Vulnerability Database
Blog
FAQ
Docs
Vulnerabilities
search
All ecosystems
154349
AlmaLinux
3090
Alpine
3425
Android
2120
Bitnami
4444
Chainguard
13776
CRAN
10
crates.io
1440
Debian
16591
GIT
28695
GitHub Actions
19
Go
3426
Hackage
19
Hex
30
Linux
13573
Maven
5042
npm
18984
NuGet
1353
OSS-Fuzz
3433
Packagist
4021
Pub
8
PyPI
13890
Rocky Linux
1355
RubyGems
1606
SwiftURL
32
Ubuntu
5475
Wolfi
8492
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-2gh6-wc3m-g37f
Maven/pl.allegro.tech.hermes:hermes-management
hermes-management is vulnerable to RCE due to Apache commons-jxpath
2 hours ago
Fix available
Severity - 9.3 (Critical)
GHSA-3xq2-w6j4-c99r
Maven/org.apache.seata:seata-core
Apache Seata Deserialization of Untrusted Data vulnerability
yesterday
Fix available
Severity - 9.2 (Critical)
GHSA-46hr-3cq3-mcgp
Maven/org.opendaylight.aaa:aaa-artifacts
OpenDaylight Authentication, Authorization and Accounting (AAA) peer impersonation vulnerability
yesterday
No fix available
Severity - 5.3 (Medium)
GHSA-hv38-h5pj-c96j
Maven/org.opendaylight.mdsal:mdsal-artifacts
OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) allows follower controller to set up flow entries
yesterday
No fix available
Severity - 7.1 (High)
GHSA-cx7f-g6mp-7hqm
Maven/org.springframework:spring-webmvc
Path traversal vulnerability in functional web frameworks
4 days ago
Fix available
Severity - 7.5 (High)
GHSA-7gq2-vwq9-w8vw
Maven/org.glassfish.main.web:web-core
Eclipse Glassfish URL redirection vulnerability
6 days ago
Fix available
Severity - 5.3 (Medium)
GHSA-8259-2x72-2gvc
Maven/org.eclipse.edc:transfer-data-plane
Eclipse Dataspace Components's ConsumerPullTransferTokenValidationApiController doesn't check for token validit
6 days ago
Fix available
Severity - 5.0 (Medium)
GHSA-w97f-w3hq-36g2
Maven/org.keycloak:keycloak-core
Keycloak Denial of Service vulnerability
10 Sep
Fix available
Severity - 7.1 (High)
GHSA-pvmm-55r5-g3mm
Maven/org.xwiki.platform:xwiki-platform-rest-server
XWiki Platform document history including authors of any page exposed to unauthorized actors
10 Sep
Fix available
Severity - 6.9 (Medium)
GHSA-57rh-gr4v-j5f6
Maven/org.keycloak:keycloak-core
Keycloak Uses a Key Past its Expiration Date
09 Sep
Fix available
Severity - 6.3 (Medium)
GHSA-g4gc-rh26-m3p5
Maven/org.keycloak:keycloak-core
Keycloak Open Redirect vulnerability
09 Sep
Fix available
Severity - 4.8 (Medium)
GHSA-j76j-rqwj-jmvv
Maven/org.keycloak:keycloak-services
Keycloak Session Fixation vulnerability
09 Sep
Fix available
Severity - 7.5 (High)
GHSA-6cr6-ph3p-f5rf
Maven/ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may
Maven/ca.uhn.hapi.fhir:org.hl7.fhir.dstu3
Maven/ca.uhn.hapi.fhir:org.hl7.fhir.r4
Maven/ca.uhn.hapi.fhir:org.hl7.fhir.r4b
Maven/ca.uhn.hapi.fhir:org.hl7.fhir.r5
Maven/ca.uhn.hapi.fhir:org.hl7.fhir.utilities
XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`
06 Sep
Fix available
Severity - 7.7 (High)
GHSA-g76f-gjfx-4rpr
Maven/io.vertx:vertx-grpc-server
Maven/io.vertx:vertx-grpc-client
Vertx gRPC server does not limit the maximum message size
04 Sep
Fix available
Severity - 6.9 (Medium)
GHSA-8wm9-24qg-m5qj
Maven/org.keycloak:keycloak-services
Keycloak has a brute force login protection bypass
03 Sep
Fix available
Severity - 6.9 (Medium)
GHSA-h83p-72jv-g7vp
Maven/io.kroxylicious:kroxylicious-runtime
Missing hostname validation in Kroxylicious
31 Aug
Fix available
Severity - 4.8 (Medium)
Load more...
Maven - OSV