Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-2gh6-wc3m-g37f
  • Maven/pl.allegro.tech.hermes:hermes-management
 hermes-management is vulnerable to RCE due to Apache commons-jxpath 2 hours ago
  • Fix available
  • Severity - 9.3 (Critical)
GHSA-3xq2-w6j4-c99r
  • Maven/org.apache.seata:seata-core
 Apache Seata Deserialization of Untrusted Data vulnerability yesterday
  • Fix available
  • Severity - 9.2 (Critical)
GHSA-46hr-3cq3-mcgp
  • Maven/org.opendaylight.aaa:aaa-artifacts
 OpenDaylight Authentication, Authorization and Accounting (AAA) peer impersonation vulnerability yesterday
  • No fix available
  • Severity - 5.3 (Medium)
GHSA-hv38-h5pj-c96j
  • Maven/org.opendaylight.mdsal:mdsal-artifacts
 OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) allows follower controller to set up flow entries yesterday
  • No fix available
  • Severity - 7.1 (High)
GHSA-cx7f-g6mp-7hqm
  • Maven/org.springframework:spring-webmvc
 Path traversal vulnerability in functional web frameworks 4 days ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-7gq2-vwq9-w8vw
  • Maven/org.glassfish.main.web:web-core
 Eclipse Glassfish URL redirection vulnerability 6 days ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-8259-2x72-2gvc
  • Maven/org.eclipse.edc:transfer-data-plane
 Eclipse Dataspace Components's ConsumerPullTransferTokenValidationApiController doesn't check for token validit 6 days ago
  • Fix available
  • Severity - 5.0 (Medium)
GHSA-w97f-w3hq-36g2
  • Maven/org.keycloak:keycloak-core
 Keycloak Denial of Service vulnerability 10 Sep
  • Fix available
  • Severity - 7.1 (High)
GHSA-pvmm-55r5-g3mm
  • Maven/org.xwiki.platform:xwiki-platform-rest-server
 XWiki Platform document history including authors of any page exposed to unauthorized actors 10 Sep
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-57rh-gr4v-j5f6
  • Maven/org.keycloak:keycloak-core
 Keycloak Uses a Key Past its Expiration Date 09 Sep
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-g4gc-rh26-m3p5
  • Maven/org.keycloak:keycloak-core
 Keycloak Open Redirect vulnerability 09 Sep
  • Fix available
  • Severity - 4.8 (Medium)
GHSA-j76j-rqwj-jmvv
  • Maven/org.keycloak:keycloak-services
 Keycloak Session Fixation vulnerability 09 Sep
  • Fix available
  • Severity - 7.5 (High)
GHSA-6cr6-ph3p-f5rf
  • Maven/ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may
  • Maven/ca.uhn.hapi.fhir:org.hl7.fhir.dstu3
  • Maven/ca.uhn.hapi.fhir:org.hl7.fhir.r4
  • Maven/ca.uhn.hapi.fhir:org.hl7.fhir.r4b
  • Maven/ca.uhn.hapi.fhir:org.hl7.fhir.r5
  • Maven/ca.uhn.hapi.fhir:org.hl7.fhir.utilities
 XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` 06 Sep
  • Fix available
  • Severity - 7.7 (High)
GHSA-g76f-gjfx-4rpr
  • Maven/io.vertx:vertx-grpc-server
  • Maven/io.vertx:vertx-grpc-client
 Vertx gRPC server does not limit the maximum message size 04 Sep
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-8wm9-24qg-m5qj
  • Maven/org.keycloak:keycloak-services
 Keycloak has a brute force login protection bypass 03 Sep
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-h83p-72jv-g7vp
  • Maven/io.kroxylicious:kroxylicious-runtime
 Missing hostname validation in Kroxylicious 31 Aug
  • Fix available
  • Severity - 4.8 (Medium)
Load more...