Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-2m67-wjpj-xhg9
  • Maven/tools.jackson.core:jackson-core
 Jackson Core: Document length constraint bypass in blocking, async, and DataInput parsers 16 hours ago
  • No fix available
  • Severity - 7.5 (High)
GHSA-f2hx-5fx3-hmcv
  • Maven/org.keycloak:keycloak-services
 Keycloak: UMA Policy Resource Injection Allows Unauthorized Cross-User Permission Grants 2 days ago
  • Fix available
  • Severity - 8.1 (High)
GHSA-h4wv-g838-66g3
  • Maven/org.keycloak:keycloak-services
 Keycloak: Application-Level DoS via Scope Processing 2 days ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-hj93-h7pg-fh6v
  • Maven/org.keycloak:keycloak-services
 Keycloak: Privilege escalation via forged authorization codes due to SingleUseObjectProvider isolation flaw 2 days ago
  • Fix available
  • Severity - 7.4 (High)
GHSA-rx66-hj7g-28h7
  • Maven/org.keycloak:keycloak-services
 Keycloak: Replay of action tokens via improper handling of single-use entries 2 days ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-cjm2-j6cm-6p6m
  • Maven/org.keycloak:keycloak-services
 Keycloak: Redirect URI validation bypass via ..;/ path traversal in OIDC auth endpoint 2 days ago
  • Fix available
  • Severity - 7.3 (High)
GHSA-hv2w-8mjj-jw22
  • Maven/io.modelcontextprotocol.sdk:mcp-core
 MCP Java SDK has a Hardcoded Wildcard CORS (Access-Control-Allow-Origin: *) 5 days ago
  • Fix available
  • Severity - 6.1 (Medium)
GHSA-vr79-8m62-wh98
  • Maven/ca.uhn.hapi.fhir:org.hl7.fhir.validation
 FHIR Validator HTTP service has SSRF via /loadIG Chains with startsWith() Credential Leak for Authentication Token Theft 5 days ago
  • Fix available
  • Severity - 9.3 (Critical)
GHSA-3ww8-jw56-9f5h
  • Maven/ca.uhn.hapi.fhir:org.hl7.fhir.core
 FHIR Validator: Unauthenticated Blind SSRF via /loadIG Endpoint Enables Internal Network Probing 5 days ago
  • Fix available
  • Severity - 5.8 (Medium)
GHSA-fgv2-4q4g-wc35
  • Maven/ca.uhn.hapi.fhir:org.hl7.fhir.core
  • Maven/ca.uhn.hapi.fhir:org.hl7.fhir.utilities
 HAPI FHIR Core has Authentication Credential Leakage via Improper URL Prefix Matching on HTTP Redirect 5 days ago
  • Fix available
  • Severity - 7.4 (High)
GHSA-x27p-5f68-m644
  • Maven/io.trino:trino-iceberg
 Trino: Iceberg REST catalog static and vended credentials are accessible via query JSON 6 days ago
  • Fix available
  • Severity - 7.7 (High)
GHSA-443w-3rq3-5m5h
  • Maven/software.amazon.awssdk:cloudfront
 AWS SDK for Java 2.0: Improper Handling of Special Characters in CloudFront Signing Utilities 27 Mar
  • Fix available
  • Severity - 7.7 (High)
GHSA-3gv6-g396-9v4r
  • Maven/io.undertow:undertow-parent
 Undertow is Vulnerable to HTTP Request/Response Smuggling 27 Mar
  • No fix available
  • Severity - 8.7 (High)
GHSA-8v4x-mgvp-p658
  • Maven/io.undertow:undertow-parent
 Undertow is Vulnerable to HTTP Request/Response Smuggling 27 Mar
  • No fix available
  • Severity - 8.7 (High)
GHSA-vqqj-9cmv-hx43
  • Maven/io.undertow:undertow-parent
 Undertow is Vulnerable to HTTP Request/Response Smuggling 27 Mar
  • No fix available
  • Severity - 8.7 (High)
GHSA-44f4-gvwj-6qg3
  • Maven/org.springframework.ai:spring-ai-redis-store
 Spring AI Redis Store has TAG Field Query Injection Through Improper Neutralization of Special Characters 27 Mar
  • Fix available
  • Severity - 7.5 (High)
Load more...