Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
maven Security Advisories
Loading...
Moderate
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: about 22 hours ago
GSA_kwCzR0hTQS0yaGpyLXZtZjMteHd2cM4AA-IR
Elasticsearch Insertion of Sensitive Information into Log FileEcosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: about 22 hours ago
High
Ecosystems: maven
Packages: org.openidentityplatform.openam:openam-oauth2
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 1 day ago
GSA_kwCzR0hTQS03NzI2LTQzaGctbTIzds4AA-Hy
OpenAM FreeMarker template injectionEcosystems: maven
Packages: org.openidentityplatform.openam:openam-oauth2
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 1 day ago
Critical
Ecosystems: maven
Packages: org.springframework.cloud:spring-cloud-skipper
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: 1 day ago
GSA_kwCzR0hTQS1wNTI4LTNtdmYtZ3I4N84AA-Hu
Remote code execution in Spring Cloud Data FlowEcosystems: maven
Packages: org.springframework.cloud:spring-cloud-skipper
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: 1 day ago
Moderate
Ecosystems: maven
Packages: org.apache.drill.exec:drill-java-exec
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: 3 days ago
GSA_kwCzR0hTQS12NjJnLWp3ajktcmZ2eM4AA-Gd
XML External Entity Reference (XXE) in the XML Format Plugin in Apache DrillEcosystems: maven
Packages: org.apache.drill.exec:drill-java-exec
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: 3 days ago
High
Ecosystems: maven
Packages: org.apache.pinot:pinot-controller
Source: GitHub Advisory Database
Blast Radius: 13.1
Published: 3 days ago
GSA_kwCzR0hTQS04Z2o5LXI0aHYtM2pqd84AA-Gi
Apache Pinot: Unauthorized endpoint exposed sensitive informationEcosystems: maven
Packages: org.apache.pinot:pinot-controller
Source: GitHub Advisory Database
Blast Radius: 13.1
Published: 3 days ago
Moderate
Ecosystems: maven
Packages: dnsjava:dnsjava
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 4 days ago
GSA_kwCzR0hTQS1jcmpnLXc1N20tcnFxZs4AA-FL
DNSJava vulnerable to KeyTrap - Denial-of-Service Algorithmic Complexity AttacksEcosystems: maven
Packages: dnsjava:dnsjava
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 4 days ago
Moderate
Ecosystems: maven
Packages: dnsjava:dnsjava
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 5 days ago
GSA_kwCzR0hTQS1tbXd4LXJqODctdmZncs4AA-E2
DNSJava affected by KeyTrap - NSEC3 closest encloser proof can exhaust CPU resourcesEcosystems: maven
Packages: dnsjava:dnsjava
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 5 days ago
High
Ecosystems: maven
Packages: dnsjava:dnsjava
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: 5 days ago
GSA_kwCzR0hTQS1jZnh3LTRoNzgtaDdmd84AA-E1
DNSJava DNSSEC BypassEcosystems: maven
Packages: dnsjava:dnsjava
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: 5 days ago
Moderate
Ecosystems: maven
Packages: org.apache.syncope.client.idrepo:syncope-client-idrepo-console, org.apache.syncope.client.idrepo:syncope-client-idrepo-common-ui
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: 5 days ago
GSA_kwCzR0hTQS04cHh2LXg2anEtNXZ3Oc4AA-Ev
Apache Syncope Improper Input Validation vulnerabilityEcosystems: maven
Packages: org.apache.syncope.client.idrepo:syncope-client-idrepo-console, org.apache.syncope.client.idrepo:syncope-client-idrepo-common-ui
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: 5 days ago
Moderate
Ecosystems: maven
Packages: org.apache.rocketmq:rocketmq-all
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: 5 days ago
GSA_kwCzR0hTQS1xOXcyLWg0Y3ctOGdocM4AA-EP
Apache RocketMQ Vulnerable to Unauthorized Exposure of Sensitive DataEcosystems: maven
Packages: org.apache.rocketmq:rocketmq-all
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: 5 days ago
High
Ecosystems: maven
Packages: ai.h2o:h2o-core
Source: GitHub Advisory Database
Blast Radius: 12.0
Published: 6 days ago
GSA_kwCzR0hTQS13MzZ3LTk0OGoteGhmd84AA-DC
H2O vulnerable to Deserialization of Untrusted DataEcosystems: maven
Packages: ai.h2o:h2o-core
Source: GitHub Advisory Database
Blast Radius: 12.0
Published: 6 days ago
Moderate
Ecosystems: maven
Packages: org.apache.cxf:cxf-rt-rs-security-jose
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: 8 days ago
GSA_kwCzR0hTQS02cGZmLWZtaDItNG1tZs4AA-AS
Apache CXF Denial of Service vulnerability in JOSEEcosystems: maven
Packages: org.apache.cxf:cxf-rt-rs-security-jose
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: 8 days ago
High
Ecosystems: maven
Packages: org.apache.cxf:cxf-rt-rs-service-description
Source: GitHub Advisory Database
Blast Radius: 24.3
Published: 8 days ago
GSA_kwCzR0hTQS01bTNqLXB4aDctNDU1cM4AA-Ab
Apache CXF: SSRF vulnerability via WADL stylesheet parameterEcosystems: maven
Packages: org.apache.cxf:cxf-rt-rs-service-description
Source: GitHub Advisory Database
Blast Radius: 24.3
Published: 8 days ago
Low
Ecosystems: maven
Packages: org.apache.cxf:cxf-rt-transports-http
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: 8 days ago
GSA_kwCzR0hTQS00bWdnLWZxZnEtNjRoZ84AA-AU
Apache CXF allows unrestricted memory consumption in CXF HTTP clientsEcosystems: maven
Packages: org.apache.cxf:cxf-rt-transports-http
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: 8 days ago
High
Ecosystems: maven
Packages: io.netty.incubator:netty-incubator-codec-bhttp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 days ago
GSA_kwCzR0hTQS1xOGYyLWh4cTUtY3A0aM4AA-AD
Absent Input Validation in BinaryHttpParserEcosystems: maven
Packages: io.netty.incubator:netty-incubator-codec-bhttp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 days ago
Moderate
Ecosystems: maven
Packages: org.opensearch.plugin:opensearch-reports-scheduler
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
GSA_kwCzR0hTQS14bXZnLTMzNWcteDQ0cc4AA9_m
The OpenSearch reporting plugin improperly controls tenancy access to reporting resourcesEcosystems: maven
Packages: org.opensearch.plugin:opensearch-reports-scheduler
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
High
Ecosystems: maven
Packages: org.eclipse.parsson:parsson
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: 10 days ago
GSA_kwCzR0hTQS0ycndtLXh2NWotNzc3cM4AA9-i
Eclipse Parsson stack overflow when parsing deeply nested inputEcosystems: maven
Packages: org.eclipse.parsson:parsson
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: 10 days ago
High
Ecosystems: maven
Packages: org.apache.streampipes:streampipes-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 days ago
GSA_kwCzR0hTQS02NTIzLWpmNHItYzk2Ms4AA9-c
Apache StreamPipes has potential remote code execution (RCE) via file uploadEcosystems: maven
Packages: org.apache.streampipes:streampipes-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 days ago
Moderate
Ecosystems: maven
Packages: org.apache.streampipes:streampipes-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 days ago
GSA_kwCzR0hTQS0ycXBoLXY5cDItcTJnds4AA9-J
Apache StreamPipes potentially allows creation of multiple identical accountsEcosystems: maven
Packages: org.apache.streampipes:streampipes-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 days ago
Moderate
Ecosystems: maven
Packages: org.apache.streampipes:streampipes-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 days ago
GSA_kwCzR0hTQS05Z3I3LWdoNzQtcWc5eM4AA9-K
Apache StreamPipes has possibility of SSRF in pipeline element installation processEcosystems: maven
Packages: org.apache.streampipes:streampipes-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 days ago
High
Ecosystems: maven
Packages: org.apache.linkis:linkis-datasource
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 days ago
GSA_kwCzR0hTQS03cXBjLTR4eDkteDVxd84AA94-
Apache Linkis DataSource's JDBC Datasource Module with DB2 has JNDI Injection vulnerabilityEcosystems: maven
Packages: org.apache.linkis:linkis-datasource
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 days ago
High
Ecosystems: maven
Packages: org.apache.linkis:linkis-datasource
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 days ago
GSA_kwCzR0hTQS1qanZjLXY4Z3ctNTI1Nc4AA949
Apache Linkis DataSource remote code execution vulnerabilityEcosystems: maven
Packages: org.apache.linkis:linkis-datasource
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 days ago
Moderate
Ecosystems: maven
Packages: org.apache.linkis:linkis-datasource
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 days ago
GSA_kwCzR0hTQS1mMjJqLTlqNTktMzNqNM4AA948
Apache Linkis DataSource allows arbitrary file readingEcosystems: maven
Packages: org.apache.linkis:linkis-datasource
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 days ago
High
Ecosystems: maven
Packages: org.apache.wicket:wicket-util
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 15 days ago
GSA_kwCzR0hTQS1oaHdjLWdoOGgtOXJycM4AA90p
Apache Wicket: Remote code execution via XSLT injectionEcosystems: maven
Packages: org.apache.wicket:wicket-util
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 15 days ago
Moderate
Ecosystems: maven
Packages: org.opensearch.plugin:opensearch-observability
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 17 days ago
GSA_kwCzR0hTQS03N3ZjLXJqMzItMnIzM84AA9w7
OpenSearch Observability does not properly restrict access to private tenant resourcesEcosystems: maven
Packages: org.opensearch.plugin:opensearch-observability
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 17 days ago
Moderate
Ecosystems: maven
Packages: org.silverpeas.core:silverpeas-core-seb, org.silverpeas.core:silverpeas-core-rs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 17 days ago
GSA_kwCzR0hTQS12ZndoLWd2ZjYtbWZmOM4AA9vd
Silverpeas Core Cross-site Scripting vulnerabilityEcosystems: maven
Packages: org.silverpeas.core:silverpeas-core-seb, org.silverpeas.core:silverpeas-core-rs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 17 days ago
High
Ecosystems: maven
Packages: org.springframework.cloud:spring-cloud-function-context
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: 18 days ago
GSA_kwCzR0hTQS1qNHI3LXA5ZnAtdzNmM84AA9rZ
Spring Cloud Function Framework vulnerable to Denial of ServiceEcosystems: maven
Packages: org.springframework.cloud:spring-cloud-function-context
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: 18 days ago
Moderate
Ecosystems: maven
Packages: io.undertow:undertow-core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 18 days ago
GSA_kwCzR0hTQS1jaDdxLWdwZmYtaDlocM4AA9on
Undertow Missing Release of Memory after Effective Lifetime vulnerabilityEcosystems: maven
Packages: io.undertow:undertow-core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 18 days ago
High
Ecosystems: maven
Packages: io.undertow:undertow-core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: 18 days ago
GSA_kwCzR0hTQS14cHA2LThyM2otd3c0M84AA9oi
Undertow Denial of Service vulnerabilityEcosystems: maven
Packages: io.undertow:undertow-core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: 18 days ago
Moderate
Ecosystems: maven
Packages: org.apache.nifi:nifi-web-ui
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: 19 days ago
GSA_kwCzR0hTQS1oNjU4LXFxdjktcXd2OM4AA9nw
Apache NiFi vulnerable to Cross-site ScriptingEcosystems: maven
Packages: org.apache.nifi:nifi-web-ui
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: 19 days ago
High
Ecosystems: maven
Packages: org.apache.tomcat:tomcat-coyote, org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: 23 days ago
GSA_kwCzR0hTQS13bTl3LXJqajMtajM1Ns4AA9gV
Apache Tomcat - Denial of ServiceEcosystems: maven
Packages: org.apache.tomcat:tomcat-coyote, org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: 23 days ago
Critical
Ecosystems: maven
Packages: org.geoserver:gs-wms, org.geoserver:gs-wfs, org.geoserver.web:gs-web-app
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 25 days ago
GSA_kwCzR0hTQS02amo2LWdtN3AtZmN2ds4AA9cr
Remote Code Execution (RCE) vulnerability in geoserverEcosystems: maven
Packages: org.geoserver:gs-wms, org.geoserver:gs-wfs, org.geoserver.web:gs-web-app
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 25 days ago
High
Ecosystems: maven
Packages: org.geoserver:gs-gwc, org.geoserver.web:gs-web-app
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 25 days ago
GSA_kwCzR0hTQS1qaHF4LTV2NWctbXBmM84AA9cq
Classpath resource disclosure in GWC Web Resource API on Windows / TomcatEcosystems: maven
Packages: org.geoserver:gs-gwc, org.geoserver.web:gs-web-app
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 25 days ago
Moderate
Ecosystems: maven
Packages: org.geoserver:gs-main, org.geoserver.web:gs-web-app
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 25 days ago
GSA_kwCzR0hTQS1qNTl2LXZnY3ItaHh2Zs4AA9cp
GeoServer's Server Status shows sensitive environmental variables and Java propertiesEcosystems: maven
Packages: org.geoserver:gs-main, org.geoserver.web:gs-web-app
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 25 days ago
Low
Ecosystems: maven
Packages: org.jenkins-ci.plugins:structs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
GSA_kwCzR0hTQS14ZngzLWNyNzQteDNjds4AA9Xv
Exposure of secrets through system log in Jenkins Structs PluginEcosystems: maven
Packages: org.jenkins-ci.plugins:structs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
Ecosystems: maven
Packages: org.jenkins-ci.plugins:plain-credentials
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
GSA_kwCzR0hTQS0zY3BxLXJ3MzYtY3Bwds4AA9Xt
Secret file credentials stored unencrypted in rare cases by Plain Credentials PluginEcosystems: maven
Packages: org.jenkins-ci.plugins:plain-credentials
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
Ecosystems: maven
Packages: org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
GSA_kwCzR0hTQS14OG1mLWpjbWYtcjc5Zs4AA9Xs
Bitbucket OAuth access token exposed in the build log by Bitbucket Branch Source PluginEcosystems: maven
Packages: org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Low
Ecosystems: maven
Packages: org.dspace:dspace-server-webapp
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: about 1 month ago
GSA_kwCzR0hTQS05NGNjLXhqeHItcHd2Zs4AA9WR
DSpace Cross Site Scripting (XSS) via a deposited HTML/XML documentEcosystems: maven
Packages: org.dspace:dspace-server-webapp
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: about 1 month ago
High
Ecosystems: maven
Packages: org.cyclonedx:cyclonedx-core-java
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: about 1 month ago
GSA_kwCzR0hTQS02ODN4LTQ0NDQtanhoOM4AA9UM
Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-javaEcosystems: maven
Packages: org.cyclonedx:cyclonedx-core-java
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: about 1 month ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-rendering-macro-include
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
GSA_kwCzR0hTQS1xY2ozLXdwZ20tcXB4aM4AA9UF
XWiki programming rights may be inherited by inclusionEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-rendering-macro-include
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Critical
Ecosystems: maven
Packages: org.apache.streampipes:streampipes-resource-management
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: about 1 month ago
GSA_kwCzR0hTQS1jZjNxLXZnOHctbXc4NM4AA9Tl
Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token GenerationEcosystems: maven
Packages: org.apache.streampipes:streampipes-resource-management
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: about 1 month ago
Moderate
Ecosystems: maven
Packages: org.apache.jspwiki:jspwiki-main
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: about 1 month ago
GSA_kwCzR0hTQS0zNmdmLXZwajItajQyd84AA9Tg
Cross site scripting in Apache JSPWikiEcosystems: maven
Packages: org.apache.jspwiki:jspwiki-main
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: about 1 month ago
Low
Ecosystems: maven
Packages: org.keycloak:keycloak-ldap-federation
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: about 1 month ago
GSA_kwCzR0hTQS1jMjVoLWMyN3EtNXFwds4AA9SS
Keycloak leaks configured LDAP bind credentials through the Keycloak admin consoleEcosystems: maven
Packages: org.keycloak:keycloak-ldap-federation
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: about 1 month ago
Moderate
Ecosystems: maven
Packages: io.github.classgraph:classgraph
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: about 1 month ago
GSA_kwCzR0hTQS12MnhtLTc2cHEtcGhjZs4AA9Qy
ClassGraph XML External Entity ReferenceEcosystems: maven
Packages: io.github.classgraph:classgraph
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: about 1 month ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
GSA_kwCzR0hTQS1qNTg0LWoydmotM2Y5M84AA9Pv
XWiki Platform allows remote code execution from user accountEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
Ecosystems: maven
Packages: io.undertow:undertow-core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: about 1 month ago
GSA_kwCzR0hTQS05NDQyLWdtNHYtcjIyMs4AA9Ps
Undertow's url-encoded request path information can be broken on ajp-listenerEcosystems: maven
Packages: io.undertow:undertow-core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: about 1 month ago
High
Ecosystems: maven
Packages: io.strimzi:strimzi
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
GSA_kwCzR0hTQS1xMnh4LWY4cjMtOW1nNc4AA9It
STRIMZI incorrect access controlEcosystems: maven
Packages: io.strimzi:strimzi
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Critical
Ecosystems: maven
Packages: ai.djl:api
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: about 1 month ago
GSA_kwCzR0hTQS13ODc3LWpmdzctNDZyas4AA9Ik
DeepJavaLibrary API absolute path traversalEcosystems: maven
Packages: ai.djl:api
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: about 1 month ago
Moderate
Ecosystems: maven
Packages: org.sonarsource.sonarqube:sonar-web
Source: GitHub Advisory Database
Blast Radius: 1.5
Published: about 1 month ago
GSA_kwCzR0hTQS1odzJjLTh4Z3ctbWY1N84AA9He
SonarQube logs sensitive informationEcosystems: maven
Packages: org.sonarsource.sonarqube:sonar-web
Source: GitHub Advisory Database
Blast Radius: 1.5
Published: about 1 month ago
Moderate
Ecosystems: maven
Packages: io.crate:crate
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
GSA_kwCzR0hTQS14MjY4LXFwZzYtdzlnMs4AA9DM
CrateDB has a Client initialized Session-Renegotiation DoSEcosystems: maven
Packages: io.crate:crate
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: about 1 month ago
GSA_kwCzR0hTQS00cTIyLTQyMmctbTRwas4AA9C9
Elasticsearch StackOverflow vulnerabilityEcosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: about 1 month ago
Low
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: about 1 month ago
GSA_kwCzR0hTQS1jcTQyLXZodjcteHI3cM4AA8_H
Keycloak Denial of Service via account lockoutEcosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: about 1 month ago
Low
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: about 1 month ago
GSA_kwCzR0hTQS00dmM4LXBnNWMtdmc0eM4AA8_G
Keycloak's improper input validation allows using email as usernameEcosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: about 1 month ago
High
Ecosystems: maven
Packages: org.apache.submarine:submarine-server-core
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: about 1 month ago
GSA_kwCzR0hTQS12NzRjLXFjNDYtOWdnOc4AA8-d
Apache Submarine Server Core has a SQL Injection VulnerabilityEcosystems: maven
Packages: org.apache.submarine:submarine-server-core
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: about 1 month ago
Critical
Ecosystems: maven
Packages: org.apache.submarine:submarine-server-core
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: about 1 month ago
GSA_kwCzR0hTQS02cTk3LTh2M2ctcnB4d84AA8-X
Apache Submarine Server Core Incorrect Authorization vulnerabilityEcosystems: maven
Packages: org.apache.submarine:submarine-server-core
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: about 1 month ago
Moderate
Ecosystems: maven
Packages: org.apache.submarine:submarine-commons-utils
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: about 1 month ago
GSA_kwCzR0hTQS1qd2NnLXd2NXgtdmczZ84AA8-T
Apache Submarine Commons Utils has a hard-coded secretEcosystems: maven
Packages: org.apache.submarine:submarine-commons-utils
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: about 1 month ago
Moderate
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: about 1 month ago
GSA_kwCzR0hTQS00YzdxLW03aGMtcGM5Ms4AA8-U
Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictionsEcosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: about 1 month ago
High
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 22.3
Published: about 2 months ago
GSA_kwCzR0hTQS0yY3d3LWZnbWctNGpxY84AA88y
Keycloak's admin API allows low privilege users to use administrative functionsEcosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 22.3
Published: about 2 months ago
Moderate
Ecosystems: nuget, maven, npm, go, pypi
Packages: Microsoft.Identity.Client, com.microsoft.azure:msal4j, @azure/msal-node, Azure.Identity, github.com/Azure/azure-sdk-for-go/sdk/azidentity, com.azure:azure-identity, @azure/identity, azure-identity
Source: GitHub Advisory Database
Blast Radius: 78.6
Published: about 2 months ago
GSA_kwCzR0hTQS1tNXZ2LTZyNGgtM3ZqOc4AA88w
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege VulnerabilityEcosystems: nuget, maven, npm, go, pypi
Packages: Microsoft.Identity.Client, com.microsoft.azure:msal4j, @azure/msal-node, Azure.Identity, github.com/Azure/azure-sdk-for-go/sdk/azidentity, com.azure:azure-identity, @azure/identity, azure-identity
Source: GitHub Advisory Database
Blast Radius: 78.6
Published: about 2 months ago
High
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 20.6
Published: about 2 months ago
GSA_kwCzR0hTQS02OWZwLTdjOHAtY3Jqcs4AA84T
Keycloak exposes sensitive information in Pushed Authorization Requests (PAR)Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 20.6
Published: about 2 months ago
Moderate
Ecosystems: maven
Packages: org.ninjaframework:ninja-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
GSA_kwCzR0hTQS05MndwLWpnaHItaGg4N84AA8yL
Weak encryption in Ninja CoreEcosystems: maven
Packages: org.ninjaframework:ninja-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
Ecosystems: maven
Packages: io.netty.incubator:netty-incubator-codec-ohttp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
GSA_kwCzR0hTQS1nNzYyLWg4NnctODc0Oc4AA8uP
BoringSSLAEADContext in Netty Repeats NoncesEcosystems: maven
Packages: io.netty.incubator:netty-incubator-codec-ohttp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
Ecosystems: maven
Packages: org.iq80.snappy:snappy
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: about 2 months ago
GSA_kwCzR0hTQS04d2gyLTZxaGotaDdqOc4AA8st
iq80 Snappy out-of-bounds read when uncompressing data, leading to JVM crashEcosystems: maven
Packages: org.iq80.snappy:snappy
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: about 2 months ago
Critical
Ecosystems: maven
Packages: org.silverpeas.core:silverpeas-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
GSA_kwCzR0hTQS00dzU0LXd3YzkteDYyY84AA8m1
Silverpeas authentication bypassEcosystems: maven
Packages: org.silverpeas.core:silverpeas-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
High
Ecosystems: maven
Packages: io.airlift:aircompressor
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: about 2 months ago
GSA_kwCzR0hTQS05NzN4LTY1ajcteGNmNM4AA8mR
Decompressors can crash the JVM and leak memory content in AircompressorEcosystems: maven
Packages: io.airlift:aircompressor
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: about 2 months ago
Moderate
Ecosystems: maven
Packages: org.opencms:opencms-core
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: about 2 months ago
GSA_kwCzR0hTQS12ZzZ4LXBjaHEtOThtZ84AA8kL
OpenCMS Cross-Site Scripting vulnerabilityEcosystems: maven
Packages: org.opencms:opencms-core
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: about 2 months ago
High
Ecosystems: maven
Packages: org.openapitools:openapi-generator-online
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
GSA_kwCzR0hTQS1nM2hyLXA4NnAtNTkzaM4AA8i5
OpenAPI Generator Online - Arbitrary File Read/DeleteEcosystems: maven
Packages: org.openapitools:openapi-generator-online
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
High
Ecosystems: maven
Packages: org.soot-oss:soot
Source: GitHub Advisory Database
Blast Radius: 13.1
Published: 2 months ago
GSA_kwCzR0hTQS1oZmc3LWo4MmMtZnIzd84AA8iY
Soot Infinite Loop vulnerabilityEcosystems: maven
Packages: org.soot-oss:soot
Source: GitHub Advisory Database
Blast Radius: 13.1
Published: 2 months ago
Moderate
Ecosystems: maven
Packages: tech.kwik:kwik
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
GSA_kwCzR0hTQS13OGNwLWZyeGMtNTVwas4AA8iX
Kwik does not discard unused encryption keysEcosystems: maven
Packages: tech.kwik:kwik
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
Ecosystems: maven
Packages: org.jenkins-ci.plugins:report-info
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
GSA_kwCzR0hTQS1jdzVyLWp4OHItOWY3eM4AA8iW
Jenkins Report Info Plugin Path Traversal vulnerabilityEcosystems: maven
Packages: org.jenkins-ci.plugins:report-info
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
Ecosystems: maven
Packages: org.eclipse.ditto:ditto
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
GSA_kwCzR0hTQS1oamZjLTZqeHItajJyeM4AA8hY
Eclipse Ditto vulnerable to Cross-site ScriptingEcosystems: maven
Packages: org.eclipse.ditto:ditto
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
Ecosystems: maven
Packages: org.silverpeas:silverpeas-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
GSA_kwCzR0hTQS05cnJ3LTgycjItNjIzcM4AA8f1
Silverpeas Core vulnerable to Cross Site ScriptingEcosystems: maven
Packages: org.silverpeas:silverpeas-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
High
Ecosystems: maven
Packages: org.verapdf:library-jakarta, org.verapdf:library, org.verapdf:library-arlington, org.verapdf:core-arlington, org.verapdf:core-jakarta, org.verapdf:core
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: 2 months ago
GSA_kwCzR0hTQS1xeHFmLTJtZngteDhqd84AA8Vj
veraPDF has potential XSLT injection vulnerability when using policy filesEcosystems: maven
Packages: org.verapdf:library-jakarta, org.verapdf:library, org.verapdf:library-arlington, org.verapdf:core-arlington, org.verapdf:core-jakarta, org.verapdf:core
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: 2 months ago
Moderate
Ecosystems: maven
Packages: org.bonitasoft.engine:bonita-server
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 2 months ago
GSA_kwCzR0hTQS03NnYyLTQ4dzYtY3J4cs4AA8GY
Bonitasoft Runtime Community edition's contains an insecure direct object references vulnerabilityEcosystems: maven
Packages: org.bonitasoft.engine:bonita-server
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 2 months ago
Critical
Ecosystems: maven
Packages: com.amazon.redshift:redshift-jdbc42
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: 2 months ago
GSA_kwCzR0hTQS14M3dtLWhmZnItY2h3bc4AA8GB
Amazon JDBC Driver for Redshift SQL Injection via line comment generationEcosystems: maven
Packages: com.amazon.redshift:redshift-jdbc42
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: 2 months ago
Moderate
Ecosystems: maven
Packages: io.antmedia:ant-media-server
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 2 months ago
GSA_kwCzR0hTQS1nOTV2LTNwajYtajQzM84AA7-q
Ant Media Server does not properly authorize non-administrative API callsEcosystems: maven
Packages: io.antmedia:ant-media-server
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 2 months ago
Critical
Ecosystems: maven
Packages: org.apache.karaf:cave
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
GSA_kwCzR0hTQS0zMzh4LWhmeDgtdng5eM4AA78P
Apache Karaf Cave: Cave SSRF and arbitrary file accessEcosystems: maven
Packages: org.apache.karaf:cave
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
Ecosystems: nuget, maven
Packages: BouncyCastle.Cryptography, BouncyCastle, org.bouncycastle:bc-fips, org.bouncycastle:bcpkix-jdk14, org.bouncycastle:bcpkix-jdk15to18, org.bouncycastle:bcpkix-jdk18on, org.bouncycastle:bctls-jdk15to18, org.bouncycastle:bctls-jdk14, org.bouncycastle:bctls-jdk18on, org.bouncycastle:bcprov-jdk14, org.bouncycastle:bcprov-jdk15to18, org.bouncycastle:bcprov-jdk15on, org.bouncycastle:bcprov-jdk18on
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: 2 months ago
GSA_kwCzR0hTQS04eGZjLWdtNmctdmdwds4AA75b
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.Ecosystems: nuget, maven
Packages: BouncyCastle.Cryptography, BouncyCastle, org.bouncycastle:bc-fips, org.bouncycastle:bcpkix-jdk14, org.bouncycastle:bcpkix-jdk15to18, org.bouncycastle:bcpkix-jdk18on, org.bouncycastle:bctls-jdk15to18, org.bouncycastle:bctls-jdk14, org.bouncycastle:bctls-jdk18on, org.bouncycastle:bcprov-jdk14, org.bouncycastle:bcprov-jdk15to18, org.bouncycastle:bcprov-jdk15on, org.bouncycastle:bcprov-jdk18on
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: 2 months ago
Moderate
Ecosystems: maven, nuget
Packages: org.bouncycastle:bcpkix-jdk14, org.bouncycastle:bcpkix-jdk15to18, org.bouncycastle:bcpkix-jdk18on, BouncyCastle.Cryptography, BouncyCastle, org.bouncycastle:bctls-jdk15to18, org.bouncycastle:bctls-jdk14, org.bouncycastle:bctls-jdk18on, org.bouncycastle:bcprov-jdk14, org.bouncycastle:bcprov-jdk15to18, org.bouncycastle:bcprov-jdk15on, org.bouncycastle:bcprov-jdk18on, org.bouncycastle:bctls-fips
Source: GitHub Advisory Database
Blast Radius: 26.2
Published: 2 months ago
GSA_kwCzR0hTQS12NDM1LXhjOHgtd3ZyOc4AA76H
Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")Ecosystems: maven, nuget
Packages: org.bouncycastle:bcpkix-jdk14, org.bouncycastle:bcpkix-jdk15to18, org.bouncycastle:bcpkix-jdk18on, BouncyCastle.Cryptography, BouncyCastle, org.bouncycastle:bctls-jdk15to18, org.bouncycastle:bctls-jdk14, org.bouncycastle:bctls-jdk18on, org.bouncycastle:bcprov-jdk14, org.bouncycastle:bcprov-jdk15to18, org.bouncycastle:bcprov-jdk15on, org.bouncycastle:bcprov-jdk18on, org.bouncycastle:bctls-fips
Source: GitHub Advisory Database
Blast Radius: 26.2
Published: 2 months ago
Moderate
Ecosystems: nuget, maven
Packages: BouncyCastle.Cryptography, BouncyCastle, org.bouncycastle:bcpkix-jdk14, org.bouncycastle:bcpkix-jdk15to18, org.bouncycastle:bcpkix-jdk18on, org.bouncycastle:bctls-jdk15to18, org.bouncycastle:bctls-jdk14, org.bouncycastle:bctls-jdk18on, org.bouncycastle:bcprov-jdk14, org.bouncycastle:bcprov-jdk15to18, org.bouncycastle:bcprov-jdk15on, org.bouncycastle:bcprov-jdk18on
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: 2 months ago
GSA_kwCzR0hTQS1tNDRqLWNmcm0tZzhxY84AA76G
Bouncy Castle crafted signature and public key can be used to trigger an infinite loopEcosystems: nuget, maven
Packages: BouncyCastle.Cryptography, BouncyCastle, org.bouncycastle:bcpkix-jdk14, org.bouncycastle:bcpkix-jdk15to18, org.bouncycastle:bcpkix-jdk18on, org.bouncycastle:bctls-jdk15to18, org.bouncycastle:bctls-jdk14, org.bouncycastle:bctls-jdk18on, org.bouncycastle:bcprov-jdk14, org.bouncycastle:bcprov-jdk15to18, org.bouncycastle:bcprov-jdk15on, org.bouncycastle:bcprov-jdk18on
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: 2 months ago
Critical
Ecosystems: maven
Packages: com.netflix.genie:genie-web
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
GSA_kwCzR0hTQS13cGN2LTVqZ3AtNjlmM84AA74R
Genie Path Traversal vulnerability via File UploadsEcosystems: maven
Packages: com.netflix.genie:genie-web
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
Ecosystems: maven
Packages: org.apache.inlong:manager-pojo
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
GSA_kwCzR0hTQS1mZ2gzLXB3bXAtM3F3M84AA73r
Apache Inlong Deserialization of Untrusted Data vulnerabilityEcosystems: maven
Packages: org.apache.inlong:manager-pojo
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
Ecosystems: maven
Packages: org.neo4j:neo4j-cypher
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: 3 months ago
GSA_kwCzR0hTQS1wMzQzLTlxd3AtcHF4ds4AA71B
Neo4j Cypher component mishandles IMMUTABLE privilegesEcosystems: maven
Packages: org.neo4j:neo4j-cypher
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: 3 months ago
Moderate
Ecosystems: maven
Packages: net.mingsoft:ms-basic
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: 3 months ago
GSA_kwCzR0hTQS02NGNtLTNjajMtNjdoZs4AA70r
MS Basic Cross-site Scripting vulnerabilityEcosystems: maven
Packages: net.mingsoft:ms-basic
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: 3 months ago
Moderate
Ecosystems: maven
Packages: org.eclipse.edc:connector-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
GSA_kwCzR0hTQS0yeDUyLThmMjktN2Nqcs4AA70W
Eclipse Dataspace Components vulnerable to OAuth2 client secret disclosureEcosystems: maven
Packages: org.eclipse.edc:connector-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Low
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk12, org.bouncycastle:bcprov-jdk13, org.bouncycastle:bcprov-jdk14, org.bouncycastle:bcprov-jdk15to18, org.bouncycastle:bcprov-jdk18on
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
GSA_kwCzR0hTQS00aDhmLTJ3dngtZ2c1d84AA7vg
Bouncy Castle Java Cryptography API vulnerable to DNS poisoningEcosystems: maven
Packages: org.bouncycastle:bcprov-jdk12, org.bouncycastle:bcprov-jdk13, org.bouncycastle:bcprov-jdk14, org.bouncycastle:bcprov-jdk15to18, org.bouncycastle:bcprov-jdk18on
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
Ecosystems: maven
Packages: org.apache.hive:hive-jdbc
Source: GitHub Advisory Database
Blast Radius: 22.3
Published: 3 months ago
GSA_kwCzR0hTQS12cHczLTNwcmYtMzk3NM4AA7uX
Apache Hive Code Injection vulnerabilityEcosystems: maven
Packages: org.apache.hive:hive-jdbc
Source: GitHub Advisory Database
Blast Radius: 22.3
Published: 3 months ago
Moderate
Ecosystems: maven
Packages: org.wildfly:wildfly-domain-http
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
GSA_kwCzR0hTQS14N2c2LXJ3aGMtZzdtas4AA7fv
Wildfly vulnerable to denial of serviceEcosystems: maven
Packages: org.wildfly:wildfly-domain-http
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Low
Ecosystems: maven
Packages: org.jenkins-ci.plugins:telegrambot
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
GSA_kwCzR0hTQS05NHByLXc5NjgtaDkyM84AA7fp
Jenkins Telegram Bot Plugin stores the Telegram Bot token in plaintextEcosystems: maven
Packages: org.jenkins-ci.plugins:telegrambot
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
Ecosystems: maven
Packages: org.jenkins-ci.plugins:git-server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
GSA_kwCzR0hTQS14aDljLXZjZjktaDk0bc4AA7fo
Jenkins Git server Plugin does not perform a permission checkEcosystems: maven
Packages: org.jenkins-ci.plugins:git-server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
Ecosystems: maven
Packages: org.jenkins-ci.plugins:script-security
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
GSA_kwCzR0hTQS12NjNnLXYzMzktMjY3M84AA7fm
Jenkins Script Security Plugin has sandbox bypass vulnerability involving crafted constructor bodiesEcosystems: maven
Packages: org.jenkins-ci.plugins:script-security
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
Ecosystems: maven
Packages: org.jenkins-ci.plugins:partial-release-manager
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
GSA_kwCzR0hTQS1waGgzLTJwOW0tdzZqNc4AA7fq
Jenkins Subversion Partial Release Manager Plugin programmatically disables the fix for CVE-2016-3721Ecosystems: maven
Packages: org.jenkins-ci.plugins:partial-release-manager
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
Ecosystems: maven
Packages: org.jenkins-ci.plugins:script-security
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
GSA_kwCzR0hTQS0yZzRxLTl2bTktOWZ3NM4AA7fn
Jenkins Script Security Plugin sandbox bypass vulnerabilityEcosystems: maven
Packages: org.jenkins-ci.plugins:script-security
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
Ecosystems: maven
Packages: org.apache.activemq:apache-activemq
Source: GitHub Advisory Database
Blast Radius: 12.0
Published: 3 months ago
GSA_kwCzR0hTQS1najVtLW04OGotdjdjM84AA7fS
Apache ActiveMQ's default configuration doesn't secure the API web contextEcosystems: maven
Packages: org.apache.activemq:apache-activemq
Source: GitHub Advisory Database
Blast Radius: 12.0
Published: 3 months ago
Low
Ecosystems: maven
Packages: org.xmlunit:xmlunit-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
GSA_kwCzR0hTQS1jaGZtLTY4dnYtcHZ3Nc4AA7eI
XMLUnit for Java has Insecure Defaults when Processing XSLT StylesheetsEcosystems: maven
Packages: org.xmlunit:xmlunit-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
Ecosystems: maven
Packages: org.jberet:jberet-core
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: 3 months ago
GSA_kwCzR0hTQS05d21mLXhmM2gtcjhwcs4AA7T1
Jberet: jberet-core logging database credentialsEcosystems: maven
Packages: org.jberet:jberet-core
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: 3 months ago
Moderate
Ecosystems: maven
Packages: io.quarkus:quarkus-resteasy-reactive-common, io.quarkus:quarkus-resteasy-reactive-common-deployment
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: 3 months ago
GSA_kwCzR0hTQS0yNXc0LWhmcWctNHI1Ms4AA7T0
Quarkus: authorization flaw in quarkus resteasy reactive and classicEcosystems: maven
Packages: io.quarkus:quarkus-resteasy-reactive-common, io.quarkus:quarkus-resteasy-reactive-common-deployment
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: 3 months ago
Moderate
Ecosystems: maven
Packages: io.quarkus.resteasy.reactive:resteasy-reactive
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: 3 months ago
GSA_kwCzR0hTQS1tdjY0LTg2ZzgtY3FxN84AA7Tz
Quarkus: security checks in resteasy reactive may trigger a denial of serviceEcosystems: maven
Packages: io.quarkus.resteasy.reactive:resteasy-reactive
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: 3 months ago
High
Ecosystems: maven
Packages: org.open-metadata:openmetadata-service
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
GSA_kwCzR0hTQS01eHYzLWZtN2ctODY1cs4AA7R-
OpenMetadata vulnerable to a SpEL Injection in `GET /api/v1/policies/validation/condition/<expr>` (`GHSL-2023-236`)Ecosystems: maven
Packages: org.open-metadata:openmetadata-service
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
Ecosystems: maven
Packages: org.open-metadata:openmetadata-service
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
GSA_kwCzR0hTQS04cDVyLTZtdnYtMjQzNc4AA7R9
OpenMetadata vulnerable to a SpEL Injection in `PUT /api/v1/events/subscriptions` (`GHSL-2023-251`)Ecosystems: maven
Packages: org.open-metadata:openmetadata-service
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Statistics
Advisories: 19,584
Packages: 8,642
Repositories: 999
Ecosystems: 12
Packages: 8,642
Repositories: 999
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
org.jenkins-ci.main:jenkins-core
189
org.apache.tomcat:tomcat
133
com.fasterxml.jackson.core:jackson-databind
69
org.apache.struts:struts2-core
55
org.keycloak:keycloak-core
47
com.liferay.portal:release.portal.bom
45
org.apache.tomcat.embed:tomcat-embed-core
37
com.thoughtworks.xstream:xstream
36
com.jfinal:jfinal
36
org.xwiki.platform:xwiki-platform-oldcore
35
net.mingsoft:ms-mcms
35
org.elasticsearch:elasticsearch
35
org.jenkins-ci.plugins:script-security
32
org.keycloak:keycloak-services
31
io.undertow:undertow-core
30
org.apache.solr:solr-core
25
org.keycloak:keycloak-parent
25
org.eclipse.jetty:jetty-server
23
org.springframework.security:spring-security-core
23
org.bouncycastle:bcprov-jdk14
22
org.apache.nifi:nifi
22
org.apache.openmeetings:openmeetings-parent
21
org.cloudfoundry.identity:cloudfoundry-identity-server
20
org.springframework:spring-core
19
com.vaadin:vaadin-bom
18
com.liferay.portal:release.dxp.bom
18
org.xwiki.platform:xwiki-platform-web-templates
17
org.apache.geode:geode-core
17
org.apache.activemq:activemq-client
16
org.apache.jspwiki:jspwiki-main
16
org.apache.dubbo:dubbo
16
org.bouncycastle:bcprov-jdk15
16
org.apache.struts.xwork:xwork-core
15
org.xwiki.platform:xwiki-platform-web
14
org.apache.inlong:manager-pojo
14
org.apache.hadoop:hadoop-main
13
org.apache.cxf:cxf
13
org.jenkins-ci.plugins:git
12
com.vaadin:flow-server
12
org.apache.tomcat:tomcat-coyote
12
org.bouncycastle:bcprov-jdk15on
12
org.jenkins-ci.plugins.workflow:workflow-cps
12
org.mortbay.jetty:jetty
11
org.apache.hadoop:hadoop-common
11
org.apache.commons:commons-compress
11
org.apache.camel:camel-core
11
org.apache.jspwiki:jspwiki-war
11
org.apache.james:james-server
11
org.apache.cxf:cxf-core
11
org.apache.tika:tika-core
11
org.jeecgframework.boot:jeecg-boot-common
11
com.xuxueli:xxl-job
11
org.igniterealtime.openfire:parent
11
org.apache.ranger:ranger
11
org.jeecgframework.boot:jeecg-boot-parent
11
org.jenkins-ci.plugins:email-ext
11
org.apache.dolphinscheduler:dolphinscheduler
11
org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
10
org.jboss.netty:netty
10
org.apache.inlong:manager-service
10
io.netty:netty
10
org.xwiki.platform:xwiki-platform-administration-ui
10
org.craftercms:crafter-studio
9
org.bouncycastle:bcprov-jdk15to18
9
com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer
9
org.opennms:opennms
9
io.jenkins:configuration-as-code
9
org.apache.tapestry:tapestry-core
9
org.springframework:spring-webmvc
9
org.apache.archiva:archiva
9
org.springframework:spring-web
9
org.jenkins-ci.plugins:config-file-provider
9
org.apache.shiro:shiro-core
9
org.opencms:opencms-core
9
org.jenkins-ci.plugins:active-directory
9
cn.hutool:hutool-core
9
org.apache.xmlgraphics:batik
9
org.opencrx:opencrx-core-models
9
org.jenkins-ci.plugins:electricflow
9
org.apache.tomcat:tomcat-catalina
9
org.apache.hive:hive
9
com.hazelcast:hazelcast
8
org.graylog2:graylog2-server
8
io.jenkins.blueocean:blueocean
8
org.apache.kylin:kylin
8
org.apache.santuario:xmlsec
8
org.jenkins-ci.plugins:ec2
8
org.apache.hive:hive-exec
8
org.webjars.npm:jquery
8
jquery-rails
8
jquery
8
org.apache.pdfbox:pdfbox
8
org.apache.ozone:ozone-main
8
org.yaml:snakeyaml
8
org.apache.zeppelin:zeppelin
8
mysql:mysql-connector-java
8
org.postgresql:postgresql
8
org.apache.ambari:ambari
8
jquery-ui
7
jquery-ui-rails
7
org.webjars.npm:jquery-ui
7
jQuery.UI.Combined
7
io.jenkins.plugins:miniorange-saml-sp
7
org.owasp.antisamy:antisamy
7
org.jenkins-ci.plugins:jobConfigHistory
7
org.jeecgframework.boot:jeecg-boot-base
7
net.opentsdb:opentsdb
7
org.apache.cxf:apache-cxf
7
org.jenkins-ci.plugins:artifactory
7
org.owasp.esapi:esapi
7
org.apache.logging.log4j:log4j-core
7
org.apache.karaf:apache-karaf
7
org.jboss.resteasy:resteasy-client
7
org.apache.inlong:manager-web
7
io.jenkins.plugins:cavisson-ns-nd-integration
7
org.apache.spark:spark-core_2.11
7
org.jenkins-ci.plugins:rundeck
7
org.jenkins-ci.plugins:mercurial
7
io.dataease:dataease-plugin-common
7
org.jruby:jruby-stdlib
7
org.apache.derby:derby
7
rubygems-update
7
org.apache.tika:tika
7
org.apache.activemq:activemq-parent
7
org.apache.poi:poi
7
org.apache.atlas:atlas-common
7
org.apache.hive:hive-service
7
org.silverpeas.core:silverpeas-core-web
7
org.apache.linkis:linkis
7
io.atomix:atomix
7
org.jenkins-ci.plugins:subversion
7
io.jenkins.plugins:warnings-ng
7
org.jenkins-ci.plugins:openshift-deployer
7
jQuery
7
org.apache.shenyu:shenyu-common
6
org.apache.pulsar:pulsar-broker
6
org.apache.struts:struts2-rest-plugin
6
org.jenkins-ci.plugins:repository-connector
6
org.apache.solr:solr-parent
6
org.apache.spark:spark-core_2.10
6
hudson.plugins:project-inheritance
6
org.jenkins-ci.plugins:azure-vm-agents
6
org.apache.mesos:mesos
6
com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger
6
org.apache.httpcomponents:httpclient
6
io.netty:netty-handler
6
org.jenkins-ci.plugins:fortify-on-demand-uploader
6
io.netty:netty-codec-http
6
org.jenkins-ci.plugins:ec2-deployment-dashboard
6
de.tum.in.ase:artemis-java-test-sandbox
6
org.csanchez.jenkins.plugins:kubernetes
6
org.apache.axis:axis
6
org.opensearch.plugin:opensearch-security
6
org.opencastproject:opencast-kernel
6
com.jflyfox:jflyfox_jfinal
6
org.xwiki.commons:xwiki-commons-xml
6
axis:axis
6
commons-fileupload:commons-fileupload
6
org.jenkins-ci.plugins:pipeline-maven
6
cn.hutool:hutool-json
6
org.apache.storm:storm-core
6
org.apache.syncope:syncope-core
6
org.jenkins-ci.plugins:gitlab-oauth
6
org.bouncycastle:bcprov-jdk18on
6
com.xebialabs.deployit.ci:deployit-plugin
6
tech.powerjob:powerjob
6
org.jenkins-ci.plugins:ghprb
5
org.bouncycastle:bcprov-ext-jdk15on
5
org.apache.cassandra:cassandra-all
5
org.jenkins-ci.plugins:junit
5
info.magnolia:magnolia-core
5
org.springframework.amqp:spring-amqp
5
org.apache.druid:druid
5
org.springframework.security.oauth:spring-security-oauth2
5
org.jenkins-ci.plugins:openid
5
org.apache.zeppelin:zeppelin-server
5
com.synopsys.jenkinsci:ownership
5
org.jenkins-ci.plugins:fortify
5
com.google.protobuf:protobuf-java
5
com.ruoyi:ruoyi
5
org.apache.hadoop:hadoop-client
5
org.jboss.resteasy:resteasy-bom
5
org.jenkins-ci.plugins:extended-choice-parameter
5
org.dspace:dspace-jspui
5
org.jeecgframework.boot:jeecg-boot-base-core
5
org.neo4j.procedure:apoc
5
org.jenkins-ci.plugins:aws-codecommit-trigger
5
io.jenkins.plugins:neuvector-vulnerability-scanner
5
org.xwiki.platform:xwiki-platform-appwithinminutes-ui
5
org.apache.inlong:manager-dao
5
org.opennms:opennms-webapp
5
org.jenkins-ci.plugins:google-login
5
org.apache.zookeeper:zookeeper
5
org.jenkinsci.plugins:octoperf
5
edu.stanford.nlp:stanford-corenlp
5
org.wildfly:wildfly-parent
5
org.apache.struts:struts-core
5
org.xwiki.platform:xwiki-platform-flamingo-skin-resources
5
org.jenkins-ci.plugins:google-compute-engine
5
org.jenkins-ci.plugins:azure-ad
5
Filter by Repository
https://github.com/xwiki/xwiki-platform
174
https://github.com/jenkinsci/jenkins
148
https://github.com/apache/tomcat
97
https://github.com/FasterXML/jackson-databind
70
https://github.com/keycloak/keycloak
64
https://github.com/apache/struts
46
https://github.com/spring-projects/spring-framework
41
https://github.com/x-stream/xstream
36
https://github.com/apache/activemq
33
https://github.com/CVEProject/cvelist
28
https://github.com/apache/inlong
26
https://github.com/eclipse/jetty.project
23
https://github.com/apache/nifi
22
https://github.com/apache/cxf
21
https://github.com/jenkinsci/script-security-plugin
21
https://github.com/jeecgboot/jeecg-boot
20
https://github.com/netty/netty
20
https://github.com/OpenNMS/opennms
20
https://github.com/cloudfoundry/uaa
19
https://github.com/bcgit/bc-java
19
https://github.com/geoserver/geoserver
18
https://github.com/vaadin/platform
17
https://github.com/opencast/opencast
16
https://github.com/apache/camel
15
https://github.com/undertow-io/undertow
13
https://github.com/ming-soft/MCMS
13
https://github.com/xuxueli/xxl-job
13
https://github.com/dromara/hutool
13
https://github.com/quarkusio/quarkus
13
https://github.com/apache/dolphinscheduler
12
https://github.com/apache/kylin
12
https://github.com/igniterealtime/Openfire
11
https://github.com/vaadin/flow
11
https://github.com/apache/zeppelin
10
https://github.com/DSpace/DSpace
10
https://github.com/spring-projects/spring-security
10
https://github.com/jenkinsci/git-plugin
10
https://github.com/apache/lucene-solr
9
https://github.com/cui2shark/cms
9
https://github.com/jquery/jquery
9
https://github.com/Graylog2/graylog2-server
9
https://github.com/xwiki/xwiki-commons
8
https://github.com/hazelcast/hazelcast
8
https://github.com/nahsra/antisamy
8
https://github.com/opensearch-project/security
8
https://github.com/jenkinsci/config-file-provider-plugin
8
https://github.com/jflyfox/jfinal_cms
7
https://github.com/vaadin/framework
7
https://github.com/apache/xmlgraphics-batik
7
https://github.com/OpenTSDB/opentsdb
7
https://github.com/dataease/dataease
7
https://github.com/pgjdbc/pgjdbc
7
https://github.com/ratpack/ratpack
7
https://github.com/RhinoSecurityLabs/CVEs
7
https://github.com/rubygems/rubygems
7
https://github.com/rundeck/rundeck
7
https://github.com/jenkinsci/blueocean-plugin
7
https://github.com/OpenAPITools/openapi-generator
6
https://github.com/cui2shark/security
6
https://github.com/apache/tika
6
https://bitbucket.org/snakeyaml/snakeyaml
6
https://github.com/jenkinsci/build-failure-analyzer-plugin
6
https://github.com/playframework/playframework
6
https://github.com/jenkinsci/fortify-on-demand-uploader-plugin
6
https://github.com/vert-x3/vertx-web
6
https://github.com/resteasy/resteasy
6
https://github.com/jenkinsci/gerrit-trigger-plugin
6
https://github.com/apache/hadoop
6
https://github.com/DrunkenShells/Disclosures
6
https://github.com/ls1intum/Ares
6
https://github.com/jquery/jquery-ui
6
https://github.com/ESAPI/esapi-java-legacy
6
https://github.com/jenkinsci/ec2-plugin
6
https://github.com/http4s/http4s
6
https://github.com/line/armeria
6
https://github.com/apache/pulsar
6
https://github.com/OpenRefine/OpenRefine
6
https://github.com/jenkinsci/electricflow-plugin
6
https://github.com/jenkinsci/configuration-as-code-plugin
6
https://github.com/JLLeitschuh/security-research
5
https://github.com/jenkinsci/email-ext-plugin
5
https://github.com/apiman/apiman
5
https://github.com/jensdietrich/xshady-release
5
https://github.com/grails/grails-core
5
https://github.com/apache/geode
5
https://bitbucket.org/connect2id/nimbus-jose-jwt
5
https://github.com/apache/openmeetings
5
https://github.com/jettison-json/jettison
5
https://github.com/PowerJob/PowerJob
5
https://github.com/jenkinsci/workflow-cps-global-lib-plugin
5
https://github.com/jenkinsci/m2release-plugin
5
https://github.com/jenkinsci/junit-plugin
5
https://github.com/alibaba/nacos
5
https://github.com/jenkinsci/subversion-plugin
5
https://github.com/apache/shenyu
5
https://github.com/jenkinsci/publish-over-ssh-plugin
5
https://github.com/jenkinsci/github-plugin
5
https://github.com/apache/shiro
5
https://github.com/alkacon/opencms-core
5
https://github.com/jenkinsci/gitlab-plugin
5
https://github.com/apache/karaf
5
https://github.com/apache/syncope
5
https://github.com/neo4j-contrib/neo4j-apoc-procedures
5
https://github.com/jenkinsci/codedx-plugin
5
https://github.com/restlet/restlet-framework-java
5
https://github.com/jenkinsci/active-directory-plugin
5
https://github.com/h2database/h2database
5
https://github.com/protocolbuffers/protobuf
5
https://github.com/jenkinsci/support-core-plugin
5
https://github.com/jenkinsci/workflow-cps-plugin
4
https://github.com/pippo-java/pippo
4
https://github.com/jenkinsci/credentials-binding-plugin
4
https://github.com/apache/solr
4
https://github.com/shopizer-ecommerce/shopizer
4
https://github.com/infinispan/infinispan
4
https://github.com/skylot/jadx
4
https://github.com/jenkinsci/warnings-ng-plugin
4
https://github.com/apache/streampipes
4
https://github.com/itext/itext7
4
https://github.com/jfinal/jfinal
4
https://github.com/jenkinsci/p4-plugin
4
https://github.com/jenkinsci/job-config-history-plugin
4
https://github.com/jenkinsci/gitlab-oauth-plugin
4
https://github.com/jenkinsci/xldeploy-plugin
4
https://github.com/reportportal/reportportal
4
https://github.com/micronaut-projects/micronaut-core
4
https://github.com/jenkinsci/rundeck-plugin
4
https://github.com/jenkinsci/fortify-plugin
4
https://github.com/jenkinsci/libvirt-slave-plugin
4
https://github.com/ktorio/ktor
4
https://github.com/xerial/snappy-java
4
https://github.com/bcgit/bc-csharp
4
https://github.com/resteasy/Resteasy
4
https://github.com/apache/activemq-artemis
4
https://github.com/jenkinsci/matrix-project-plugin
4
https://github.com/jenkinsci/htmlpublisher-plugin
4
https://github.com/jenkinsci/active-choices-plugin
4
https://github.com/yamcs/yamcs
4
https://github.com/stanfordnlp/corenlp
4
https://github.com/jenkinsci/ansible-plugin
4
https://github.com/jenkinsci/hpe-application-automation-tools-plugin
4
https://github.com/apache/httpcomponents-client
4
https://github.com/nightcloudos/new_cms
4
https://github.com/jenkinsci/nexus-platform-plugin
4
https://github.com/HtmlUnit/htmlunit
4
https://github.com/aws/aws-iot-device-sdk-java-v2
4
https://github.com/jeremylong/DependencyCheck
3
https://github.com/jenkinsci/mailer-plugin
3
https://github.com/qos-ch/logback
3
https://github.com/apache/santuario-java
3
https://github.com/Rabb1ter/cms
3
https://github.com/jenkinsci/git-parameter-plugin
3
https://github.com/li-yu320/cms
3
https://github.com/jenkinsci/gitlab-branch-source-plugin
3
https://github.com/matrix-org/matrix-android-sdk2
3
https://github.com/mbechler/marshalsec
3
https://github.com/jenkinsci/git-client-plugin
3
https://github.com/LetianYuan/My-CVE-Public-References
3
https://github.com/Adobe-Consulting-Services/acs-aem-commons
3
https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
3
https://github.com/jenkinsci/azure-credentials-plugin
3
https://github.com/codehaus-plexus/plexus-utils
3
https://github.com/aws/amazon-redshift-jdbc-driver
3
https://github.com/AsyncHttpClient/async-http-client
3
https://github.com/jenkinsci/embeddable-build-status-plugin
3
https://github.com/jenkinsci/hashicorp-vault-plugin
3
https://github.com/opengoofy/hippo4j
3
https://github.com/OpenIdentityPlatform/OpenAM
3
https://github.com/jenkinsci/azure-vm-agents-plugin
3
https://github.com/open-metadata/OpenMetadata
3
https://github.com/ysuzhangbin/cms
3
https://github.com/jooby-project/jooby
3
https://github.com/orientechnologies/orientdb
3
https://github.com/joniles/mpxj
3
https://github.com/OWASP/json-sanitizer
3
https://github.com/crate/crate
3
https://github.com/peteroupc/CBOR-Java
3
https://github.com/pf4j/pf4j
3
https://github.com/apache/storm
3
https://github.com/jhy/jsoup
3
https://github.com/javamelody/javamelody
3
https://github.com/jenkinsci/cloudbees-jenkins-advisor-plugin
3
https://github.com/eclipse-vertx/vert.x
3
https://github.com/jenkinsci/liquibase-runner-plugin
3
https://github.com/spray/spray-json
3
https://github.com/jenkinsci/nomad-plugin
3
https://github.com/apache/commons-configuration
3
https://github.com/apache/james-project
3
https://github.com/spring-projects/spring-boot
3
https://github.com/apache/jackrabbit
3
https://github.com/jenkinsci/audit-trail-plugin
3
https://github.com/wso2/carbon-registry
3
https://github.com/apache/cxf-fediz
3
https://github.com/apache/derby
3
https://github.com/jenkinsci/mercurial-plugin
3
https://github.com/eclipse-ee4j/mojarra
3
https://github.com/jenkinsci/code-coverage-api-plugin
3
https://github.com/google/guava
3
https://github.com/jenkinsci/compuware-topaz-for-total-test-plugin
3