org.apache.kylin:kylin
Source: GitHub Advisory Database
Published: 30 days ago
High
GSA_kwCzR0hTQS1qNTYzLWdyeDQtcGpwds4AAwpk
XStream can cause Denial of Service via stack overflow
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS1qajhyLWp3NDItbXc0d84AAwoh
Widoco Path Traversal vulnerability
Ecosystems: maven
Packages: com.github.dgarijo:Widoco
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1mNWg5LXF4MzgtMmhncM4AAwnj
AWS SDK is vulnerable to server-side request forgery (SSRF)
Ecosystems: maven
Packages: com.amazonaws:aws-android-sdk-mobile-client
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS1jNWhnLW1yOHItZjZqcM4AAwnc
Hazelcast connection caching
Ecosystems: maven
Packages: com.hazelcast:hazelcast-enterprise, com.hazelcast.jet:hazelcast-jet-enterprise, com.hazelcast.jet:hazelcast-jet, com.hazelcast:hazelcast
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS13bXhtLTZ3eGMtM3hxZs4AAwgk
Apache ShardingSphere-Proxy Incomplete Cleanup vulnerability
Ecosystems: maven
Packages: org.apache.shardingsphere:shardingsphere-proxy
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS02cnZ2LWg4ZzctNzI4d84AAwgN
Mingsoft MCMS Cross-site Scripting vulnerability
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1jMnA0LThtdnYtcndtds4AAwel
Apache Karaf vulnerable to potential code injection
Ecosystems: maven
Packages: org.apache.karaf:apache-karaf
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS05cDhqLWhyZ2YtamMyZ84AAwdQ
Apache Zeppelin Cross-site Scripting vulnerability
Ecosystems: maven
Packages: org.apache.zeppelin:zeppelin
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS04OXc3LTVxNDUtcjUzd84AAwbi
lite-server vulnerable to Denial of Service
Ecosystems: maven, npm
Packages: org.webjars.npm:lite-server, lite-server
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS01NHI1LXdyOHgteDV2M84AAwbX
Apiman has insufficient checks for read permissions
Ecosystems: maven
Packages: io.apiman:apiman-manager-api-rest-impl
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1taHhnLTJ4ZjctNHh3eM4AAwZ1
Apache Helix UI vulnerable to Open Redirect
Ecosystems: maven
Packages: org.apache.helix:helix
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS00N3Z4LWZxcjUtajJnd84AAwYo
HuTool vulnerable to Uncontrolled Resource Consumption
Ecosystems: maven
Packages: cn.hutool:hutool-core
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1neHE1LTc5bTItZ3Z2cc4AAwXR
Apache Bookkeeper vulnerable to Improper Certificate Validation
Ecosystems: maven
Packages: org.apache.bookkeeper:bookkeeper-common
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1ncDVmLWdxZ3EtNzI1NM4AAwXb
WSO2 carbon-registry vulnerable to Cross-site Scripting
Ecosystems: maven
Packages: org.wso2.carbon.registry:carbon-registry
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1qMzRyLTU3eGotcGZtNc4AAwXG
WSO2 carbon-registry Cross-site Scripting vulnerability
Ecosystems: maven
Packages: org.wso2.carbon.registry:carbon-registry
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1jbXdtLTQ1bWotbXBnM84AAwV0
SCIFIO vulnerable to Path Traversal
Ecosystems: maven
Packages: io.scif:scifio
Source: GitHub Advisory Database
Published: about 2 months ago
High
GSA_kwCzR0hTQS1wNzgyLTRqMjMteHFjZ84AAwVy
Apache Atlas: zip path traversal in import functionality
Ecosystems: maven
Packages: org.apache.atlas:apache-atlas
Source: GitHub Advisory Database
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1nOHE4LWZnZ3gtOXIzcc4AAwUa
Keycloak vulnerable to path traversal via double URL encoding
Ecosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS05N2c4LXhmdnctcTRoZ84AAwUZ
Keycloak vulnerable to session takeover with OIDC offline refreshtokens
Ecosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS14M3gzLXF3anEtOGdqNM4AAwSr
Apache CXF Server-Side Request Forgery vulnerability
Ecosystems: maven
Packages: org.apache.cxf:cxf-core
Source: GitHub Advisory Database
Published: about 2 months ago
High
GSA_kwCzR0hTQS1ncnI0LXd2MzgtZjY4d84AAwSU
Jettison Out-of-bounds Write vulnerability
Ecosystems: maven
Packages: org.codehaus.jettison:jettison
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS0zdzM3LTVwM3AtanY5Ms4AAwSK
Apache CXF vulnerable to Exposure of Sensitive Information
Ecosystems: maven
Packages: org.apache.cxf:cxf-core
Source: GitHub Advisory Database
Published: about 2 months ago
High
GSA_kwCzR0hTQS03cmYzLW1xcHgtaDd4Z84AAwSP
Jettison Out-of-bounds Write vulnerability
Ecosystems: maven
Packages: org.codehaus.jettison:jettison
Source: GitHub Advisory Database
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1meHJjLWhnNmotNnYzeM4AAwSH
hutool-json vulnerable to memory exhaustion
Ecosystems: maven
Packages: cn.hutool:hutool-json
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS0zdnFqLTQzdzQtMnE1OM4AAwSR
hutool-json stack overflow vulnerability
Ecosystems: maven
Packages: cn.hutool:hutool-json
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS13aGdoLWcyNGMtM2o1cc4AAwSQ
hutool-json stack overflow vulnerability
Ecosystems: maven
Packages: cn.hutool:hutool-json
Source: GitHub Advisory Database
Published: about 2 months ago
Filter by Package
org.jenkins-ci.main:jenkins-core 144 org.apache.tomcat:tomcat 73 com.fasterxml.jackson.core:jackson-databind 68 org.apache.struts:struts2-core 43 org.keycloak:keycloak-core 38 com.thoughtworks.xstream:xstream 37 org.apache.nifi:nifi 27 io.undertow:undertow-core 25 org.springframework:spring-core 25 net.mingsoft:ms-mcms 23 org.elasticsearch:elasticsearch 23 org.apache.tomcat.embed:tomcat-embed-core 22 org.jenkins-ci.plugins:script-security 21 org.apache.solr:solr-core 21 org.springframework.security:spring-security-core 20 org.eclipse.jetty:jetty-server 19 com.vaadin:vaadin-bom 19 org.keycloak:keycloak-parent 17 org.apache.openmeetings:openmeetings-parent 17 org.apache.activemq:activemq-client 17 org.bouncycastle:bcprov-jdk14 17 org.bouncycastle:bcprov-jdk15 16 org.apache.geode:geode-core 15 org.apache.jspwiki:jspwiki-main 14 org.xwiki.platform:xwiki-platform-oldcore 14 org.apache.cxf:cxf 14 org.apache.dubbo:dubbo 13 org.apache.tika:tika-core 13 org.jenkins-ci.plugins.workflow:workflow-cps 11 org.jenkins-ci.plugins:git 11 org.apache.cxf:cxf-core 11 org.apache.hadoop:hadoop-common 11 com.liferay.portal:release.portal.bom 11 org.apache.hadoop:hadoop-main 11 org.apache.jspwiki:jspwiki-war 10 org.apache.ranger:ranger 10 com.vaadin:flow-server 10 org.apache.camel:camel-core 9 io.jenkins:configuration-as-code 9 org.apache.xmlgraphics:batik 9 org.apache.hive:hive 9 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 9 org.apache.kylin:kylin 9 org.apache.tapestry:tapestry-core 8 org.yaml:snakeyaml 8 org.xwiki.platform:xwiki-platform-web 8 org.apache.shiro:shiro-core 8 org.apache.tika:tika 8 org.apache.poi:poi 8 org.apache.commons:commons-compress 8 org.apache.karaf:apache-karaf 8 mysql:mysql-connector-java 8 org.jboss.resteasy:resteasy-client 8 org.apache.pdfbox:pdfbox 8 org.apache.hive:hive-exec 8 org.apache.ozone:ozone-main 8 org.apache.zeppelin:zeppelin 7 org.jenkins-ci.plugins:subversion 7 org.springframework:spring-webmvc 7 org.igniterealtime.openfire:parent 7 org.apache.santuario:xmlsec 7 org.apache.atlas:atlas-common 7 io.jenkins.blueocean:blueocean 7 org.apache.httpcomponents:httpclient 7 org.apache.druid:druid 7 org.apache.spark:spark-core_2.11 7 org.apache.cxf:apache-cxf 7 org.apache.james:james-server 7 io.atomix:atomix 7 org.apache.hive:hive-service 7 org.craftercms:crafter-studio 7 org.jenkins-ci.plugins:ec2 6 io.jenkins.plugins:cavisson-ns-nd-integration 6 org.apache.archiva:archiva 6 org.jenkins-ci.plugins:active-directory 6 org.apache.mesos:mesos 6 com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger 6 org.apache.dolphinscheduler:dolphinscheduler 6 org.postgresql:postgresql 6 commons-jxpath:commons-jxpath 6 org.opencastproject:opencast-kernel 6 org.springframework.amqp:spring-amqp 6 org.apache.spark:spark-core_2.10 6 org.owasp.antisamy:antisamy 6 org.apache.logging.log4j:log4j-core 6 org.apache.syncope:syncope-core 6 org.apache.solr:solr-parent 6 io.netty:netty-handler 6 org.jenkins-ci.plugins:pipeline-maven 5 org.biouno:uno-choice 5 org.jenkins-ci.plugins:repository-connector 5 org.jenkins-ci.plugins:ghprb 5 com.synopsys.jenkinsci:ownership 5 xerces:xercesImpl 5 org.jenkins-ci.plugins:extended-choice-parameter 5 com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer 5 org.keycloak:keycloak-services 5 org.craftercms:craftercms 5 org.jenkins-ci.plugins:openshift-deployer 5 org.csanchez.jenkins.plugins:kubernetes 5 com.fasterxml.woodstox:woodstox-core 5 io.dataease:dataease-plugin-common 5 org.xwiki.platform:xwiki-platform-web-templates 5 com.jflyfox:jflyfox_jfinal 5 org.apache.shenyu:shenyu-common 5 org.dspace:dspace-jspui 5 org.apache.hadoop:hadoop-client 5 org.jenkins-ci.plugins:ec2-deployment-dashboard 5 commons-fileupload:commons-fileupload 5 org.bouncycastle:bcprov-jdk15on 5 org.owasp.esapi:esapi 5 org.jenkins-ci.plugins:mercurial 5 org.apache.tomcat:tomcat-catalina 5 org.infinispan:infinispan-core 5 org.jenkins-ci.plugins:mailer 5 info.magnolia:magnolia-core 5 org.jeecgframework.boot:jeecg-boot-base-core 5 org.apache.cxf.fediz:fediz-spring2 5 org.apache.storm:storm-core 5 org.apache.ignite:ignite-core 5 com.alibaba:dubbo 5 edu.stanford.nlp:stanford-corenlp 5 org.jboss.resteasy:resteasy-bom 5 org.apache.activemq:activemq-parent 5 org.opencms:opencms-core 5 org.apache.kafka:kafka 5 log4j:log4j 5 org.jenkins-ci.plugins:tfs 4 org.jenkins-ci.plugins:p4 4 org.jenkins-ci.plugins:hp-application-automation-tools-plugin 4 com.google.protobuf:protobuf-java 4 org.jenkins-ci.plugins:config-file-provider 4 org.jenkins-ci.plugins:requests 4 org.jenkins-ci.plugins:cons3rt 4 com.xebialabs.deployit.ci:deployit-plugin 4 org.jenkins-ci.plugins:google-login 4 org.jenkins-ci.plugins:rundeck 4 org.jenkins-ci.plugins:coverity 4 org.jenkins-ci.plugins:google-compute-engine 4 org.jenkins-ci.plugins:build-publisher 4 org.jenkins-ci.plugins:libvirt-slave 4 org.jenkins-ci.plugins:rapiddeploy-jenkins 4 org.jenkins-ci.plugins:crx-content-package-deployer 4 com.elasticbox.jenkins-ci.plugins:kubernetes-ci 4 org.jenkins-ci.plugins:ssh 4 org.jenkins-ci.plugins:kubernetes-cd 4 com.datapipe.jenkins.plugins:hashicorp-vault-plugin 4 org.jenkins-ci.plugins:ci-with-toad-edge 4 org.jeecgframework.boot:jeecg-boot-common 4 com.surenpi.jenkins:phoenix-autotest 4 org.jenkins-ci.plugins:publish-over-ssh 4 org.jenkins-ci.plugins:credentials 4 net.opentsdb:opentsdb 4 org.apache.spark:spark-core 4 com.nimbusds:nimbus-jose-jwt 4 org.glassfish:javax.faces 4 struts:struts 4 org.jenkins-ci.plugins:katalon 4 com.compuware.jenkins:compuware-topaz-for-total-test 4 org.neo4j.procedure:apoc 4 org.jenkins-ci.plugins:deployer-framework 4 net.bull.javamelody:javamelody-core 4 org.apache.ws.security:wss4j 4 org.apache.cxf:cxf-rt-frontend-jaxrs 4 org.opensaml:opensaml 4 org.apache.derby:derby 4 com.hazelcast:hazelcast 4 com.convertigo.jenkins.plugins:convertigo-mobile-platform 4 org.apache.qpid:qpid-broker 4 org.jolokia:jolokia-core 4 org.wildfly.security:wildfly-elytron 4 org.apache.thrift:libthrift 4 org.mortbay.jetty:jetty 4 org.springframework.security.oauth:spring-security-oauth2 4 org.jvnet.hudson.plugins:storable-configs-plugin 4 io.netty:netty-codec-http 4 io.swagger:swagger-codegen 4 org.jeecgframework.boot:jeecg-boot-base 4 org.codehaus.jettison:jettison 4 com.alibaba.nacos:nacos-common 4 com.itextpdf:itext7-core 4 com.h2database:h2 4 org.opencastproject:opencast-common 4 com.typesafe.play:play_2.12 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 awsiotsdk 4 aws-iot-device-sdk-v2 4 com.vaadin:vaadin-server 4 org.opennms:opennms 4 org.directwebremoting:dwr 4 io.ratpack:ratpack-core 4 org.apache.cassandra:cassandra-all 4 com.typesafe.play:play 4 io.vertx:vertx-web 4 org.apache.ant:ant 4 org.apache.axis:axis 4 org.apache.struts:struts2-rest-plugin 4 io.jenkins.plugins:code-coverage-api 3 org.jenkins-ci.plugins:database 3 org.jenkins-ci.tools:git-parameter 3 org.jenkins-ci.plugins:email-ext 3 org.jenkins-ci.plugins:elastest 3 org.jenkins-ci.plugins:liquibase-runner 3 com.google.protobuf:protobuf-javalite 3 com.checkmarx.jenkins:checkmarx 3 org.jenkins-ci.plugins:junit 3 org.jenkins-ci.plugins:support-core 3 org.springframework:spring-webflux 3 org.jenkins-ci.plugins:scriptler 3 org.jenkins-ci.plugins:icescrum 3 org.jenkins-ci.plugins:promoted-builds 3 cn.hutool:hutool-json 3 com.xebialabs.ci:xlrelease-plugin 3 org.jenkins-ci.plugins:pipeline-input-step 3 net.praqma:rqm-plugin 3 org.jenkins-ci.plugins:vsphere-cloud 3 org.jenkins-ci.plugins:github-branch-source 3 com.moded.extendedchoiceparameter:dynamic_extended_choice_parameter 3 org.jenkins-ci.plugins:jira 3 com.groupon.jenkins-ci.plugins:DotCi 3 org.jenkins-ci.plugins:anchore-container-scanner 3 org.jenkins-ci.plugins:dynatrace-dashboard 3 org.jenkins-ci.plugins:bitbucket-oauth 3 org.jenkins-ci.plugins:generic-webhook-trigger 3 org.conjur.jenkins:conjur-credentials 3 org.jenkins-ci.plugins:gitlab-oauth 3 org.jenkins-ci.plugins:sinatra-chef-builder 3 org.jenkins-ci.plugins:dbCharts 3 org.jenkins-ci.plugins:rocketchatnotifier 3 org.apache.atlas:apache-atlas 3 org.jenkins-ci.plugins:zephyr-for-jira-test-management 3 org.jenkins-ci.plugins:cvs 3 org.apache.qpid:proton-j 3 org.jenkins-ci.plugins:cloudbees-jenkins-advisor 3 io.vertx:vertx-core 3 com.orientechnologies:orientdb-studio 3 org.jenkins-ci.plugins:autocomplete-parameter 3 org.springframework.data:spring-data-commons 3 org.restlet.jse:org.restlet 3 org.springframework.cloud:spring-cloud-config-server 3 org.apache.olingo:odata-client-core 3 org.jenkins-ci.plugins:fortify-on-demand-uploader 3 org.apache.portals.pluto:pluto-portal 3 hudson.plugins:project-inheritance 3 org.springframework:spring-web 3 com.linecorp.armeria:armeria 3 org.bouncycastle:bc-fips 3 org.eclipse.jetty:jetty-webapp 3 com.bstek.ureport:ureport2-console 3 org.webjars.npm:xlsx 3 xlsx 3 org.apache.any23:apache-any23 3 edu.internet2.middleware:shibboleth-identityprovider 3 org.apache.struts:struts-core 3 org.apache.sling:org.apache.sling.servlets.post 3 io.ratpack:ratpack-session 3 com.epam.reportportal:service-api 3 org.codehaus.groovy:groovy 3 org.bouncycastle:bcprov-jdk16 3 org.jboss.resteasy:resteasy-core 3 org.jenkins-ci.plugins:s3 3 org.apache.unomi:unomi 3 com.mikesamuel:json-sanitizer 3 com.adobe.acs:acs-aem-commons 3 org.apache.activemq:apache-artemis 3 com.xuxueli:xxl-job-core 3 org.eclipse.lemminx:lemminx-parent 3 org.richfaces:richfaces-core 3 org.graylog2:graylog2-server 3 org.springframework.data:spring-data-rest-core 3 org.apache.jmeter:ApacheJMeter 3 io.hawt:project 3 org.apache.sling:org.apache.sling.xss 3 io.projectreactor.netty:reactor-netty-http 3 org.jenkins-ci.plugins:audit-trail 3 org.springframework.data:spring-data-jpa 3 fr.edf.jenkins.plugins:mac 3 com.xuxueli:xxl-job 3 com.geteasyqa:easyqa 3 org.jenkins-ci.plugins:embeddable-build-status 3 org.jenkins-ci.plugins:openstack-heat 3 org.jenkins-ci.plugins:recipe 3 org.jenkins-ci.plugins:gitlab-plugin 3 org.jenkins-ci.plugins:xpath-config-viewer 3 org.apache.sling:org.apache.sling.api 3 org.jsoup:jsoup 3 org.apache.kylin:kylin-server-base 3 net.lingala.zip4j:zip4j 3 org.apache.zookeeper:zookeeper 3 com.jfinal:jfinal 3 org.jenkins-ci.plugins:git-client 3 org.jenkins-ci.plugins:openid 3 org.jenkins-ci.plugins:matrix-project 3 org.jenkins-ci.plugins:testquality-updater 3 org.drools:drools-core 3 org.rundeck:rundeck 3 org.jenkins-ci.plugins:semantic-versioning-plugin 3 org.jenkins-ci.plugins:jira-steps 3 io.jenkins.plugins:macstadium-orka 3 org.apache.karaf:karaf 3