Vulnerability Library

GHSA-7qpc-4xx9-x5qw

• Maven/org.apache.linkis:linkis-datasource

Apache Linkis DataSource's JDBC Datasource Module with DB2 has JNDI Injection vulnerability 23 hours ago

• Fix available
• Severity - 8.7 (High)

GHSA-f22j-9j59-33j4

• Maven/org.apache.linkis:linkis-datasource

Apache Linkis DataSource allows arbitrary file reading 23 hours ago

• Fix available
• Severity - 7.1 (High)

GHSA-jjvc-v8gw-5255

• Maven/org.apache.linkis:linkis-datasource

Apache Linkis DataSource remote code execution vulnerability 23 hours ago

• Fix available
• Severity - 7.7 (High)

GHSA-hhwc-gh8h-9rrp

• Maven/org.apache.wicket:wicket-core

Apache Wicket: Remote code execution via XSLT injection 3 days ago

• Fix available

GHSA-77vc-rj32-2r33

• Maven/org.opensearch.plugin:opensearch-observability

OpenSearch Observability does not properly restrict access to private tenant resources 5 days ago

• Fix available
• Severity - 5.3 (Medium)

GHSA-vfwh-gvf6-mff8

• Maven/org.silverpeas.core:silverpeas-core-rs
• Maven/org.silverpeas.core:silverpeas-core-seb

Silverpeas Core Cross-site Scripting vulnerability 6 days ago

• No fix available
• Severity - 5.1 (Medium)

GHSA-j4r7-p9fp-w3f3

• Maven/org.springframework.cloud:spring-cloud-function-context

Spring Cloud Function Framework vulnerable to Denial of Service 6 days ago

• Fix available
• Severity - 8.8 (High)

GHSA-ch7q-gpff-h9hp

• Maven/io.undertow:undertow-core

Undertow Missing Release of Memory after Effective Lifetime vulnerability 09 Jul

• No fix available
• Severity - 6.3 (Medium)

GHSA-xpp6-8r3j-ww43

• Maven/io.undertow:undertow-core

Undertow Denial of Service vulnerability 08 Jul

• No fix available
• Severity - 8.7 (High)

GHSA-h658-qqv9-qwv8

• Maven/org.apache.nifi:nifi-web-ui

Apache NiFi vulnerable to Cross-site Scripting 08 Jul

• Fix available
• Severity - 5.3 (Medium)

GHSA-wm9w-rjj3-j356

• Maven/org.apache.tomcat.embed:tomcat-embed-core
• Maven/org.apache.tomcat:tomcat-coyote

Apache Tomcat - Denial of Service 03 Jul

• Fix available
• Severity - 8.7 (High)

GHSA-6jj6-gm7p-fcvv

• Maven/org.geoserver.web:gs-web-app
• Maven/org.geoserver:gs-wfs
• Maven/org.geoserver:gs-wms

Remote Code Execution (RCE) vulnerability in geoserver 01 Jul

• Fix available
• Severity - 9.3 (Critical)

GHSA-jhqx-5v5g-mpf3

• Maven/org.geoserver.web:gs-web-app
• Maven/org.geoserver:gs-gwc

Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat 01 Jul

• Fix available
• Severity - 7.5 (High)

GHSA-j59v-vgcr-hxvf

• Maven/org.geoserver.web:gs-web-app
• Maven/org.geoserver:gs-main

GeoServer's Server Status shows sensitive environmental variables and Java properties 01 Jul

• Fix available
• Severity - 4.5 (Medium)

GHSA-3cpq-rw36-cppv

• Maven/org.jenkins-ci.plugins:plain-credentials

Secret file credentials stored unencrypted in rare cases by Plain Credentials Plugin 26 Jun

• Fix available
• Severity - 4.3 (Medium)

GHSA-x8mf-jcmf-r79f

• Maven/org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source

Bitbucket OAuth access token exposed in the build log by Bitbucket Branch Source Plugin 26 Jun

• Fix available
• Severity - 4.3 (Medium)