Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

maven Security Advisories

Loading...
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZjM2otYzY0bS1xaGdx
XSS in jQuery as used in Drupal, Backdrop CMS, and other products
Ecosystems: maven, nuget, npm, pypi, rubygems
Packages: org.webjars.npm:jquery, jQuery, jquery, django, jquery-rails
Source: GitHub Advisory Database
Blast Radius: 135.8
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1ocHAtODc1dy05Y3B2
Denial of Service in jquery
Ecosystems: rubygems, maven, nuget, npm
Packages: jquery-rails, org.webjars.npm:jquery, jQuery, jquery
Source: GitHub Advisory Database
Blast Radius: 129.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd4cjQteGpqNS01cHgy
Potential XSS vulnerability in jQuery
Ecosystems: rubygems, maven, nuget, npm
Packages: jquery-rails, org.webjars.npm:jquery, jquery
Source: GitHub Advisory Database
Blast Radius: 118.7
Published: about 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpwY3EtY2d3Ni12NGo2
Potential XSS vulnerability in jQuery
Ecosystems: maven, nuget, rubygems, npm
Packages: org.webjars.npm:jquery, jQuery, jquery-rails, jquery
Source: GitHub Advisory Database
Blast Radius: 118.7
Published: about 4 years ago
High
GSA_kwCzR0hTQS03N3JtLTl4OWgteGozZ80mxQ
NULL Pointer Dereference in Protocol Buffers
Ecosystems: maven, pypi, go, packagist, nuget
Packages: com.google.protobuf:protobuf-java, protobuf, github.com/protocolbuffers/protobuf, google/protobuf, Google.Protobuf
Source: GitHub Advisory Database
Blast Radius: 111.3
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE0bTMtMmo3aC1mN3h3
Cross-Site Scripting in jquery
Ecosystems: maven, rubygems, nuget, npm
Packages: org.webjars.npm:jquery, jquery-rails, jQuery, jquery
Source: GitHub Advisory Database
Blast Radius: 104.9
Published: almost 4 years ago
Moderate
GSA_kwCzR0hTQS0yNTdxLXB2ODktdjN4ds4AA0D1
jQuery Cross Site Scripting vulnerability
Ecosystems: maven, npm, rubygems, nuget
Packages: org.webjars.npm:jquery, jquery, jquery-rails, jQuery
Source: GitHub Advisory Database
Blast Radius: 104.9
Published: 10 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJwcWotaDN2ai1wcWd3
Cross-Site Scripting in jquery
Ecosystems: rubygems, nuget, maven, npm
Packages: jquery-rails, jQuery, org.webjars.npm:jquery, jquery
Source: GitHub Advisory Database
Blast Radius: 104.9
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJteGctNzNnZy00cDk4
Cross-Site Scripting (XSS) in jquery
Ecosystems: maven, rubygems, npm, nuget
Packages: org.webjars.npm:jquery, jquery-rails, jquery, jQuery
Source: GitHub Advisory Database
Blast Radius: 104.9
Published: over 6 years ago
High
GSA_kwCzR0hTQS1qd3Z3LXY3YzUtbTgyaM3tlQ
protobuf susceptible to buffer overflow
Ecosystems: pypi, packagist, go, maven, nuget
Packages: protobuf, google/protobuf, github.com/protocolbuffers/protobuf, com.google.protobuf:protobuf-parent, Google.Protobuf
Source: GitHub Advisory Database
Blast Radius: 94.2
Published: almost 2 years ago
High
GSA_kwCzR0hTQS02NjI4LXE2ajktdzh2Z84AA0dX
gRPC Reachable Assertion issue
Ecosystems: rubygems, pypi, maven
Packages: grpc, grpcio, io.grpc:grpc-protobuf
Source: GitHub Advisory Database
Blast Radius: 89.7
Published: 10 months ago
High
GSA_kwCzR0hTQS1jZmdwLTI5NzctMmZtbc4AA0N9
Connection confusion in gRPC
Ecosystems: rubygems, pypi, maven
Packages: grpc, grpcio, io.grpc:grpc-protobuf
Source: GitHub Advisory Database
Blast Radius: 88.5
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS01ODQ0LXEzZmMtNTZyaM4AA3lZ
pubnub Insufficient Entropy vulnerability
Ecosystems: swift, pypi, pub, packagist, cargo, rubygems, nuget, go, maven, npm
Packages: github.com/pubnub/swift, pubnub, pubnub/pubnub, Pubnub, github.com/pubnub/go/v5, github.com/pubnub/go/v6, github.com/pubnub/go, github.com/pubnub/go/v7, com.pubnub:pubnub, com.pubnub:pubnub-kotlin
Source: GitHub Advisory Database
Blast Radius: 82.5
Published: 5 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYyanYtcjlyZi03OTg4
Remote code execution in handlebars when compiling templates
Ecosystems: maven, npm
Packages: org.webjars.bowergithub.wycats:handlebars.js, org.webjars.npm:handlebars, org.webjars:handlebars, handlebars
Source: GitHub Advisory Database
Blast Radius: 79.2
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1xcHBqLWZtNXItaHhyM84AA2X2
HTTP/2 Stream Cancellation Attack
Ecosystems: maven, swift, go
Packages: com.typesafe.akka:akka-http-core_2.11, com.typesafe.akka:akka-http-core_2.12, com.typesafe.akka:akka-http-core_2.13, com.typesafe.akka:akka-http-core, org.eclipse.jetty.http2:jetty-http2-server, org.eclipse.jetty.http2:jetty-http2-common, org.eclipse.jetty.http2:http2-server, org.eclipse.jetty.http2:http2-common, github.com/apple/swift-nio-http2, org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat, google.golang.org/grpc, golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 65.5
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS05aHhmLXBwanYtdzZycc4AA0dy
gRPC connection termination issue
Ecosystems: rubygems, pypi, maven
Packages: grpc, grpcio, io.grpc:grpc-protobuf
Source: GitHub Advisory Database
Blast Radius: 63.4
Published: 10 months ago
High
GSA_kwCzR0hTQS13cnZ3LWhnMjItNG02N80hQw
A potential Denial of Service issue in protobuf-java
Ecosystems: maven, rubygems
Packages: com.google.protobuf:protobuf-kotlin, com.google.protobuf:protobuf-java, google-protobuf
Source: GitHub Advisory Database
Blast Radius: 61.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qN3F2LXBnZjYtaHZoNM0Wtw
XSS in `*Text` options of the Datepicker widget in jquery-ui
Ecosystems: rubygems, nuget, maven, npm
Packages: jquery-ui-rails, jQuery.UI.Combined, org.webjars.npm:jquery-ui, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 59.3
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1ncHFxLTk1MnEtNTMyN80Wtg
XSS in the `of` option of the `.position()` util in jquery-ui
Ecosystems: rubygems, nuget, maven, npm
Packages: jquery-ui-rails, jQuery.UI.Combined, org.webjars.npm:jquery-ui, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 59.3
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05Z2ozLWh3cDUtcG13Y80WtQ
XSS in the `altField` option of the Datepicker widget in jquery-ui
Ecosystems: rubygems, maven, nuget, npm
Packages: jquery-ui-rails, org.webjars.npm:jquery-ui, jQuery.UI.Combined, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 59.3
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS0zNnAzLXdqbWctaDk0eM03aQ
Remote Code Execution in Spring Framework
Ecosystems: maven
Packages: org.springframework:spring-webflux, org.springframework:spring-webmvc, org.springframework:spring-beans, org.springframework.boot:spring-boot-starter-webflux, org.springframework.boot:spring-boot-starter-web
Source: GitHub Advisory Database
Blast Radius: 57.9
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS0yOXhyLXY0Mmotcjk1Ns4AAtcx
thenify before 3.3.1 made use of unsafe calls to `eval`.
Ecosystems: maven, npm
Packages: org.webjars.npm:thenify, thenify
Source: GitHub Advisory Database
Blast Radius: 57.8
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhwY2YtOHZmOS1xNGdq
jQuery-UI vulnerable to Cross-site Scripting in dialog closeText
Ecosystems: nuget, maven, rubygems, npm
Packages: jQuery.UI.Combined, org.webjars.npm:jquery-ui, jquery-ui-rails, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 55.7
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdjbTItOWM4OS13bWZt
Cross-site Scripting in jquery-ui
Ecosystems: rubygems, nuget, maven, npm
Packages: jquery-ui-rails, jQuery.UI.Combined, org.webjars.npm:jquery-ui, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 55.7
Published: over 6 years ago
Moderate
GSA_kwCzR0hTQS1oNmdqLTZqanEtaDhnOc4AAtcw
jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label
Ecosystems: nuget, rubygems, maven, npm
Packages: jQuery.UI.Combined, jquery-ui-rails, org.webjars.npm:jquery-ui, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 55.7
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1yaHJ2LTY0NWgtZmpmaM4AA2Jb
Apache Avro Java SDK vulnerable to Improper Input Validation
Ecosystems: pypi, maven
Packages: avro, org.apache.avro:avro
Source: GitHub Advisory Database
Blast Radius: 54.2
Published: 7 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlteGYtZzN4Ni13djc0
Server-Side Request Forgery (SSRF) in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 53.9
Published: over 5 years ago
Critical
GSA_kwCzR0hTQS1oMzc2LWoyNjItdmhxNs0g_w
RCE in H2 Console
Ecosystems: maven
Packages: com.h2database:h2
Source: GitHub Advisory Database
Blast Radius: 53.2
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS00NWh4LXdmaGotNDczeM0kjA
Arbitrary code execution in H2 Console
Ecosystems: maven
Packages: com.h2database:h2
Source: GitHub Advisory Database
Blast Radius: 53.2
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM4aG0tN2hwcS03amhn
com.fasterxml.jackson.core:jackson-databind vulnerable to Deserialization of Untrusted Data
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY0NXAtODhxaC13Mzk4
Arbitrary Code Execution in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdqbXctdmY5aC1nMjV2
jackson-databind polymorphic typing issue
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR3ODItcjMyOS0zcTY3
Deserialization of Untrusted Data in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: about 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg1Y3ctaGo2NS1xcXY5
Polymorphic Typing issue in FasterXML jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE5M2gtamM0OS03OGdn
jackson-databind mishandles the interaction between serialization gadgets and typing
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: almost 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVwMzQtNW02cC1wNThn
jackson-databind mishandles the interaction between serialization gadgets and typing
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: about 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRncTUtY2g1Ny1jMm1n
Arbitrary Code Execution in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYzajUtcm1tcC0zZmM1
Improper Input Validation in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: almost 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW14N3AtNjY3OS04ZzNx
Polymorphic Typing in FasterXML jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXgydzUtNW0yZy03aDVt
XML External Entity Reference (XXE) in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF4eHgtMnBwNy01aG14
jackson-databind is vulnerable to a deserialization flaw
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY5aHYtbWc1aC14Y3c5
Deserialization of Untrusted Data in jackson-databind due to polymorphic deserialization
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW14OXYtZ21oNC1tZ3F3
Deserialization of Untrusted Data in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg4MjItcjRyNS12OGpn
Polymorphic Typing issue in FasterXML jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFyN2otaDZnZy1qbWdj
Deserialization of Untrusted Data in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: almost 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA0M3gteGZqZi01amhy
jackson-databind mishandles the interaction between serialization gadgets and typing
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: almost 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZtbWMtNzQycS1qZzc1
jackson-databind polymorphic typing issue
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmeDYtdnA5Zy1yaDd2
jackson-databind vulnerable to remote code execution due to incorrect deserialization and blocklist bypass
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNnZ2otZnZ2My1jcXd2
FasterXML jackson-databind allows unauthenticated remote code execution
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg1OTItMzhjbS00Z2dw
jackson-databind vulnerable to deserialization flaw leading to unauthenticated remote code execution
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZmcHAtcmdqOS04cndj
Deserialization of untrusted data in FasterXML jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: almost 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd3dzctcDV3NC13cmZ2
Deserialization of Untrusted Data in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: about 4 years ago
Critical
GSA_kwCzR0hTQS02NWZnLTg0ZjYtM2pxM80kaQ
SQL Injection in Log4j 1.2.x
Ecosystems: maven
Packages: org.zenframework.z8.dependencies.commons:log4j-1.2.17, log4j:log4j
Source: GitHub Advisory Database
Blast Radius: 52.7
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJxcmcteDIyOS0zdjhx
Deserialization of Untrusted Data in Log4j
Ecosystems: maven
Packages: org.zenframework.z8.dependencies.commons:log4j-1.2.17, log4j:log4j
Source: GitHub Advisory Database
Blast Radius: 52.7
Published: over 4 years ago
Critical
GSA_kwCzR0hTQS1mN3ZoLXF3cDMteDM3bc0kWQ
Deserialization of Untrusted Data in Apache Log4j
Ecosystems: maven
Packages: org.zenframework.z8.dependencies.commons:log4j-1.2.17, log4j:log4j
Source: GitHub Advisory Database
Blast Radius: 52.7
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS0yNHJwLXEzdzYtdmM1Ns4AA5cA
org.postgresql:postgresql vulnerable to SQL Injection via line comment generation
Ecosystems: maven
Packages: org.postgresql:postgresql
Source: GitHub Advisory Database
Blast Radius: 52.5
Published: 2 months ago
High
GSA_kwCzR0hTQS00dzR2LTVoYzkteHJyMs4AA5Mb
angular vulnerable to super-linear runtime due to backtracking
Ecosystems: maven, npm
Packages: org.webjars.bower:angular, org.webjars.npm:angular, angular
Source: GitHub Advisory Database
Blast Radius: 51.8
Published: 3 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA1aGctM3htMy1nY2pn
Spring Framework allows applications to expose STOMP over WebSocket endpoints
Ecosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 50.9
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNybXYtMnBnNS14dnFq
Improperly Implemented Security Check for Standard in org.springframework:spring-core
Ecosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 50.9
Published: over 5 years ago
Critical
GSA_kwCzR0hTQS00d3JjLWY4cHEtZnBxcM4AAjLC
Pivotal Spring Framework contains unsafe Java deserialization methods
Ecosystems: maven
Packages: org.springframework:spring-web
Source: GitHub Advisory Database
Blast Radius: 50.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS00dnJ2LWNoOTYtNmg0Ms4AAS7X
Improper Privilege Management in MySQL Connectors Java
Ecosystems: maven
Packages: mysql:mysql-connector-java
Source: GitHub Advisory Database
Blast Radius: 50.6
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZtZmctcmpqbS1yanJq
QOS.ch Logback vulnerable to Deserialization of Untrusted Data
Ecosystems: maven
Packages: ch.qos.logback:logback-core, ch.qos.logback:logback-classic
Source: GitHub Advisory Database
Blast Radius: 50.6
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS1wcXdoLTQ0amotcDVybc4AAQXh
Hostname verification in Apache HttpClient 4.3 was disabled by default
Ecosystems: maven
Packages: org.apache.httpcomponents:httpclient
Source: GitHub Advisory Database
Blast Radius: 50.5
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhqcnIteHY5bS00cHc1
Improper Input Validation in alilibaba:fastjson
Ecosystems: maven
Packages: ro.pippo:pippo-fastjson, com.alibaba:fastjson
Source: GitHub Advisory Database
Blast Radius: 49.7
Published: over 5 years ago
Critical
GSA_kwCzR0hTQS1qZmg4LWMyanAtNXYzcc0asw
Remote code injection in Log4j
Ecosystems: maven
Packages: org.apache.logging.log4j:log4j-core, uk.co.nichesolutions.logging.log4j:log4j-core, org.xbib.elasticsearch:log4j, com.guicedee.services:log4j-core
Source: GitHub Advisory Database
Blast Radius: 49.2
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTd4OWotNzIyMy1yZzVt
Improper Access Control in commons-fileupload
Ecosystems: maven
Packages: commons-fileupload:commons-fileupload
Source: GitHub Advisory Database
Blast Radius: 49.2
Published: over 5 years ago
High
GSA_kwCzR0hTQS0yeHhoLWY4cjMtaHZ2cs4AASRm
Improper Access Control in MySQL Connectors Java
Ecosystems: maven
Packages: mysql:mysql-connector-java
Source: GitHub Advisory Database
Blast Radius: 48.9
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ4cGgtcTNqOC1tdjg3
Deserialization of Untrusted Data in Log4j
Ecosystems: maven
Packages: org.apache.logging.log4j:log4j-core, org.apache.logging.log4j:log4j
Source: GitHub Advisory Database
Blast Radius: 48.2
Published: over 4 years ago
Critical
GSA_kwCzR0hTQS1jMjdoLW1jbXctNDhods4AAiN-
Deserialization of Untrusted Data in org.codehaus.jackson:jackson-mapper-asl
Ecosystems: maven
Packages: org.codehaus.jackson:jackson-mapper-asl
Source: GitHub Advisory Database
Blast Radius: 47.5
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU4cHAtOWM3Ni01NjI1
jackson-databind mishandles the interaction between serialization gadgets and typing
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 47.4
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl2dnAtZnh3Ni1qY3hy
jackson-databind mishandles the interaction between serialization gadgets and typing
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 47.4
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYzeHctYzk2My1mNWhj
jackson-databind mishandles the interaction between serialization gadgets and typing
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 47.4
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmNnItMmM0cS0ydndn
jackson-databind mishandles the interaction between serialization gadgets and typing
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 47.4
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZxd2YtcGp3Zi03dnF2
jackson-databind mishandles the interaction between serialization gadgets and typing
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 47.4
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk1Y20tODhmNS1mMmM3
jackson-databind mishandles the interaction between serialization gadgets and typing
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 47.4
Published: about 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc1OG0tdjU2di1ncmo0
jackson-databind mishandles the interaction between serialization gadgets and typing
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 47.4
Published: about 4 years ago
High
GSA_kwCzR0hTQS13OXAzLTVjcjgtbTNqas0kWg
Deserialization of Untrusted Data in Log4j 1.x
Ecosystems: maven
Packages: org.zenframework.z8.dependencies.commons:log4j-1.2.17, log4j:log4j
Source: GitHub Advisory Database
Blast Radius: 47.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS1mOTNmLWczM3ItOHBjcM3o4A
Improper Restriction of XML External Entity Reference in Spring Framework
Ecosystems: maven
Packages: org.springframework:spring-webmvc
Source: GitHub Advisory Database
Blast Radius: 47.1
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1manE1LTVqNWYtbXZ4aM4AAQY7
Deserialization of Untrusted Data in Apache commons collections
Ecosystems: maven
Packages: org.apache.servicemix.bundles:org.apache.servicemix.bundles.collections-generic, net.sourceforge.collections:collections-generic, org.apache.servicemix.bundles:org.apache.servicemix.bundles.commons-collections, org.apache.commons:commons-collections4, commons-collections:commons-collections
Source: GitHub Advisory Database
Blast Radius: 47.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1oNGg1LTNocjQtajNnMs4AAvKm
protobuf-java has a potential Denial of Service issue
Ecosystems: maven, rubygems
Packages: com.google.protobuf:protobuf-kotlin-lite, com.google.protobuf:protobuf-javalite, google-protobuf, com.google.protobuf:protobuf-kotlin, com.google.protobuf:protobuf-java
Source: GitHub Advisory Database
Blast Radius: 47.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1yYzQ3LTY2NjctMmo1as4AAxS-
http-cache-semantics vulnerable to Regular Expression Denial of Service
Ecosystems: maven, npm
Packages: org.webjars.npm:http-cache-semantics, http-cache-semantics
Source: GitHub Advisory Database
Blast Radius: 46.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS03N3h4LXJ4dmgtcTY4Ms4AAvLg
HyperSQL DataBase vulnerable to remote code execution when processing untrusted input
Ecosystems: maven
Packages: org.hsqldb:hsqldb
Source: GitHub Advisory Database
Blast Radius: 46.5
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWozNzktOWpyOS13NWNx
XML External Entity (XXE) vulnerability in Square Retrofit
Ecosystems: maven
Packages: com.squareup.retrofit2:retrofit
Source: GitHub Advisory Database
Blast Radius: 45.8
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN4cmotNjZjNS05Zm1o
Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass
Ecosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 45.7
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdtdjQtNXc3Ni12cDln
Authorization Bypass in Spring Security
Ecosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 45.5
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS1tbW1oLXdjeG0tMndyNM4AAvnr
Spring Security authorization rules can be bypassed via forward or include dispatcher types
Ecosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 45.5
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1oaDMyLTczNDQtY2cyZs4AAgbh
Authorization bypass in Spring Security
Ecosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 45.5
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS04cXY1LTY4ZzQtMjQ4as4AAvC6
Scala subject to file deletion, code execution due to Java deserialization chain with LazyList object deserialization
Ecosystems: maven
Packages: org.scala-lang:scala-library
Source: GitHub Advisory Database
Blast Radius: 45.4
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS03cmpyLTNxNTUtdnYzM80bQA
Incomplete fix for Apache Log4j vulnerability
Ecosystems: maven
Packages: org.apache.logging.log4j:log4j-core
Source: GitHub Advisory Database
Blast Radius: 44.8
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBnZjktaDY5cC1wY2dm
Files or Directories Accessible to External Parties in org.springframework:spring-core
Ecosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 44.7
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg3MmctMmg4aC0zNjJx
Jetty contains an alias issue that could allow unauthenticated remote code execution due to specially crafted request
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-server
Source: GitHub Advisory Database
Blast Radius: 44.5
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ4OXgtOHF3OS05cHA2
Jetty vulnerable to authorization bypass due to inconsistent HTTP request handling (HTTP Request Smuggling)
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-server
Source: GitHub Advisory Database
Blast Radius: 44.5
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZnZzgtNzJmMi1xbTIz
Critical severity vulnerability that affects org.eclipse.jetty:jetty-server
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-server
Source: GitHub Advisory Database
Blast Radius: 44.5
Published: over 5 years ago
High
GSA_kwCzR0hTQS03cnBqLWhnNDctY3g2Ms0auA
Improper Restriction of XML External Entity Reference in com.h2database:h2.
Ecosystems: maven
Packages: com.h2database:h2
Source: GitHub Advisory Database
Blast Radius: 44.0
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlxY2YtYzI2ci14NXJm
XML external entity injection in Terracotta Quartz Scheduler
Ecosystems: maven
Packages: org.quartz-scheduler:quartz
Source: GitHub Advisory Database
Blast Radius: 43.9
Published: almost 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh3ajMtbTNwNi1oajM4
dom4j allows External Entities by default which might enable XXE attacks
Ecosystems: maven
Packages: dom4j:dom4j, org.dom4j:dom4j
Source: GitHub Advisory Database
Blast Radius: 43.8
Published: almost 4 years ago
Critical
GSA_kwCzR0hTQS0zaDZmLWc1ZjMtZ2M0d84AA0zc
Access Control Bypass in Spring Security
Ecosystems: maven
Packages: org.springframework.security:spring-security-config
Source: GitHub Advisory Database
Blast Radius: 43.8
Published: 10 months ago
Critical
GSA_kwCzR0hTQS1qdmZ2LWhycmMtNnE3Ms0wUg
Improper Restriction of XML External Entity Reference in Liquibase
Ecosystems: maven
Packages: org.liquibase:liquibase-core
Source: GitHub Advisory Database
Blast Radius: 43.8
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdoOGctM2oyYy1ycWo1
Serialization gadgets exploit in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU5NDktcnc3Zy13eDd3
Deserialization of untrusted data in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: over 3 years ago
Statistics
Advisories: 18,330
Packages: 8,279
Repositories: 969
Ecosystems: 12
Filter by Severity
Moderate 7,912 High 6,344 Critical 2,805 Low 981
Filter by Ecosystem
maven 5,520 packagist 3,801 pypi 3,704 npm 3,535 go 1,889 nuget 1,390 rubygems 814 cargo 776 swift 31 hex 30 actions 16 pub 8
Filter by Package
org.jenkins-ci.main:jenkins-core 189 org.apache.tomcat:tomcat 134 com.fasterxml.jackson.core:jackson-databind 69 org.apache.struts:struts2-core 55 org.keycloak:keycloak-core 47 com.liferay.portal:release.portal.bom 45 org.apache.tomcat.embed:tomcat-embed-core 37 com.thoughtworks.xstream:xstream 36 com.jfinal:jfinal 36 net.mingsoft:ms-mcms 35 org.xwiki.platform:xwiki-platform-oldcore 34 org.elasticsearch:elasticsearch 32 org.jenkins-ci.plugins:script-security 30 org.keycloak:keycloak-services 27 io.undertow:undertow-core 27 org.apache.solr:solr-core 25 org.keycloak:keycloak-parent 25 org.eclipse.jetty:jetty-server 23 org.springframework.security:spring-security-core 23 org.apache.nifi:nifi 22 org.apache.openmeetings:openmeetings-parent 21 org.cloudfoundry.identity:cloudfoundry-identity-server 20 org.springframework:spring-core 19 com.liferay.portal:release.dxp.bom 18 com.vaadin:vaadin-bom 18 org.bouncycastle:bcprov-jdk14 18 org.apache.geode:geode-core 17 org.xwiki.platform:xwiki-platform-web-templates 17 org.apache.activemq:activemq-client 16 org.apache.dubbo:dubbo 16 org.bouncycastle:bcprov-jdk15 16 org.apache.struts.xwork:xwork-core 15 org.apache.jspwiki:jspwiki-main 15 org.xwiki.platform:xwiki-platform-web 14 org.apache.hadoop:hadoop-main 13 org.apache.inlong:manager-pojo 13 org.apache.cxf:cxf 13 org.jenkins-ci.plugins:git 12 org.jenkins-ci.plugins.workflow:workflow-cps 12 com.vaadin:flow-server 12 org.apache.dolphinscheduler:dolphinscheduler 12 org.apache.commons:commons-compress 11 org.apache.james:james-server 11 org.jenkins-ci.plugins:email-ext 11 org.mortbay.jetty:jetty 11 org.apache.tika:tika-core 11 org.apache.tomcat:tomcat-coyote 11 org.igniterealtime.openfire:parent 11 org.jeecgframework.boot:jeecg-boot-common 11 org.apache.camel:camel-core 11 org.apache.hadoop:hadoop-common 11 org.apache.cxf:cxf-core 11 org.apache.jspwiki:jspwiki-war 11 org.apache.ranger:ranger 11 org.jeecgframework.boot:jeecg-boot-parent 11 com.xuxueli:xxl-job 11 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 10 org.apache.inlong:manager-service 10 org.xwiki.platform:xwiki-platform-administration-ui 10 io.netty:netty 10 org.jboss.netty:netty 10 org.bouncycastle:bcprov-jdk15on 9 org.apache.shiro:shiro-core 9 org.craftercms:crafter-studio 9 org.apache.hive:hive 9 com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer 9 org.jenkins-ci.plugins:config-file-provider 9 org.apache.tapestry:tapestry-core 9 org.apache.xmlgraphics:batik 9 org.springframework:spring-web 9 org.opennms:opennms 9 org.apache.archiva:archiva 9 io.jenkins:configuration-as-code 9 cn.hutool:hutool-core 9 org.springframework:spring-webmvc 9 jquery 9 org.jenkins-ci.plugins:active-directory 9 org.opencrx:opencrx-core-models 9 org.apache.tomcat:tomcat-catalina 9 org.jenkins-ci.plugins:electricflow 9 org.webjars.npm:jquery 9 jquery-rails 9 org.graylog2:graylog2-server 8 com.hazelcast:hazelcast 8 org.jenkins-ci.plugins:ec2 8 org.opencms:opencms-core 8 org.apache.ambari:ambari 8 org.apache.hive:hive-exec 8 org.apache.kylin:kylin 8 org.apache.zeppelin:zeppelin 8 org.apache.ozone:ozone-main 8 org.apache.pdfbox:pdfbox 8 org.postgresql:postgresql 8 jQuery 8 mysql:mysql-connector-java 8 org.apache.santuario:xmlsec 8 io.jenkins.blueocean:blueocean 8 org.yaml:snakeyaml 8 org.owasp.antisamy:antisamy 7 rubygems-update 7 org.apache.derby:derby 7 org.jenkins-ci.plugins:subversion 7 io.jenkins.plugins:miniorange-saml-sp 7 org.jenkins-ci.plugins:jobConfigHistory 7 org.jboss.resteasy:resteasy-client 7 org.jruby:jruby-stdlib 7 io.dataease:dataease-plugin-common 7 org.apache.hive:hive-service 7 jQuery.UI.Combined 7 org.webjars.npm:jquery-ui 7 org.apache.activemq:activemq-parent 7 jquery-ui-rails 7 jquery-ui 7 org.apache.spark:spark-core_2.11 7 org.apache.tika:tika 7 org.silverpeas.core:silverpeas-core-web 7 org.jenkins-ci.plugins:artifactory 7 org.jenkins-ci.plugins:openshift-deployer 7 org.apache.poi:poi 7 org.jenkins-ci.plugins:mercurial 7 org.apache.cxf:apache-cxf 7 org.owasp.esapi:esapi 7 io.jenkins.plugins:warnings-ng 7 net.opentsdb:opentsdb 7 org.jenkins-ci.plugins:rundeck 7 org.apache.atlas:atlas-common 7 org.apache.karaf:apache-karaf 7 io.atomix:atomix 7 org.jeecgframework.boot:jeecg-boot-base 7 org.apache.linkis:linkis 7 org.apache.logging.log4j:log4j-core 7 io.jenkins.plugins:cavisson-ns-nd-integration 7 org.apache.inlong:manager-web 7 org.apache.axis:axis 6 de.tum.in.ase:artemis-java-test-sandbox 6 org.jenkins-ci.plugins:azure-vm-agents 6 org.apache.struts:struts2-rest-plugin 6 org.apache.httpcomponents:httpclient 6 org.csanchez.jenkins.plugins:kubernetes 6 org.jenkins-ci.plugins:fortify-on-demand-uploader 6 org.apache.mesos:mesos 6 commons-fileupload:commons-fileupload 6 org.apache.spark:spark-core_2.10 6 com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger 6 axis:axis 6 io.netty:netty-codec-http 6 org.apache.shenyu:shenyu-common 6 org.jenkins-ci.plugins:repository-connector 6 hudson.plugins:project-inheritance 6 org.opensearch.plugin:opensearch-security 6 io.netty:netty-handler 6 org.apache.pulsar:pulsar-broker 6 org.xwiki.commons:xwiki-commons-xml 6 com.jflyfox:jflyfox_jfinal 6 org.opencastproject:opencast-kernel 6 org.apache.solr:solr-parent 6 org.apache.syncope:syncope-core 6 org.jenkins-ci.plugins:ec2-deployment-dashboard 6 tech.powerjob:powerjob 6 com.xebialabs.deployit.ci:deployit-plugin 6 org.apache.storm:storm-core 6 cn.hutool:hutool-json 6 org.jenkins-ci.plugins:gitlab-oauth 6 org.jenkins-ci.plugins:pipeline-maven 6 org.apache.cassandra:cassandra-all 5 io.vertx:vertx-web 5 com.alibaba:dubbo 5 org.xwiki.platform:xwiki-platform-appwithinminutes-ui 5 com.synopsys.jenkinsci:ownership 5 org.apache.zookeeper:zookeeper 5 com.nimbusds:nimbus-jose-jwt 5 org.bouncycastle:bcprov-jdk15to18 5 org.jenkins-ci.plugins:junit 5 org.jenkins-ci.plugins:htmlpublisher 5 info.magnolia:magnolia-core 5 org.opennms:opennms-webapp 5 org.apache.druid:druid 5 org.springframework.amqp:spring-amqp 5 org.jenkins-ci.plugins:google-login 5 org.jenkinsci.plugins:octoperf 5 xerces:xercesImpl 5 org.jenkins-ci.plugins:openid 5 org.jenkins-ci.plugins:websphere-deployer 5 org.apache.hadoop:hadoop-client 5 org.jenkins-ci.plugins:mailer 5 org.wildfly:wildfly-parent 5 org.xwiki.platform:xwiki-platform-flamingo-skin-resources 5 org.jboss.resteasy:resteasy-bom 5 com.vaadin:vaadin-server 5 org.apache.struts:struts-core 5 org.dspace:dspace-jspui 5 com.ruoyi:ruoyi 5 org.jenkins-ci.plugins:delphix 5 org.jeecgframework.boot:jeecg-boot-base-core 5 org.neo4j.procedure:apoc 5 edu.stanford.nlp:stanford-corenlp 5 org.jenkins-ci.plugins:ghprb 5 org.apache.ignite:ignite-core 5 org.jenkins-ci.plugins:azure-ad 5 org.jenkins-ci.plugins:credentials 5
Filter by Repository
https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/apache/tomcat 96 https://github.com/FasterXML/jackson-databind 70 https://github.com/keycloak/keycloak 58 https://github.com/apache/struts 46 https://github.com/spring-projects/spring-framework 41 https://github.com/x-stream/xstream 36 https://github.com/apache/activemq 32 https://github.com/CVEProject/cvelist 28 https://github.com/apache/inlong 25 https://github.com/eclipse/jetty.project 23 https://github.com/apache/nifi 21 https://github.com/netty/netty 20 https://github.com/OpenNMS/opennms 20 https://github.com/jenkinsci/script-security-plugin 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/cloudfoundry/uaa 19 https://github.com/apache/cxf 19 https://github.com/bcgit/bc-java 18 https://github.com/vaadin/platform 17 https://github.com/opencast/opencast 16 https://github.com/apache/camel 15 https://github.com/geoserver/geoserver 15 https://github.com/ming-soft/MCMS 13 https://github.com/xuxueli/xxl-job 13 https://github.com/undertow-io/undertow 13 https://github.com/quarkusio/quarkus 13 https://github.com/apache/dolphinscheduler 12 https://github.com/apache/kylin 12 https://github.com/dromara/hutool 12 https://github.com/igniterealtime/Openfire 11 https://github.com/vaadin/flow 11 https://github.com/jenkinsci/git-plugin 10 https://github.com/jquery/jquery 10 https://github.com/Graylog2/graylog2-server 9 https://github.com/DSpace/DSpace 9 https://github.com/spring-projects/spring-security 9 https://github.com/cui2shark/cms 9 https://github.com/apache/lucene-solr 9 https://github.com/nahsra/antisamy 8 https://github.com/apache/zeppelin 8 https://github.com/opensearch-project/security 8 https://github.com/jenkinsci/config-file-provider-plugin 8 https://github.com/hazelcast/hazelcast 8 https://github.com/xwiki/xwiki-commons 8 https://github.com/apache/xmlgraphics-batik 7 https://github.com/OpenTSDB/opentsdb 7 https://github.com/vaadin/framework 7 https://github.com/jflyfox/jfinal_cms 7 https://github.com/rubygems/rubygems 7 https://github.com/rundeck/rundeck 7 https://github.com/dataease/dataease 7 https://github.com/RhinoSecurityLabs/CVEs 7 https://github.com/pgjdbc/pgjdbc 7 https://github.com/jenkinsci/blueocean-plugin 7 https://github.com/ratpack/ratpack 7 https://github.com/resteasy/resteasy 6 https://github.com/jenkinsci/fortify-on-demand-uploader-plugin 6 https://github.com/apache/hadoop 6 https://github.com/DrunkenShells/Disclosures 6 https://github.com/jenkinsci/gerrit-trigger-plugin 6 https://github.com/vert-x3/vertx-web 6 https://github.com/http4s/http4s 6 https://github.com/apache/pulsar 6 https://github.com/line/armeria 6 https://github.com/jenkinsci/electricflow-plugin 6 https://github.com/ESAPI/esapi-java-legacy 6 https://github.com/ls1intum/Ares 6 https://github.com/OpenRefine/OpenRefine 6 https://bitbucket.org/snakeyaml/snakeyaml 6 https://github.com/jquery/jquery-ui 6 https://github.com/jenkinsci/build-failure-analyzer-plugin 6 https://github.com/apache/tika 6 https://github.com/jenkinsci/configuration-as-code-plugin 6 https://github.com/cui2shark/security 6 https://github.com/playframework/playframework 6 https://github.com/jenkinsci/ec2-plugin 6 https://github.com/jenkinsci/email-ext-plugin 5 https://github.com/neo4j-contrib/neo4j-apoc-procedures 5 https://github.com/jenkinsci/github-plugin 5 https://github.com/apache/shiro 5 https://github.com/jenkinsci/gitlab-plugin 5 https://github.com/apache/shenyu 5 https://github.com/JLLeitschuh/security-research 5 https://github.com/jenkinsci/workflow-cps-global-lib-plugin 5 https://github.com/jenkinsci/codedx-plugin 5 https://github.com/apache/karaf 5 https://github.com/h2database/h2database 5 https://github.com/apiman/apiman 5 https://github.com/jenkinsci/active-directory-plugin 5 https://github.com/alibaba/nacos 5 https://github.com/jenkinsci/junit-plugin 5 https://github.com/apache/openmeetings 5 https://github.com/OpenAPITools/openapi-generator 5 https://github.com/jettison-json/jettison 5 https://github.com/jenkinsci/m2release-plugin 5 https://github.com/grails/grails-core 5 https://bitbucket.org/connect2id/nimbus-jose-jwt 5 https://github.com/restlet/restlet-framework-java 5 https://github.com/PowerJob/PowerJob 5 https://github.com/jenkinsci/support-core-plugin 5 https://github.com/jenkinsci/subversion-plugin 5 https://github.com/protocolbuffers/protobuf 5 https://github.com/jensdietrich/xshady-release 5 https://github.com/apache/geode 5 https://github.com/jenkinsci/publish-over-ssh-plugin 5 https://github.com/jenkinsci/htmlpublisher-plugin 4 https://github.com/aws/aws-iot-device-sdk-java-v2 4 https://github.com/jenkinsci/warnings-ng-plugin 4 https://github.com/jenkinsci/rundeck-plugin 4 https://github.com/infinispan/infinispan 4 https://github.com/jenkinsci/job-config-history-plugin 4 https://github.com/jenkinsci/nexus-platform-plugin 4 https://github.com/micronaut-projects/micronaut-core 4 https://github.com/skylot/jadx 4 https://github.com/itext/itext7 4 https://github.com/shopizer-ecommerce/shopizer 4 https://github.com/apache/solr 4 https://github.com/jenkinsci/libvirt-slave-plugin 4 https://github.com/reportportal/reportportal 4 https://github.com/jenkinsci/ansible-plugin 4 https://github.com/resteasy/Resteasy 4 https://github.com/ktorio/ktor 4 https://github.com/pippo-java/pippo 4 https://github.com/jfinal/jfinal 4 https://github.com/jenkinsci/xldeploy-plugin 4 https://github.com/nightcloudos/new_cms 4 https://github.com/apache/httpcomponents-client 4 https://github.com/stanfordnlp/corenlp 4 https://github.com/jenkinsci/credentials-binding-plugin 4 https://github.com/jenkinsci/fortify-plugin 4 https://github.com/jenkinsci/gitlab-oauth-plugin 4 https://github.com/apache/activemq-artemis 4 https://github.com/apache/syncope 4 https://github.com/xerial/snappy-java 4 https://github.com/HtmlUnit/htmlunit 4 https://github.com/jenkinsci/workflow-cps-plugin 4 https://github.com/jenkinsci/p4-plugin 4 https://github.com/jenkinsci/active-choices-plugin 4 https://github.com/yamcs/yamcs 4 https://github.com/jenkinsci/hpe-application-automation-tools-plugin 4 https://github.com/alkacon/opencms-core 4 https://github.com/jenkinsci/matrix-project-plugin 4 https://github.com/google/guava 3 https://github.com/apache/santuario-java 3 https://github.com/pf4j/pf4j 3 https://github.com/Rabb1ter/cms 3 https://github.com/eclipse-ee4j/mojarra 3 https://github.com/opengoofy/hippo4j 3 https://github.com/orientechnologies/orientdb 3 https://github.com/peteroupc/CBOR-Java 3 https://github.com/jenkinsci/nomad-plugin 3 https://github.com/qos-ch/logback 3 https://github.com/jenkinsci/mailer-plugin 3 https://github.com/apache/ranger 3 https://github.com/open-metadata/OpenMetadata 3 https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server 3 https://github.com/mbechler/marshalsec 3 https://github.com/OWASP/json-sanitizer 3 https://github.com/eclipse/lemminx 3 https://github.com/apache/storm 3 https://github.com/jenkinsci/mercurial-plugin 3 https://github.com/apache/commons-configuration 3 https://github.com/wildfly/wildfly-core 3 https://github.com/AsyncHttpClient/async-http-client 3 https://github.com/jhy/jsoup 3 https://github.com/jenkinsci/database-plugin 3 https://github.com/codehaus-plexus/plexus-utils 3 https://github.com/jenkinsci/cvs-plugin 3 https://github.com/wso2/carbon-registry 3 https://github.com/Jarvis-616/cms 3 https://github.com/jenkinsci/crx-content-package-deployer-plugin 3 https://github.com/javamelody/javamelody 3 https://github.com/jenkinsci/compuware-topaz-for-total-test-plugin 3 https://svn.apache.org/viewvc/tomcat/tc7.0.x 3 https://github.com/xwiki/xwiki-rendering 3 https://github.com/jenkinsci/code-coverage-api-plugin 3 https://github.com/ysuzhangbin/cms 3 https://github.com/jenkinsci/cloudbees-jenkins-advisor-plugin 3 https://github.com/jenkinsci/ci-with-toad-edge-plugin 3 https://github.com/joniles/mpxj 3 https://github.com/jooby-project/jooby 3 https://github.com/jenkinsci/cas-plugin 3 https://github.com/Adobe-Consulting-Services/acs-aem-commons 3 https://github.com/jenkinsci/bitbucket-oauth-plugin 3 https://github.com/jenkinsci/audit-trail-plugin 3 https://github.com/jenkinsci/azure-vm-agents-plugin 3 https://github.com/jenkinsci/azure-credentials-plugin 3 https://svn.apache.org/viewvc/lucene/dev 3 https://github.com/jenkinsci/scriptler-plugin 3 https://github.com/rhuss/jolokia 3 https://github.com/jenkinsci/mac-plugin 3 https://github.com/jenkinsci/lucene-search-plugin 3 https://github.com/matrix-org/matrix-android-sdk2 3 https://github.com/jenkinsci/liquibase-runner-plugin 3 https://github.com/jenkinsci/kubernetes-plugin 3 https://github.com/apache/olingo-odata4 3 https://github.com/grpc/grpc 3