Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

maven Security Advisories

Loading...
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg4dzQtcXY5OS1mN3Zq
Authorization bypass in org.springframework.security.oauth:spring-security-oauth2
Ecosystems: maven
Packages: org.springframework.security.oauth:spring-security-oauth2
Source: GitHub Advisory Database
Blast Radius: 32.1
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZjdzgtN2o2Yy1oY2Nw
Moderate severity vulnerability that affects io.vertx:vertx-core
Ecosystems: maven
Packages: io.vertx:vertx-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc2cXItbW1oOC1jcDhm
Moderate severity vulnerability that affects com.sparkjava:spark-core
Ecosystems: maven
Packages: com.sparkjava:spark-core
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZtcjQtdzY3cC12aDh4
Improper Input Validation in org.wildfly:wildfly-undertow
Ecosystems: maven
Packages: org.wildfly:wildfly-undertow
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1jZm0taDczdi02MzVt
Undertow-core vulnerable to HTTP Request Smuggling
Ecosystems: maven
Packages: io.undertow:undertow-core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN4N2gtNWhmci1odmpt
Moderate severity vulnerability that affects io.undertow:undertow-core
Ecosystems: maven
Packages: io.undertow:undertow-core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ4cTgtcHZnNC0zbWYz
Eclipse RDF4j vulnerable to XML External Entitiy
Ecosystems: maven
Packages: org.eclipse.rdf4j:rdf4j-runtime
Source: GitHub Advisory Database
Blast Radius: 23.4
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU2OHEtOWZ3NS0yOHdm
Moderate severity vulnerability that affects org.postgresql:pgjdbc-aggregate
Ecosystems: maven
Packages: org.postgresql:pgjdbc-aggregate
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRtOXItNWdxcC03ajgy
High severity vulnerability that affects org.dspace:dspace-xmlui
Ecosystems: maven
Packages: org.dspace:dspace-xmlui
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWgzd3YtNDd4bS00bWc2
Server Side Request Forgery in svgSalamander
Ecosystems: maven
Packages: com.kitfox.svg:svg-salamander
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF2eHYtcG1xOS00cTdn
High severity vulnerability that affects org.scala-lang:scala-compiler
Ecosystems: maven
Packages: org.scala-lang:scala-compiler
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTkzanEtNjI0Zy00cDlw
Improper Input Validation in async-http-client
Ecosystems: maven
Packages: org.asynchttpclient:async-http-client
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc1NTYteDV2eC1xaDU5
Android SVG vulnerable to XML External Entity (XXE)
Ecosystems: maven
Packages: com.caverock:androidsvg
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE3cGYtcXI5Ni0ydnE1
Deserialization of Untrusted Data in swagger-parser
Ecosystems: maven
Packages: io.swagger:swagger-parser, io.swagger:swagger-codegen
Source: GitHub Advisory Database
Blast Radius: 22.1
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZndmYtOWpoMy1mZzc1
Deserialization of Untrusted Data in swagger-codegen
Ecosystems: maven
Packages: io.swagger:swagger-codegen, io.swagger:swagger-parser
Source: GitHub Advisory Database
Blast Radius: 22.1
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEyNWotZ2Ntdi01cXBw
Moderate severity vulnerability that affects org.grails.plugins:fields and org.grails:grails-core
Ecosystems: maven
Packages: org.grails:grails-core, org.grails.plugins:fields
Source: GitHub Advisory Database
Blast Radius: 19.1
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW05dzgtdjM1OS05ZmZy
Improper Certificate Validation in Apache activemq-client
Ecosystems: maven
Packages: org.apache.activemq:activemq-client
Source: GitHub Advisory Database
Blast Radius: 28.2
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA5OXAtNzI2aC1jOHY1
Apache juddi-client vulnerable to XML External Entity (XXE)
Ecosystems: maven
Packages: org.apache.juddi:juddi-client
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ3M3YtNjZtai0ycW02
Moderate severity vulnerability that affects org.apache.qpid:apache-qpid-broker-j
Ecosystems: maven
Packages: org.apache.qpid:apache-qpid-broker-j
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhybXItZjVtNi1tOXBx
Moderate severity vulnerability that affects org.apache.commons:commons-compress
Ecosystems: maven
Packages: org.apache.commons:commons-compress
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRyN2ctN2Nwai01anI3
Apache Qpid Broker-J vulnerable to Denial of Service (DoS) via uncontrolled resource consumption
Ecosystems: maven
Packages: org.apache.qpid:qpid-broker
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI2OW0tNjk1eC1qMzRw
Apache Qpid Broker vulnerable to authentication port spoofing
Ecosystems: maven
Packages: org.apache.qpid:qpid-broker
Source: GitHub Advisory Database
Blast Radius: 25.3
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpjN3ItdjZmZy0yZ3Bm
Apache CXF TLS hostname verification does not work correctly with com.sun.net.ssl.*
Ecosystems: maven
Packages: org.apache.cxf:apache-cxf, org.apache.cxf:cxf
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF2MzItN3I2cC14aGho
Moderate severity vulnerability that affects com.adobe.xmp:xmpcore
Ecosystems: maven
Packages: com.adobe.xmp:xmpcore
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ4OXgtOHF3OS05cHA2
Jetty vulnerable to authorization bypass due to inconsistent HTTP request handling (HTTP Request Smuggling)
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-server
Source: GitHub Advisory Database
Blast Radius: 44.5
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg0cTctcDIyNi00eDV3
Jetty vulnerable to cache poisoning due to inconsistent HTTP request handling (HTTP Request Smuggling)
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-server
Source: GitHub Advisory Database
Blast Radius: 34.0
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg3MmctMmg4aC0zNjJx
Jetty contains an alias issue that could allow unauthenticated remote code execution due to specially crafted request
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-server
Source: GitHub Advisory Database
Blast Radius: 44.5
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlyZ3YtaDd4NC1xdzhn
Eclipse Jetty Server generates error message containing sensitive information
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-server
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdmY2MtcGZmNi1yZ2M1
Jetty vulnerable to exposure of sensitive information due to observable discrepancy
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-server
Source: GitHub Advisory Database
Blast Radius: 34.0
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZnZzgtNzJmMi1xbTIz
Critical severity vulnerability that affects org.eclipse.jetty:jetty-server
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-server
Source: GitHub Advisory Database
Blast Radius: 44.5
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNyNmotM2pwOS1ydzY1
Apache Struts vulnerable to remote command execution (RCE) due to improper input validation
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo3N3EtMnFxZy02OTg5
Apache Struts vulnerable to remote arbitrary command execution due to improper input validation
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdxOWMtaDIzeC02NWZx
Spring Security OAuth vulnerable to remote code execution (RCE) via specially crafted request using whitelabel views
Ecosystems: maven
Packages: org.springframework.security.oauth:spring-security-oauth2
Source: GitHub Advisory Database
Blast Radius: 34.9
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc0ZzItOWhqNi01NDcy
Moderate severity vulnerability that affects com.rabbitmq:amqp-client and org.springframework.amqp:spring-amqp
Ecosystems: maven
Packages: com.rabbitmq:amqp-client, org.springframework.amqp:spring-amqp
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh4NjUtY2M3Zy05cGZw
Moderate severity vulnerability that affects org.springframework.boot:spring-boot
Ecosystems: maven
Packages: org.springframework.boot:spring-boot
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW05am0tcmhybS1nY3hq
Path traversal in org.springframework.integration:spring-integration-zip
Ecosystems: maven
Packages: org.springframework.integration:spring-integration-zip
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJycG0tcGo3cC03ajlx
Spring Security OAuth vulnerable to remote code execution (RCE)
Ecosystems: maven
Packages: org.springframework.security.oauth:spring-security-oauth2
Source: GitHub Advisory Database
Blast Radius: 38.9
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI4NmotMmdjNi0yY3E5
Race condition in org.apache.hbase:hbase-thrift
Ecosystems: maven
Packages: org.apache.hbase:hbase-thrift
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA4eHItNHYyYy1ydmdw
High severity vulnerability that affects org.apache.hbase:hbase
Ecosystems: maven
Packages: org.apache.hbase:hbase
Source: GitHub Advisory Database
Blast Radius: 26.7
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlncDQtcXJmZi1jNjQ4
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJqMngtaHg0Zy0yZ2Y0
In Bouncy Castle JCE Provider the DHIES implementation allowed the use of ECB mode
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdjMnItM2pxZi1jOXJ3
jackson-dataformat-xml vulnerable to server side request forgery (SSRF)
Ecosystems: maven
Packages: com.fasterxml.jackson.dataformat:jackson-dataformat-xml
Source: GitHub Advisory Database
Blast Radius: 37.7
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhtcTYtZnJ2My00NzI3
jackson-dataformat-xml vulnerable to XML external entity (XXE)
Ecosystems: maven
Packages: com.fasterxml.jackson.dataformat:jackson-dataformat-xml
Source: GitHub Advisory Database
Blast Radius: 43.0
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmeDYtdnA5Zy1yaDd2
jackson-databind vulnerable to remote code execution due to incorrect deserialization and blocklist bypass
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg1OTItMzhjbS00Z2dw
jackson-databind vulnerable to deserialization flaw leading to unauthenticated remote code execution
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc0Z2ctOWY2Mi1qZnBo
OrientDB Studio web management interface is vulnerable to clickjacking attacks
Ecosystems: maven
Packages: com.orientechnologies:orientdb-studio
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY2d3ItZmNoMi12bTV3
OrientDB Server Community Edition uses insufficiently random values to generate session IDs
Ecosystems: maven
Packages: com.orientechnologies:orientdb-server
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA4d3ctdnY4NC1jMnJt
OrientDB-Server vulnerable to Cross-Site Request Forgery
Ecosystems: maven
Packages: com.orientechnologies:orientdb-studio
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhtNnItNDQ2Ni1tcjc0
OrientDB vulnerable to Improper Privilage Management leading to arbitrary command injection
Ecosystems: maven
Packages: com.orientechnologies:orientdb-core
Source: GitHub Advisory Database
Blast Radius: 25.5
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE0NHYteGMzZy12N2px
OWASP AntiSamy Cross-site Scripting vulnerability
Ecosystems: maven
Packages: org.owasp.antisamy:antisamy
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY4M3ctNmg5ai01N3dx
Moderate severity vulnerability that affects org.owasp.antisamy:antisamy
Ecosystems: maven
Packages: org.owasp.antisamy:antisamy
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ2N3gtNGhwYy1oZjlm
Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3
Ecosystems: maven
Packages: org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring3, org.apache.cxf.fediz:fediz-spring2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFwd2otbXZ2Ny12M205
High severity vulnerability that affects org.apache.cxf.fediz:fediz-spring and org.apache.cxf.fediz:fediz-spring2
Ecosystems: maven
Packages: org.apache.cxf.fediz:fediz-spring2, org.apache.cxf.fediz:fediz-spring
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTMzNTctODI5eC1tOXBy
Apache CXF Fediz application plugins are vulnerable to Denial of Service (DoS) attacks
Ecosystems: maven
Packages: org.apache.cxf.fediz:fediz-core, org.apache.cxf.fediz:fediz-idp
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXczZ2gtZzMybS1jdmhy
High severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3
Ecosystems: maven
Packages: org.apache.cxf.fediz:fediz-jetty9, org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-spring3, org.apache.cxf.fediz:fediz-spring2, org.apache.cxf.fediz:fediz-spring
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdodzctaDI1di05cXZ4
Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, and org.apache.cxf.fediz:fediz-spring2
Ecosystems: maven
Packages: org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, org.apache.cxf.fediz:fediz-spring2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXIzMnItMzk3Ny1jZ2Mz
Keycloak vulnerable to uncontrolled resource consumption
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk1OXEtMzJnOC12dnA3
Moderate severity vulnerability that affects org.keycloak:keycloak-core
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg3ajctcHczdi0zdjN4
Moderate severity vulnerability that affects org.keycloak:keycloak-core
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM3N3ItNmY2NC00Nzhx
keycloak-core discloses system properties
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpjNnEtMjdtdy1wNTV3
Keycloak vulnerable to infinite loop based Denial of Service
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk1bTYtbWpoMy01OGdt
Improper Authentication in org.keycloak:keycloak-core
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc3OHgtMm1xdi13Nnh3
Moderate severity vulnerability that affects org.keycloak:keycloak-core
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc2Z3YtM3Izdi1nd2dq
keycloak-core vulnerable to timing attacks against JWS token verification
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM4N3YtODRjdi05cW1j
Improper Limitation of a Pathname ('Path Traversal') in org.apache.solr:solr-core
Ecosystems: maven
Packages: org.apache.solr:solr-core
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThjcnYtNDlmci0yaDZq
Spring Security and Spring Framework may not recognize certain paths that should be protected
Ecosystems: maven
Packages: org.springframework.security:spring-security-core, org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 39.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBnZjktaDY5cC1wY2dm
Files or Directories Accessible to External Parties in org.springframework:spring-core
Ecosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 44.7
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ2N3ctNTM1ai1ycTVt
Pivotal Spring Framework DoS Attack with XML Input
Ecosystems: maven
Packages: org.springframework:spring-web
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ1dmctMnY3My12bTYy
Moderate severity vulnerability that affects org.springframework:spring-core
Ecosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNybXYtMnBnNS14dnFq
Improperly Implemented Security Check for Standard in org.springframework:spring-core
Ecosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 50.9
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ0ODcteDM4My1xcHBo
Possible privilege escalation in org.springframework:spring-core
Ecosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 39.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc4aHctNzk0Yy00ajln
Path Traversal in org.springframework:spring-core
Ecosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA1aGctM3htMy1nY2pn
Spring Framework allows applications to expose STOMP over WebSocket endpoints
Ecosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 50.9
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN4cmotNjZjNS05Zm1o
Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass
Ecosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 45.7
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJjcGYtdmo1My03aDJt
Denial of Service in org.springframework:spring-core
Ecosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY1OTYtZndocS04eDQ4
Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core
Ecosystems: maven
Packages: org.springframework.security:spring-security-core, org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1oN2ctOTl3OS14cGpt
Remote code execution occurs in Apache Solr
Ecosystems: maven
Packages: org.apache.solr:solr-core
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJjOXYtaDI4Zi1qY21m
There is a XML external entity expansion (XXE) vulnerability in Apache Solr config files
Ecosystems: maven
Packages: org.apache.solr:solr-core
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNwcGgtMjU5NS1jZ2Zo
There is a XML external entity expansion (XXE) vulnerability in Apache Solr
Ecosystems: maven
Packages: org.apache.solr:solr-core
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdweDMtNmY2Zy1oeGNq
XML external entity expansion in org.apache.solr:solr-core
Ecosystems: maven
Packages: org.apache.solr:solr-core
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJocTItMjU3NC03OG1j
Unzip function in ZipUtil.java in Hutool allows remote attackers to overwrite arbitrary files via directory traversal
Ecosystems: maven
Packages: cn.hutool:hutool-core, cn.hutool:hutool-all, cn.hutool:hutool-parent
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM4Y2MtcDNqNy00Yzdm
Moderate severity vulnerability that affects org.apache.mesos:mesos
Ecosystems: maven
Packages: org.apache.mesos:mesos
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRyNjQtd2Y3Ni1jNTNw
In blynk-server a Directory Traversal exists
Ecosystems: maven
Packages: com.github.blynkkk:blynk-server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEzNXAtY2hjNi03eDU3
Moderate severity vulnerability that affects org.apache.storm:storm-core
Ecosystems: maven
Packages: org.apache.storm:storm-core
Source: GitHub Advisory Database
Blast Radius: 21.1
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA4angteDJ2dy13bTMz
Code execution in org.apache.storm:storm-core
Ecosystems: maven
Packages: org.apache.storm:storm-core
Source: GitHub Advisory Database
Blast Radius: 28.6
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg4MjUtcmp3dy0yMjQ1
Apache Storm it is possible for the owner of a topology to trick the supervisor to launch a worker as a different, non-root, user
Ecosystems: maven
Packages: org.apache.storm:storm-core
Source: GitHub Advisory Database
Blast Radius: 28.6
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZmdngtcjdoeC0zdmg2
JavaMelody has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java.
Ecosystems: maven
Packages: net.bull.javamelody:javamelody-core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd4OTYtdmdmNy1od2Zn
In Apache PDFBox a carefully crafted PDF file can trigger an extremely long running computation
Ecosystems: maven
Packages: org.apache.pdfbox:pdfbox
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRjMzIteG1nai0yZzk4
High severity vulnerability that affects org.apache.pdfbox:pdfbox
Ecosystems: maven
Packages: org.apache.pdfbox:pdfbox
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg1ZjUtcmo0ci00MmY2
Incorrect access control in Neo4j Enterprise Database Server via LDAP authentication
Ecosystems: maven
Packages: org.neo4j:neo4j-enterprise
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVxOG0tbXFteC1weHA5
Spring Data Commons contain a property path parser vulnerability caused by unlimited resource allocation
Ecosystems: maven
Packages: org.springframework.data:spring-data-commons
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW05MjktN2ZyNi1jdmpn
Spring Data Commons, used in combination with XMLBeam, contains a property binder vulnerability caused by improper restriction of XML external entity references
Ecosystems: maven
Packages: org.springframework.data:spring-data-commons
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRmcTMtbXI1Ni1jZzZy
Spring Data Commons remote code injection vulnerability
Ecosystems: maven
Packages: org.springframework.data:spring-data-commons
Source: GitHub Advisory Database
Blast Radius: 39.9
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZmamgtZmpnZy1tZnBx
Moderate severity vulnerability that affects org.apache.ranger:ranger
Ecosystems: maven
Packages: org.apache.ranger:ranger
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc1OG0tNmczcS1nM2ho
Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '' wildcard character
Ecosystems: maven
Packages: org.apache.ranger:ranger
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM5OWgtZmdxbS02Njc5
UnixAuthenticationService in Apache Ranger was updated to correctly handle user input to avoid Stack-based buffer overflow
Ecosystems: maven
Packages: org.apache.ranger:ranger
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh2N3gteDZ3ci14eDdn
Apache Ranger policy engine incorrectly matches paths in certain conditions
Ecosystems: maven
Packages: org.apache.ranger:ranger-plugins-common
Source: GitHub Advisory Database
Blast Radius: 14.6
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY3bWYtcWd4Zi1xbXZm
Apache Ranger admin users can store some arbitrary javascript code to be executed when normal users login and access policies
Ecosystems: maven
Packages: org.apache.ranger:ranger
Source: GitHub Advisory Database
Blast Radius: 1.4
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZoeGMtOGpqcS04NTlq
Moderate severity vulnerability that affects org.apache.ranger:ranger
Ecosystems: maven
Packages: org.apache.ranger:ranger
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmN3EteHFtMy02OTIz
Apache Ranger allows remote authenticated administrators to inject arbitrary web script or HTML
Ecosystems: maven
Packages: org.apache.ranger:ranger
Source: GitHub Advisory Database
Blast Radius: 1.4
Published: over 5 years ago
Statistics
Advisories: 18,440
Packages: 8,316
Repositories: 972
Ecosystems: 12
Filter by Severity
Moderate 7,964 High 6,379 Critical 2,816 Low 990
Filter by Ecosystem
maven 5,537 packagist 3,820 pypi 3,750 npm 3,551 go 1,904 nuget 1,391 rubygems 814 cargo 779 swift 31 hex 30 actions 16 pub 8
Filter by Package
org.jenkins-ci.main:jenkins-core 189 org.apache.tomcat:tomcat 134 com.fasterxml.jackson.core:jackson-databind 69 org.apache.struts:struts2-core 55 org.keycloak:keycloak-core 47 com.liferay.portal:release.portal.bom 45 com.thoughtworks.xstream:xstream 36 org.apache.tomcat.embed:tomcat-embed-core 36 com.jfinal:jfinal 36 net.mingsoft:ms-mcms 35 org.xwiki.platform:xwiki-platform-oldcore 34 org.jenkins-ci.plugins:script-security 32 org.elasticsearch:elasticsearch 32 org.keycloak:keycloak-services 27 io.undertow:undertow-core 27 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 org.eclipse.jetty:jetty-server 23 org.springframework.security:spring-security-core 23 org.apache.nifi:nifi 22 org.apache.openmeetings:openmeetings-parent 21 org.cloudfoundry.identity:cloudfoundry-identity-server 20 org.springframework:spring-core 19 org.bouncycastle:bcprov-jdk14 19 com.liferay.portal:release.dxp.bom 18 com.vaadin:vaadin-bom 18 org.xwiki.platform:xwiki-platform-web-templates 17 org.apache.geode:geode-core 17 org.apache.dubbo:dubbo 16 org.bouncycastle:bcprov-jdk15 16 org.apache.activemq:activemq-client 16 org.apache.struts.xwork:xwork-core 15 org.apache.jspwiki:jspwiki-main 15 org.apache.inlong:manager-pojo 14 org.xwiki.platform:xwiki-platform-web 14 org.apache.hadoop:hadoop-main 13 org.apache.cxf:cxf 13 org.apache.dolphinscheduler:dolphinscheduler 12 com.vaadin:flow-server 12 org.jenkins-ci.plugins.workflow:workflow-cps 12 org.jenkins-ci.plugins:git 12 org.apache.cxf:cxf-core 11 org.apache.hadoop:hadoop-common 11 org.igniterealtime.openfire:parent 11 org.jenkins-ci.plugins:email-ext 11 org.apache.camel:camel-core 11 org.jeecgframework.boot:jeecg-boot-common 11 org.mortbay.jetty:jetty 11 org.apache.commons:commons-compress 11 org.apache.ranger:ranger 11 org.jeecgframework.boot:jeecg-boot-parent 11 org.apache.tomcat:tomcat-coyote 11 org.apache.jspwiki:jspwiki-war 11 com.xuxueli:xxl-job 11 org.apache.james:james-server 11 org.apache.tika:tika-core 11 io.netty:netty 10 org.xwiki.platform:xwiki-platform-administration-ui 10 org.jboss.netty:netty 10 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 10 org.apache.inlong:manager-service 10 org.apache.shiro:shiro-core 9 io.jenkins:configuration-as-code 9 org.apache.tapestry:tapestry-core 9 org.opencrx:opencrx-core-models 9 org.opennms:opennms 9 org.craftercms:crafter-studio 9 com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer 9 org.jenkins-ci.plugins:active-directory 9 org.apache.archiva:archiva 9 cn.hutool:hutool-core 9 org.apache.xmlgraphics:batik 9 org.springframework:spring-web 9 org.jenkins-ci.plugins:electricflow 9 org.apache.hive:hive 9 org.apache.tomcat:tomcat-catalina 9 org.jenkins-ci.plugins:config-file-provider 9 org.springframework:spring-webmvc 9 org.bouncycastle:bcprov-jdk15on 9 jquery 9 jquery-rails 9 org.webjars.npm:jquery 9 io.jenkins.blueocean:blueocean 8 org.apache.zeppelin:zeppelin 8 org.opencms:opencms-core 8 org.graylog2:graylog2-server 8 jQuery 8 org.apache.santuario:xmlsec 8 org.yaml:snakeyaml 8 org.postgresql:postgresql 8 com.hazelcast:hazelcast 8 mysql:mysql-connector-java 8 org.jenkins-ci.plugins:ec2 8 org.apache.hive:hive-exec 8 org.apache.ozone:ozone-main 8 org.apache.kylin:kylin 8 org.apache.pdfbox:pdfbox 8 org.apache.ambari:ambari 8 org.apache.derby:derby 7 org.apache.activemq:activemq-parent 7 org.jeecgframework.boot:jeecg-boot-base 7 org.apache.tika:tika 7 org.owasp.esapi:esapi 7 org.apache.inlong:manager-web 7 io.dataease:dataease-plugin-common 7 org.jboss.resteasy:resteasy-client 7 io.jenkins.plugins:cavisson-ns-nd-integration 7 org.apache.spark:spark-core_2.11 7 org.jruby:jruby-stdlib 7 org.apache.cxf:apache-cxf 7 org.jenkins-ci.plugins:rundeck 7 org.jenkins-ci.plugins:mercurial 7 org.apache.atlas:atlas-common 7 rubygems-update 7 org.jenkins-ci.plugins:subversion 7 org.apache.karaf:apache-karaf 7 org.apache.logging.log4j:log4j-core 7 org.jenkins-ci.plugins:jobConfigHistory 7 io.atomix:atomix 7 net.opentsdb:opentsdb 7 org.owasp.antisamy:antisamy 7 io.jenkins.plugins:miniorange-saml-sp 7 org.jenkins-ci.plugins:openshift-deployer 7 org.apache.poi:poi 7 org.apache.linkis:linkis 7 jQuery.UI.Combined 7 org.jenkins-ci.plugins:artifactory 7 jquery-ui 7 jquery-ui-rails 7 org.silverpeas.core:silverpeas-core-web 7 org.apache.hive:hive-service 7 io.jenkins.plugins:warnings-ng 7 org.webjars.npm:jquery-ui 7 org.apache.struts:struts2-rest-plugin 6 org.csanchez.jenkins.plugins:kubernetes 6 org.apache.shenyu:shenyu-common 6 de.tum.in.ase:artemis-java-test-sandbox 6 org.opensearch.plugin:opensearch-security 6 io.netty:netty-handler 6 org.opencastproject:opencast-kernel 6 com.jflyfox:jflyfox_jfinal 6 org.xwiki.commons:xwiki-commons-xml 6 org.jenkins-ci.plugins:azure-vm-agents 6 org.apache.pulsar:pulsar-broker 6 hudson.plugins:project-inheritance 6 org.jenkins-ci.plugins:ec2-deployment-dashboard 6 org.apache.spark:spark-core_2.10 6 org.jenkins-ci.plugins:repository-connector 6 axis:axis 6 io.netty:netty-codec-http 6 org.apache.axis:axis 6 org.jenkins-ci.plugins:fortify-on-demand-uploader 6 org.apache.storm:storm-core 6 org.apache.httpcomponents:httpclient 6 com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger 6 com.xebialabs.deployit.ci:deployit-plugin 6 org.apache.mesos:mesos 6 org.bouncycastle:bcprov-jdk15to18 6 org.apache.syncope:syncope-core 6 org.jenkins-ci.plugins:pipeline-maven 6 cn.hutool:hutool-json 6 tech.powerjob:powerjob 6 org.jenkins-ci.plugins:gitlab-oauth 6 commons-fileupload:commons-fileupload 6 org.apache.solr:solr-parent 6 org.jenkins-ci.plugins:openid 5 org.jenkins-ci.plugins:mailer 5 org.jenkins-ci.plugins:websphere-deployer 5 org.springframework.amqp:spring-amqp 5 org.opennms:opennms-webapp 5 com.google.protobuf:protobuf-java 5 info.magnolia:magnolia-core 5 org.jenkins-ci.plugins:junit 5 com.nimbusds:nimbus-jose-jwt 5 edu.stanford.nlp:stanford-corenlp 5 org.apache.cassandra:cassandra-all 5 org.jenkins-ci.plugins:htmlpublisher 5 com.alibaba:dubbo 5 org.jenkins-ci.plugins:ghprb 5 org.apache.struts:struts-core 5 org.xwiki.platform:xwiki-platform-flamingo-skin-resources 5 org.jenkins-ci.plugins:gitlab-plugin 5 org.apache.inlong:manager-dao 5 org.jenkins-ci.plugins.m2release:m2release 5 org.jenkins-ci.plugins:extended-choice-parameter 5 com.datapipe.jenkins.plugins:hashicorp-vault-plugin 5 org.igniterealtime.openfire:xmppserver 5 org.bouncycastle:bcprov-ext-jdk15on 5 org.jenkins-ci.plugins:publish-over-ssh 5 com.synopsys.jenkinsci:ownership 5 org.jenkins-ci.plugins:fortify 5 com.ruoyi:ruoyi 5 log4j:log4j 5 org.zenframework.z8.dependencies.commons:log4j-1.2.17 5 org.jenkins-ci.plugins:credentials 5 com.coravy.hudson.plugins.github:github 5 io.vertx:vertx-web 5 struts:struts 5 org.jenkinsci.plugins:octoperf 5 org.jenkins-ci.plugins:sinatra-chef-builder 5
Filter by Repository
https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/apache/tomcat 96 https://github.com/FasterXML/jackson-databind 70 https://github.com/keycloak/keycloak 58 https://github.com/apache/struts 46 https://github.com/spring-projects/spring-framework 41 https://github.com/x-stream/xstream 36 https://github.com/apache/activemq 33 https://github.com/CVEProject/cvelist 28 https://github.com/apache/inlong 26 https://github.com/eclipse/jetty.project 23 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/apache/nifi 21 https://github.com/netty/netty 20 https://github.com/OpenNMS/opennms 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/bcgit/bc-java 19 https://github.com/apache/cxf 19 https://github.com/cloudfoundry/uaa 19 https://github.com/vaadin/platform 17 https://github.com/opencast/opencast 16 https://github.com/geoserver/geoserver 15 https://github.com/apache/camel 15 https://github.com/ming-soft/MCMS 13 https://github.com/quarkusio/quarkus 13 https://github.com/undertow-io/undertow 13 https://github.com/xuxueli/xxl-job 13 https://github.com/apache/dolphinscheduler 12 https://github.com/dromara/hutool 12 https://github.com/apache/kylin 12 https://github.com/igniterealtime/Openfire 11 https://github.com/vaadin/flow 11 https://github.com/jenkinsci/git-plugin 10 https://github.com/jquery/jquery 10 https://github.com/apache/lucene-solr 9 https://github.com/Graylog2/graylog2-server 9 https://github.com/DSpace/DSpace 9 https://github.com/cui2shark/cms 9 https://github.com/spring-projects/spring-security 9 https://github.com/opensearch-project/security 8 https://github.com/xwiki/xwiki-commons 8 https://github.com/nahsra/antisamy 8 https://github.com/hazelcast/hazelcast 8 https://github.com/jenkinsci/config-file-provider-plugin 8 https://github.com/apache/zeppelin 8 https://github.com/apache/xmlgraphics-batik 7 https://github.com/RhinoSecurityLabs/CVEs 7 https://github.com/ratpack/ratpack 7 https://github.com/jflyfox/jfinal_cms 7 https://github.com/rubygems/rubygems 7 https://github.com/rundeck/rundeck 7 https://github.com/dataease/dataease 7 https://github.com/OpenTSDB/opentsdb 7 https://github.com/pgjdbc/pgjdbc 7 https://github.com/vaadin/framework 7 https://github.com/jenkinsci/blueocean-plugin 7 https://github.com/jenkinsci/electricflow-plugin 6 https://github.com/vert-x3/vertx-web 6 https://github.com/OpenRefine/OpenRefine 6 https://github.com/jenkinsci/ec2-plugin 6 https://github.com/apache/hadoop 6 https://github.com/apache/tika 6 https://github.com/DrunkenShells/Disclosures 6 https://github.com/jenkinsci/configuration-as-code-plugin 6 https://github.com/playframework/playframework 6 https://github.com/jquery/jquery-ui 6 https://github.com/apache/pulsar 6 https://github.com/resteasy/resteasy 6 https://github.com/ls1intum/Ares 6 https://github.com/ESAPI/esapi-java-legacy 6 https://bitbucket.org/snakeyaml/snakeyaml 6 https://github.com/jenkinsci/build-failure-analyzer-plugin 6 https://github.com/line/armeria 6 https://github.com/jenkinsci/fortify-on-demand-uploader-plugin 6 https://github.com/jenkinsci/gerrit-trigger-plugin 6 https://github.com/http4s/http4s 6 https://github.com/cui2shark/security 6 https://github.com/jenkinsci/m2release-plugin 5 https://github.com/apache/karaf 5 https://github.com/grails/grails-core 5 https://github.com/protocolbuffers/protobuf 5 https://github.com/apache/shiro 5 https://github.com/PowerJob/PowerJob 5 https://github.com/apache/shenyu 5 https://github.com/alibaba/nacos 5 https://github.com/JLLeitschuh/security-research 5 https://github.com/h2database/h2database 5 https://github.com/jenkinsci/workflow-cps-global-lib-plugin 5 https://github.com/apache/openmeetings 5 https://github.com/jensdietrich/xshady-release 5 https://github.com/jettison-json/jettison 5 https://github.com/jenkinsci/email-ext-plugin 5 https://github.com/OpenAPITools/openapi-generator 5 https://github.com/jenkinsci/codedx-plugin 5 https://github.com/jenkinsci/active-directory-plugin 5 https://github.com/apiman/apiman 5 https://github.com/jenkinsci/publish-over-ssh-plugin 5 https://github.com/jenkinsci/subversion-plugin 5 https://github.com/restlet/restlet-framework-java 5 https://bitbucket.org/connect2id/nimbus-jose-jwt 5 https://github.com/jenkinsci/github-plugin 5 https://github.com/jenkinsci/junit-plugin 5 https://github.com/jenkinsci/gitlab-plugin 5 https://github.com/jenkinsci/support-core-plugin 5 https://github.com/neo4j-contrib/neo4j-apoc-procedures 5 https://github.com/apache/geode 5 https://github.com/reportportal/reportportal 4 https://github.com/jenkinsci/nexus-platform-plugin 4 https://github.com/jenkinsci/gitlab-oauth-plugin 4 https://github.com/jenkinsci/p4-plugin 4 https://github.com/itext/itext7 4 https://github.com/jenkinsci/libvirt-slave-plugin 4 https://github.com/jenkinsci/htmlpublisher-plugin 4 https://github.com/pippo-java/pippo 4 https://github.com/resteasy/Resteasy 4 https://github.com/jenkinsci/xldeploy-plugin 4 https://github.com/jenkinsci/rundeck-plugin 4 https://github.com/jenkinsci/matrix-project-plugin 4 https://github.com/skylot/jadx 4 https://github.com/jenkinsci/credentials-binding-plugin 4 https://github.com/shopizer-ecommerce/shopizer 4 https://github.com/jfinal/jfinal 4 https://github.com/jenkinsci/active-choices-plugin 4 https://github.com/nightcloudos/new_cms 4 https://github.com/xerial/snappy-java 4 https://github.com/infinispan/infinispan 4 https://github.com/apache/activemq-artemis 4 https://github.com/ktorio/ktor 4 https://github.com/aws/aws-iot-device-sdk-java-v2 4 https://github.com/jenkinsci/job-config-history-plugin 4 https://github.com/apache/httpcomponents-client 4 https://github.com/yamcs/yamcs 4 https://github.com/alkacon/opencms-core 4 https://github.com/stanfordnlp/corenlp 4 https://github.com/apache/syncope 4 https://github.com/jenkinsci/hpe-application-automation-tools-plugin 4 https://github.com/jenkinsci/ansible-plugin 4 https://github.com/HtmlUnit/htmlunit 4 https://github.com/apache/solr 4 https://github.com/jenkinsci/warnings-ng-plugin 4 https://github.com/jenkinsci/workflow-cps-plugin 4 https://github.com/micronaut-projects/micronaut-core 4 https://github.com/jenkinsci/fortify-plugin 4 https://github.com/apache/santuario-java 3 https://github.com/matrix-org/matrix-android-sdk2 3 https://github.com/apache/storm 3 https://github.com/jenkinsci/git-parameter-plugin 3 https://github.com/AsyncHttpClient/async-http-client 3 https://github.com/jenkinsci/database-plugin 3 https://github.com/jenkinsci/embeddable-build-status-plugin 3 https://github.com/codehaus-plexus/plexus-utils 3 https://github.com/opengoofy/hippo4j 3 https://github.com/jenkinsci/gitlab-branch-source-plugin 3 https://github.com/open-metadata/OpenMetadata 3 https://github.com/orientechnologies/orientdb 3 https://github.com/OWASP/json-sanitizer 3 https://github.com/Rabb1ter/cms 3 https://github.com/intranda/goobi-viewer-core 3 https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server 3 https://github.com/mbechler/marshalsec 3 https://github.com/LetianYuan/My-CVE-Public-References 3 https://github.com/qos-ch/logback 3 https://github.com/jenkinsci/git-client-plugin 3 https://github.com/jenkinsci/hashicorp-vault-plugin 3 https://github.com/pf4j/pf4j 3 https://github.com/peteroupc/CBOR-Java 3 https://github.com/li-yu320/cms 3 https://github.com/joniles/mpxj 3 https://github.com/jooby-project/jooby 3 https://github.com/jenkinsci/kubernetes-plugin 3 https://github.com/jenkinsci/cas-plugin 3 https://github.com/wso2/carbon-registry 3 https://github.com/jenkinsci/ci-with-toad-edge-plugin 3 https://github.com/eclipse/lemminx 3 https://github.com/jenkinsci/cloudbees-jenkins-advisor-plugin 3 https://github.com/wildfly/wildfly-core 3 https://github.com/eclipse-ee4j/mojarra 3 https://github.com/jenkinsci/code-coverage-api-plugin 3 https://github.com/apache/commons-configuration 3 https://github.com/apache/cxf-fediz 3 https://github.com/apache/derby 3 https://github.com/apache/dubbo 3 https://github.com/apache/flume 3 https://github.com/apache/geronimo 3 https://github.com/jenkinsci/compuware-topaz-for-total-test-plugin 3 https://github.com/jenkinsci/lucene-search-plugin 3 https://bitbucket.org/b_c/jose4j 3 https://svn.apache.org/viewvc/lucene/dev 3 https://github.com/jenkinsci/azure-credentials-plugin 3 https://github.com/jenkinsci/audit-trail-plugin 3 https://github.com/jenkinsci/azure-vm-agents-plugin 3 https://github.com/Adobe-Consulting-Services/acs-aem-commons 3 https://github.com/jenkinsci/liquibase-runner-plugin 3 https://github.com/jenkinsci/mercurial-plugin 3 https://github.com/jenkinsci/nomad-plugin 3 https://github.com/ysuzhangbin/cms 3 https://github.com/jenkinsci/bitbucket-oauth-plugin 3 https://github.com/eclipse-vertx/vert.x 3