Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

maven Security Advisories

Loading...
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFjajctZzJqNS1nN3Iz
In Bouncy Castle JCE Provider ECDSA does not fully validate ASN.1 encoding of signature on verification
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI5Y2gtbTRmaC1mYzdx
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI5N3gtM2c4Zi1neDNt
The Bouncy Castle JCE Provider carry a propagation bug
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM4eGYtbTRmZi1qY3hq
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR2aGotOThyNi00MjRo
In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ0NDYtNjU2cC1mNTRn
Deserialization of Untrusted Data in Bouncy castle
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15on
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWgzOXgtbTU1Yy12NTVo
Eclipse Vert.x does not properly neutralize '' (forward slashes) sequences that can resolve to an external location
Ecosystems: maven
Packages: io.vertx:vertx-web
Source: GitHub Advisory Database
Blast Radius: 37.5
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFoM20tcXc2di1xdmhn
Moderate severity vulnerability that affects io.vertx:vertx-core
Ecosystems: maven
Packages: io.vertx:vertx-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ1eG0tdjhncS03anF4
Excessive memory allocation
Ecosystems: maven
Packages: io.vertx:vertx-core
Source: GitHub Advisory Database
Blast Radius: 25.7
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ2Z2ctZjhxbS02aDdq
High severity vulnerability that affects io.vertx:vertx-web
Ecosystems: maven
Packages: io.vertx:vertx-web
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVtZjctMjZtdy0zcnFy
Moderate severity vulnerability that affects org.apache.tika:tika-core
Ecosystems: maven
Packages: org.apache.tika:tika-core
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo1M2otZ21yOS1oOGcz
Comparison errorr in org.apache.tika:tika-core
Ecosystems: maven
Packages: org.apache.tika:tika-core
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc2ZzMtdjQ2cS01cDI4
Moderate severity vulnerability that affects org.apache.tika:tika-core
Ecosystems: maven
Packages: org.apache.tika:tika-core
Source: GitHub Advisory Database
Blast Radius: 22.3
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZqcTItNzg5cS1mZmYy
High severity vulnerability that affects org.apache.tika:tika-core
Ecosystems: maven
Packages: org.apache.tika:tika-core
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo4ZzYtMndoNy02NDM5
Apache Tika allows Java code execution for serialized objects embedded in MATLAB files
Ecosystems: maven
Packages: org.apache.tika:tika-core
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR4cjQtNGM2NS1oajdm
Apache Tika does not properly initialize the XML parser or choose handlers
Ecosystems: maven
Packages: org.apache.tika:tika-core
Source: GitHub Advisory Database
Blast Radius: 29.5
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNjanAtdzcyMy0yamYy
Apache Tika Server exposes sensitive information
Ecosystems: maven
Packages: org.apache.tika:tika-server
Source: GitHub Advisory Database
Blast Radius: 4.8
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA2OTktM3dnYy03aDcy
org.apache.tika:tika-parsers has an Infinite Loop vulnerability
Ecosystems: maven
Packages: org.apache.tika:tika-parsers
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlyMjQtZ3A0NC1oM3Bt
Command injection in org.apache.tika:tika-core
Ecosystems: maven
Packages: org.apache.tika:tika-core
Source: GitHub Advisory Database
Blast Radius: 30.6
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg4cTUtZzJjai1xcjVo
Apache Tika is vulnerable to entity expansions which can lead to a denial of service attack
Ecosystems: maven
Packages: org.apache.tika:tika-core
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZtajUtd3Y5Ni1yMmNo
Denial of service vulnerability in org.apache.httpcomponents:httpclient
Ecosystems: maven
Packages: org.apache.httpcomponents:httpclient
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4ODMtcjU2Zy1jdjQ3
Improper certificate validation in org.apache.httpcomponents:httpclient
Ecosystems: maven
Packages: org.apache.httpcomponents:httpclient
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNmaDUtM2doaC13Zmp4
Improper Verification of Cryptographic Signature in org.apache.httpcomponents:httpclient
Ecosystems: maven
Packages: org.apache.httpcomponents:httpclient
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTczY3EtZmhwMy04cnB3
Moderate severity vulnerability that affects org.restlet.jse:org.restlet
Ecosystems: maven
Packages: org.restlet.jse:org.restlet
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJtcDgtcXZxbS0zeHdx
Restlet Framework Ja-rs extension is vulnerable to XXE when using SimpleXMLProvider
Ecosystems: maven
Packages: org.restlet.jse:org.restlet.ext.jaxrs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN2ajQtZzNneC04dnFx
Restlet Framework allows remote attackers to access arbitrary files via a crafted REST API HTTP request
Ecosystems: maven
Packages: org.restlet.jse:org.restlet
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV4cXItZ3JxNC1xd2d4
Junrar vulnerable to Infinite Loop
Ecosystems: maven
Packages: com.github.junrar:junrar
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg2cnAtOHY0ai1od3Bo
Apache Camel's XSLT component allows remote attackers to execute arbitrary Java methods
Ecosystems: maven
Packages: org.apache.camel:camel-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJmdzUtcnZmMi1qcTU2
Apache Camel's XSLT component allows remote attackers to read arbitrary files
Ecosystems: maven
Packages: org.apache.camel:camel-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZxOWotamg2Mi01aG1w
Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.
Ecosystems: maven
Packages: org.apache.camel:camel-core
Source: GitHub Advisory Database
Blast Radius: 29.1
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ2amMtcTV2ci01MnE2
Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks
Ecosystems: maven
Packages: org.apache.camel:camel-jackson
Source: GitHub Advisory Database
Blast Radius: 32.2
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI2djYtdzZmdy1yaDk0
Apache Camel can allow remote attackers to execute arbitrary commands
Ecosystems: maven
Packages: org.apache.camel:camel-ahc, org.apache.camel:camel-http4, org.apache.camel:camel-http-common, org.apache.camel:camel-http, org.apache.camel:camel-servlet, org.apache.camel:camel-jetty
Source: GitHub Advisory Database
Blast Radius: 25.6
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd2NWYtY2p3OS01dnhn
Camel-xstream component in Apache Camel can allow remote attackers to execute arbitrary commands
Ecosystems: maven
Packages: org.apache.camel:camel-xstream
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1oeDItcjNqeC1nOTRj
Apache Camel allows remote actor to read arbitrary files via external entity in invalid XML string or GenericFile object
Ecosystems: maven
Packages: org.apache.camel:camel-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNocmMtZjQzOS03Mjdn
Apache Camel XML External Entity vulnerability
Ecosystems: maven
Packages: org.apache.camel:camel-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp2NzQtZjlwai14cDNm
Apache Camel's Mail is vulnerable to path traversal
Ecosystems: maven
Packages: org.apache.camel:camel-mail
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh2Zm0tNDM4OC02cnBj
Apache is vulnerable to XXE in XSD validation processor
Ecosystems: maven
Packages: org.apache.camel:camel-core
Source: GitHub Advisory Database
Blast Radius: 38.5
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZmNHEtOG1yNy01YzVj
Camel-castor component in Apache Camel is vulnerable to Java object de-serialisation
Ecosystems: maven
Packages: org.apache.camel:camel-castor
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFjanYtd2ZjZy1tbXBy
Code execution via deserialization in org.apache.ignite:ignite-core
Ecosystems: maven
Packages: org.apache.ignite:ignite-core
Source: GitHub Advisory Database
Blast Radius: 28.2
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNocDQtcnY3OS02OGoz
Apache serialization mechanism does not have a list of classes allowed for serialization/deserialization
Ecosystems: maven
Packages: org.apache.ignite:ignite-core
Source: GitHub Advisory Database
Blast Radius: 28.2
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThxZmMtY3ZqcC1tZ3Bx
Moderate severity vulnerability that affects org.apache.ignite:ignite-core
Ecosystems: maven
Packages: org.apache.ignite:ignite-core
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThwODMtNjhjdy05NDNm
Apache Ignite communicates to an external PHP server where sensitive information is sent
Ecosystems: maven
Packages: org.apache.ignite:ignite-core
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk2anEtNzV3aC0yNjU4
Moderate severity vulnerability that affects apache axis
Ecosystems: maven
Packages: axis:axis, org.apache.axis:axis
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI1M3Ytdm04Ny1mNzJj
Improper Validation of Certificates in apache axis
Ecosystems: maven
Packages: axis:axis, org.apache.axis:axis
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTd4cjMtcmd3aC1wdzIy
Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents
Ecosystems: maven
Packages: org.apache.qpid:apache-qpid-broker-j
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY1Y2YtZjdweC14cG1o
Moderate severity vulnerability that affects org.apache.qpid:proton-j
Ecosystems: maven
Packages: org.apache.qpid:proton-j
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpqOWgtbXdocS04dmht
Improper Input Validation in org.apache.qpid:qpid-broker
Ecosystems: maven
Packages: org.apache.qpid:qpid-broker
Source: GitHub Advisory Database
Blast Radius: 15.3
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE2NmMtaDg1My1ncXcy
AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication
Ecosystems: maven
Packages: org.apache.qpid:qpid-broker-plugins-amqp-1-0-protocol, org.apache.qpid:qpid-broker-plugins-amqp-0-8-protocol
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ5aDQtZzhwNS1qZ3E2
Moderate severity vulnerability that affects org.apache.juddi:juddi-client
Ecosystems: maven
Packages: org.apache.juddi:juddi-client
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdnOW0tZmozdi1yNThj
REST Plugin in Apache Struts uses an XStreamHandler with an instance of XStream for deserialization without any type filtering
Ecosystems: maven
Packages: org.apache.struts:struts2-rest-plugin
Source: GitHub Advisory Database
Blast Radius: 18.8
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg1eDctM3Y4NS13cGM0
Apache Struts allows entering a custom URL in a form field if built-in URLValidator is used
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ3eGotNm01bS1ycnZo
The REST Plugin in Apache Struts is using an outdated XStream library
Ecosystems: maven
Packages: org.apache.struts:struts2-rest-plugin
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThtcjUtaDI4Zy0zNnF4
Spring AOP functionality (Struts) vulnerable to DoS attack
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlncDctanZtMi1yNG14
Apache Struts Improper Input Validation vulnerability
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 22.4
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhjcm0tcXBwOC1oY3c0
Moderate severity vulnerability that affects org.apache.struts:struts2-rest-plugin
Ecosystems: maven
Packages: org.apache.struts:struts2-rest-plugin
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThmeDktNWh4OC1jcmht
Apache Struts 2.0.1 uses an unintentional expression in a Freemarker tag instead of string literal
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM4Y3ItMnBoNS1mcnI5
Apache Struts REST Plugin can potentially allow a DoS attack
Ecosystems: maven
Packages: org.apache.struts:struts2-rest-plugin
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNnZ2otZnZ2My1jcXd2
FasterXML jackson-databind allows unauthenticated remote code execution
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhxajctajhqNS1mMnhy
Bouncy Castle has a flaw in the Low-level interface to RSA key pair generator
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW13Y3gtNTMyZy04cHEz
Access and integrity issue within Eclipse Jetty
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-server
Source: GitHub Advisory Database
Blast Radius: 39.9
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYyNngtcHI5Ni12dzg2
Moderate severity vulnerability that affects org.springframework:spring-core
Ecosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlnY20tZjR4My04anB3
Spring Framework Cross Site Tracing (XST)
Ecosystems: maven
Packages: org.springframework:spring-web
Source: GitHub Advisory Database
Blast Radius: 30.6
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg5OGotNWNjOC1jbWY1
ZipSlip in org.apache.storm:storm-core
Ecosystems: maven
Packages: org.apache.storm:storm-core
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2cHItOWNyNi1xNXY3
Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization
Ecosystems: maven
Packages: org.apache.camel:camel-snakeyaml
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF4eHgtMnBwNy01aG14
jackson-databind is vulnerable to a deserialization flaw
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZwY2MtM3JmeC00Z3Bt
Dom4j contains a XML Injection vulnerability
Ecosystems: maven
Packages: dom4j:dom4j, org.dom4j:dom4j
Source: GitHub Advisory Database
Blast Radius: 33.5
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJtOGgtZmdyOC0ycTl3
Pivotal Spring Framework Paths provided to the ResourceServlet were not properly sanitized
Ecosystems: maven
Packages: org.springframework:spring-webmvc
Source: GitHub Advisory Database
Blast Radius: 40.2
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg5Z2MtNmN3Ni00dmNo
Spark allows remote attackers to read arbitrary files via a .. (dot dot) in the URI
Ecosystems: maven
Packages: com.sparkjava:spark-core
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1ocHAtODc1dy05Y3B2
Denial of Service in jquery
Ecosystems: rubygems, maven, nuget, npm
Packages: jquery-rails, org.webjars.npm:jquery, jQuery, jquery
Source: GitHub Advisory Database
Blast Radius: 129.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJteGctNzNnZy00cDk4
Cross-Site Scripting (XSS) in jquery
Ecosystems: maven, rubygems, npm, nuget
Packages: org.webjars.npm:jquery, jquery-rails, jquery, jQuery
Source: GitHub Advisory Database
Blast Radius: 104.9
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdjbTItOWM4OS13bWZt
Cross-site Scripting in jquery-ui
Ecosystems: rubygems, nuget, maven, npm
Packages: jquery-ui-rails, jQuery.UI.Combined, org.webjars.npm:jquery-ui, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 55.7
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFxeHAteHA5di12dng2
jquery-ui Tooltip widget vulnerable to XSS
Ecosystems: nuget, maven, rubygems, npm
Packages: jQuery.UI.Combined, org.webjars.npm:jquery-ui, jquery-ui-rails, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhwY2YtOHZmOS1xNGdq
jQuery-UI vulnerable to Cross-site Scripting in dialog closeText
Ecosystems: nuget, maven, rubygems, npm
Packages: jQuery.UI.Combined, org.webjars.npm:jquery-ui, jquery-ui-rails, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 55.7
Published: over 6 years ago
Statistics
Advisories: 18,151
Packages: 8,242
Repositories: 968
Ecosystems: 12
Filter by Severity
Moderate 7,822 High 6,289 Critical 2,787 Low 969
Filter by Ecosystem
maven 5,518 packagist 3,782 pypi 3,552 npm 3,530 go 1,886 nuget 1,390 rubygems 813 cargo 773 swift 31 hex 29 actions 16 pub 8
Filter by Package
org.jenkins-ci.main:jenkins-core 189 org.apache.tomcat:tomcat 134 com.fasterxml.jackson.core:jackson-databind 69 org.apache.struts:struts2-core 55 org.keycloak:keycloak-core 47 com.liferay.portal:release.portal.bom 45 org.apache.tomcat.embed:tomcat-embed-core 37 com.thoughtworks.xstream:xstream 36 com.jfinal:jfinal 36 net.mingsoft:ms-mcms 35 org.xwiki.platform:xwiki-platform-oldcore 34 org.elasticsearch:elasticsearch 32 org.jenkins-ci.plugins:script-security 30 io.undertow:undertow-core 27 org.keycloak:keycloak-services 27 org.apache.solr:solr-core 25 org.keycloak:keycloak-parent 25 org.eclipse.jetty:jetty-server 23 org.springframework.security:spring-security-core 23 org.apache.nifi:nifi 22 org.apache.openmeetings:openmeetings-parent 21 org.cloudfoundry.identity:cloudfoundry-identity-server 20 org.springframework:spring-core 19 com.liferay.portal:release.dxp.bom 18 com.vaadin:vaadin-bom 18 org.bouncycastle:bcprov-jdk14 18 org.xwiki.platform:xwiki-platform-web-templates 17 org.apache.geode:geode-core 17 org.apache.dubbo:dubbo 16 org.bouncycastle:bcprov-jdk15 16 org.apache.activemq:activemq-client 16 org.apache.struts.xwork:xwork-core 15 org.apache.jspwiki:jspwiki-main 15 org.xwiki.platform:xwiki-platform-web 14 org.apache.inlong:manager-pojo 13 org.apache.hadoop:hadoop-main 13 org.apache.cxf:cxf 13 org.jenkins-ci.plugins.workflow:workflow-cps 12 org.jenkins-ci.plugins:git 12 com.vaadin:flow-server 12 org.apache.dolphinscheduler:dolphinscheduler 12 org.igniterealtime.openfire:parent 11 org.jenkins-ci.plugins:email-ext 11 org.apache.cxf:cxf-core 11 org.apache.james:james-server 11 org.apache.commons:commons-compress 11 org.jeecgframework.boot:jeecg-boot-common 11 org.apache.camel:camel-core 11 org.apache.jspwiki:jspwiki-war 11 org.mortbay.jetty:jetty 11 org.apache.ranger:ranger 11 org.apache.hadoop:hadoop-common 11 org.apache.tomcat:tomcat-coyote 11 org.apache.tika:tika-core 11 org.jeecgframework.boot:jeecg-boot-parent 11 com.xuxueli:xxl-job 11 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 10 io.netty:netty 10 org.jboss.netty:netty 10 org.apache.inlong:manager-service 10 org.xwiki.platform:xwiki-platform-administration-ui 10 org.apache.hive:hive 9 org.craftercms:crafter-studio 9 org.bouncycastle:bcprov-jdk15on 9 org.jenkins-ci.plugins:active-directory 9 org.jenkins-ci.plugins:electricflow 9 org.opencrx:opencrx-core-models 9 org.apache.shiro:shiro-core 9 io.jenkins:configuration-as-code 9 cn.hutool:hutool-core 9 com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer 9 org.opennms:opennms 9 org.apache.tapestry:tapestry-core 9 org.apache.archiva:archiva 9 org.springframework:spring-web 9 org.apache.xmlgraphics:batik 9 jquery 9 jquery-rails 9 org.apache.tomcat:tomcat-catalina 9 org.jenkins-ci.plugins:config-file-provider 9 org.webjars.npm:jquery 9 org.springframework:spring-webmvc 9 jQuery 8 org.apache.ozone:ozone-main 8 org.postgresql:postgresql 8 com.hazelcast:hazelcast 8 org.apache.kylin:kylin 8 org.apache.zeppelin:zeppelin 8 org.apache.santuario:xmlsec 8 org.apache.ambari:ambari 8 org.apache.hive:hive-exec 8 io.jenkins.blueocean:blueocean 8 org.jenkins-ci.plugins:ec2 8 org.opencms:opencms-core 8 org.apache.pdfbox:pdfbox 8 mysql:mysql-connector-java 8 org.graylog2:graylog2-server 8 org.yaml:snakeyaml 8 org.jenkins-ci.plugins:artifactory 7 org.jenkins-ci.plugins:jobConfigHistory 7 io.dataease:dataease-plugin-common 7 org.jenkins-ci.plugins:rundeck 7 org.silverpeas.core:silverpeas-core-web 7 org.apache.spark:spark-core_2.11 7 io.atomix:atomix 7 org.jboss.resteasy:resteasy-client 7 org.apache.linkis:linkis 7 org.apache.tika:tika 7 io.jenkins.plugins:cavisson-ns-nd-integration 7 org.apache.inlong:manager-web 7 org.owasp.esapi:esapi 7 org.jeecgframework.boot:jeecg-boot-base 7 jQuery.UI.Combined 7 org.apache.hive:hive-service 7 org.webjars.npm:jquery-ui 7 org.owasp.antisamy:antisamy 7 jquery-ui-rails 7 io.jenkins.plugins:miniorange-saml-sp 7 org.jenkins-ci.plugins:subversion 7 org.apache.atlas:atlas-common 7 io.jenkins.plugins:warnings-ng 7 org.apache.logging.log4j:log4j-core 7 jquery-ui 7 org.apache.karaf:apache-karaf 7 org.apache.cxf:apache-cxf 7 org.jenkins-ci.plugins:openshift-deployer 7 rubygems-update 7 org.apache.activemq:activemq-parent 7 org.jenkins-ci.plugins:mercurial 7 org.jruby:jruby-stdlib 7 org.apache.derby:derby 7 net.opentsdb:opentsdb 7 org.apache.poi:poi 7 com.jflyfox:jflyfox_jfinal 6 org.apache.solr:solr-parent 6 org.opencastproject:opencast-kernel 6 org.apache.storm:storm-core 6 org.jenkins-ci.plugins:fortify-on-demand-uploader 6 org.jenkins-ci.plugins:ec2-deployment-dashboard 6 org.xwiki.commons:xwiki-commons-xml 6 org.apache.spark:spark-core_2.10 6 org.apache.mesos:mesos 6 com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger 6 org.jenkins-ci.plugins:pipeline-maven 6 org.apache.httpcomponents:httpclient 6 org.jenkins-ci.plugins:repository-connector 6 org.apache.syncope:syncope-core 6 axis:axis 6 org.opensearch.plugin:opensearch-security 6 io.netty:netty-codec-http 6 org.csanchez.jenkins.plugins:kubernetes 6 de.tum.in.ase:artemis-java-test-sandbox 6 tech.powerjob:powerjob 6 org.jenkins-ci.plugins:gitlab-oauth 6 io.netty:netty-handler 6 commons-fileupload:commons-fileupload 6 org.jenkins-ci.plugins:azure-vm-agents 6 cn.hutool:hutool-json 6 hudson.plugins:project-inheritance 6 com.xebialabs.deployit.ci:deployit-plugin 6 org.apache.pulsar:pulsar-broker 6 org.apache.shenyu:shenyu-common 6 org.apache.axis:axis 6 org.apache.struts:struts2-rest-plugin 6 org.jenkins-ci.plugins:openid 5 org.xwiki.platform:xwiki-platform-appwithinminutes-ui 5 org.apache.cassandra:cassandra-all 5 org.jenkins-ci.plugins:junit 5 org.springframework.amqp:spring-amqp 5 org.apache.druid:druid 5 org.jenkins-ci.plugins:codedx 5 com.ruoyi:ruoyi 5 org.jenkins-ci.plugins:matrix-project 5 org.jenkinsci.plugins:octoperf 5 org.jenkins-ci.plugins:google-login 5 org.opennms:opennms-webapp 5 info.magnolia:magnolia-core 5 edu.stanford.nlp:stanford-corenlp 5 com.google.protobuf:protobuf-java 5 org.codehaus.jettison:jettison 5 org.xwiki.platform:xwiki-platform-flamingo-skin-resources 5 org.jenkins-ci.plugins:azure-ad 5 org.jenkins-ci.plugins:scriptler 5 log4j:log4j 5 org.jenkins-ci.plugins:credentials 5 org.jenkins-ci.plugins:ghprb 5 org.jenkins-ci.plugins:delphix 5 org.jenkins-ci.plugins:websphere-deployer 5 org.apache.hadoop:hadoop-client 5 org.zenframework.z8.dependencies.commons:log4j-1.2.17 5 org.jenkins-ci.plugins:publish-over-ssh 5 org.apache.kylin:kylin-server-base 5 org.jenkins-ci.plugins:support-core 5 org.jboss.resteasy:resteasy-bom 5 org.jenkins-ci.plugins.m2release:m2release 5 org.apache.inlong:manager-dao 5 com.coravy.hudson.plugins.github:github 5 com.mabl.integration.jenkins:mabl-integration 5 org.dspace:dspace-jspui 5 org.jenkins-ci.plugins:gitlab-plugin 5
Filter by Repository
https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/apache/tomcat 96 https://github.com/FasterXML/jackson-databind 70 https://github.com/keycloak/keycloak 58 https://github.com/apache/struts 46 https://github.com/spring-projects/spring-framework 41 https://github.com/x-stream/xstream 36 https://github.com/apache/activemq 32 https://github.com/CVEProject/cvelist 28 https://github.com/apache/inlong 25 https://github.com/eclipse/jetty.project 23 https://github.com/apache/nifi 21 https://github.com/OpenNMS/opennms 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/netty/netty 20 https://github.com/jenkinsci/script-security-plugin 20 https://github.com/apache/cxf 19 https://github.com/cloudfoundry/uaa 19 https://github.com/bcgit/bc-java 18 https://github.com/vaadin/platform 17 https://github.com/opencast/opencast 16 https://github.com/apache/camel 15 https://github.com/geoserver/geoserver 15 https://github.com/xuxueli/xxl-job 13 https://github.com/quarkusio/quarkus 13 https://github.com/undertow-io/undertow 13 https://github.com/ming-soft/MCMS 13 https://github.com/dromara/hutool 12 https://github.com/apache/kylin 12 https://github.com/apache/dolphinscheduler 12 https://github.com/vaadin/flow 11 https://github.com/igniterealtime/Openfire 11 https://github.com/jquery/jquery 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/Graylog2/graylog2-server 9 https://github.com/DSpace/DSpace 9 https://github.com/apache/lucene-solr 9 https://github.com/cui2shark/cms 9 https://github.com/spring-projects/spring-security 9 https://github.com/opensearch-project/security 8 https://github.com/nahsra/antisamy 8 https://github.com/xwiki/xwiki-commons 8 https://github.com/jenkinsci/config-file-provider-plugin 8 https://github.com/apache/zeppelin 8 https://github.com/hazelcast/hazelcast 8 https://github.com/ratpack/ratpack 7 https://github.com/pgjdbc/pgjdbc 7 https://github.com/jenkinsci/blueocean-plugin 7 https://github.com/RhinoSecurityLabs/CVEs 7 https://github.com/vaadin/framework 7 https://github.com/OpenTSDB/opentsdb 7 https://github.com/apache/xmlgraphics-batik 7 https://github.com/rundeck/rundeck 7 https://github.com/rubygems/rubygems 7 https://github.com/jflyfox/jfinal_cms 7 https://github.com/dataease/dataease 7 https://github.com/jenkinsci/electricflow-plugin 6 https://github.com/vert-x3/vertx-web 6 https://github.com/OpenRefine/OpenRefine 6 https://github.com/DrunkenShells/Disclosures 6 https://github.com/jenkinsci/fortify-on-demand-uploader-plugin 6 https://github.com/apache/hadoop 6 https://github.com/jenkinsci/gerrit-trigger-plugin 6 https://github.com/http4s/http4s 6 https://github.com/line/armeria 6 https://github.com/apache/pulsar 6 https://github.com/apache/tika 6 https://github.com/ESAPI/esapi-java-legacy 6 https://github.com/ls1intum/Ares 6 https://github.com/playframework/playframework 6 https://github.com/resteasy/resteasy 6 https://github.com/jenkinsci/configuration-as-code-plugin 6 https://github.com/jenkinsci/ec2-plugin 6 https://github.com/cui2shark/security 6 https://github.com/jquery/jquery-ui 6 https://github.com/jenkinsci/build-failure-analyzer-plugin 6 https://bitbucket.org/snakeyaml/snakeyaml 6 https://github.com/apache/shiro 5 https://github.com/apache/openmeetings 5 https://github.com/protocolbuffers/protobuf 5 https://github.com/JLLeitschuh/security-research 5 https://github.com/jenkinsci/codedx-plugin 5 https://github.com/jenkinsci/junit-plugin 5 https://github.com/jenkinsci/github-plugin 5 https://github.com/jenkinsci/gitlab-plugin 5 https://github.com/apiman/apiman 5 https://github.com/PowerJob/PowerJob 5 https://github.com/h2database/h2database 5 https://github.com/jenkinsci/support-core-plugin 5 https://github.com/jenkinsci/workflow-cps-global-lib-plugin 5 https://github.com/apache/karaf 5 https://github.com/jenkinsci/subversion-plugin 5 https://github.com/restlet/restlet-framework-java 5 https://github.com/jettison-json/jettison 5 https://github.com/jenkinsci/email-ext-plugin 5 https://github.com/OpenAPITools/openapi-generator 5 https://github.com/alibaba/nacos 5 https://github.com/jenkinsci/m2release-plugin 5 https://github.com/jenkinsci/publish-over-ssh-plugin 5 https://bitbucket.org/connect2id/nimbus-jose-jwt 5 https://github.com/grails/grails-core 5 https://github.com/jensdietrich/xshady-release 5 https://github.com/neo4j-contrib/neo4j-apoc-procedures 5 https://github.com/jenkinsci/active-directory-plugin 5 https://github.com/apache/geode 5 https://github.com/apache/shenyu 5 https://github.com/jenkinsci/rundeck-plugin 4 https://github.com/jenkinsci/htmlpublisher-plugin 4 https://github.com/jenkinsci/hpe-application-automation-tools-plugin 4 https://github.com/jenkinsci/warnings-ng-plugin 4 https://github.com/reportportal/reportportal 4 https://github.com/resteasy/Resteasy 4 https://github.com/jenkinsci/matrix-project-plugin 4 https://github.com/jenkinsci/job-config-history-plugin 4 https://github.com/jenkinsci/nexus-platform-plugin 4 https://github.com/skylot/jadx 4 https://github.com/yamcs/yamcs 4 https://github.com/shopizer-ecommerce/shopizer 4 https://github.com/alkacon/opencms-core 4 https://github.com/aws/aws-iot-device-sdk-java-v2 4 https://github.com/jenkinsci/active-choices-plugin 4 https://github.com/jenkinsci/libvirt-slave-plugin 4 https://github.com/apache/httpcomponents-client 4 https://github.com/jenkinsci/workflow-cps-plugin 4 https://github.com/stanfordnlp/corenlp 4 https://github.com/jenkinsci/xldeploy-plugin 4 https://github.com/jenkinsci/ansible-plugin 4 https://github.com/jenkinsci/fortify-plugin 4 https://github.com/HtmlUnit/htmlunit 4 https://github.com/jenkinsci/gitlab-oauth-plugin 4 https://github.com/itext/itext7 4 https://github.com/infinispan/infinispan 4 https://github.com/apache/syncope 4 https://github.com/ktorio/ktor 4 https://github.com/xerial/snappy-java 4 https://github.com/apache/activemq-artemis 4 https://github.com/nightcloudos/new_cms 4 https://github.com/apache/solr 4 https://github.com/micronaut-projects/micronaut-core 4 https://github.com/jenkinsci/credentials-binding-plugin 4 https://github.com/pippo-java/pippo 4 https://github.com/jenkinsci/p4-plugin 4 https://github.com/jfinal/jfinal 4 https://github.com/orientechnologies/orientdb 3 https://github.com/jenkinsci/azure-credentials-plugin 3 https://github.com/qos-ch/logback 3 https://github.com/OWASP/json-sanitizer 3 https://github.com/jenkinsci/cas-plugin 3 https://github.com/open-metadata/OpenMetadata 3 https://svn.apache.org/viewvc/lucene/dev 3 https://github.com/apache/santuario-java 3 https://github.com/Rabb1ter/cms 3 https://github.com/mbechler/marshalsec 3 https://bitbucket.org/b_c/jose4j 3 https://github.com/apache/ranger 3 https://github.com/jenkinsci/azure-vm-agents-plugin 3 https://github.com/jenkinsci/audit-trail-plugin 3 https://github.com/google/guava 3 https://github.com/eclipse/lemminx 3 https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server 3 https://github.com/jenkinsci/mercurial-plugin 3 https://github.com/jenkinsci/bitbucket-oauth-plugin 3 https://github.com/peteroupc/CBOR-Java 3 https://github.com/pf4j/pf4j 3 https://github.com/opengoofy/hippo4j 3 https://github.com/jenkinsci/nomad-plugin 3 https://github.com/jooby-project/jooby 3 https://github.com/apache/storm 3 https://github.com/eclipse-ee4j/mojarra 3 https://github.com/joniles/mpxj 3 https://github.com/li-yu320/cms 3 https://github.com/apache/jackrabbit 3 https://github.com/jenkinsci/git-parameter-plugin 3 https://github.com/jenkinsci/crx-content-package-deployer-plugin 3 https://github.com/wso2/carbon-registry 3 https://github.com/jenkinsci/gitlab-branch-source-plugin 3 https://github.com/Jarvis-616/cms 3 https://github.com/jenkinsci/git-client-plugin 3 https://github.com/jenkinsci/scriptler-plugin 3 https://github.com/jenkinsci/cvs-plugin 3 https://github.com/codehaus-plexus/plexus-utils 3 https://github.com/LetianYuan/My-CVE-Public-References 3 https://github.com/jenkinsci/database-plugin 3 https://github.com/jhy/jsoup 3 https://github.com/apache/geronimo 3 https://github.com/apache/flume 3 https://github.com/wildfly/wildfly-core 3 https://github.com/apache/dubbo 3 https://github.com/jenkinsci/embeddable-build-status-plugin 3 https://github.com/AsyncHttpClient/async-http-client 3 https://github.com/intranda/goobi-viewer-core 3 https://github.com/apache/derby 3 https://github.com/jeremylong/DependencyCheck 3 https://github.com/apache/cxf-fediz 3 https://github.com/Adobe-Consulting-Services/acs-aem-commons 3 https://github.com/eclipse-vertx/vert.x 3 https://github.com/jenkinsci/mailer-plugin 3 https://github.com/jenkinsci/mac-plugin 3