Vulnerability Database
Blog
FAQ
Docs
Vulnerability Library
search
All ecosystems
116452
AlmaLinux
2722
Alpine
3396
Android
881
Bitnami
3902
CRAN
10
crates.io
1350
Debian
9865
GIT
33013
GitHub Actions
16
Go
2157
Hackage
18
Hex
30
Linux
13573
Maven
4882
npm
14393
NuGet
581
OSS-Fuzz
3291
Packagist
3397
Pub
8
PyPI
11905
Rocky Linux
1121
RubyGems
788
SwiftURL
31
Ubuntu
5122
ID
Packages
Summary
Affected versions
Published
Fix
GHSA-4h8f-2wvx-gg5w
Maven/org.bouncycastle:bcprov-jdk18on
Maven/org.bouncycastle:bcprov-jdk15to18
Maven/org.bouncycastle:bcprov-jdk14
Maven/org.bouncycastle:bcprov-jdk13
Maven/org.bouncycastle:bcprov-jdk12
Bouncy Castle Java Cryptography API vulnerable to DNS poisoning
1.71
1.71.1
1.72
1.73
1.74
1.75
1.76
...
2024-05-03T18:30:37Z
Fix available
GHSA-vpw3-3prf-3974
Maven/org.apache.hive:hive-jdbc
Apache Hive Code Injection vulnerability
4.0.0-alpha-1
4.0.0-alpha-2
4.0.0-beta-1
2024-05-03T09:30:52Z
Fix available
GHSA-2g4q-9vm9-9fw4
Maven/org.jenkins-ci.plugins:script-security
Jenkins Script Security Plugin sandbox bypass vulnerability
1.0
1.0-beta-1
1.0-beta-2
1.0-beta-3
1.0-beta-4
1.0-beta-5
1.0-beta-6
...
2024-05-02T15:30:35Z
Fix available
GHSA-94pr-w968-h923
Maven/org.jenkins-ci.plugins:telegrambot
Jenkins Telegram Bot Plugin stores the Telegram Bot token in plaintext
See details.
2024-05-02T15:30:35Z
No fix available
GHSA-phh3-2p9m-w6j5
Maven/org.jenkins-ci.plugins:partial-release-manager
Jenkins Subversion Partial Release Manager Plugin programmatically disables the fix for CVE-2016-3721
See details.
2024-05-02T15:30:35Z
No fix available
GHSA-v63g-v339-2673
Maven/org.jenkins-ci.plugins:script-security
Jenkins Script Security Plugin has sandbox bypass vulnerability involving crafted constructor bodies
1.0
1.0-beta-1
1.0-beta-2
1.0-beta-3
1.0-beta-4
1.0-beta-5
1.0-beta-6
...
2024-05-02T15:30:35Z
Fix available
GHSA-x7g6-rwhc-g7mj
Maven/org.wildfly:wildfly-domain-http
Wildfly vulnerable to denial of service
8.0.0.Alpha1
8.0.0.Alpha2
8.0.0.Alpha3
8.0.0.Alpha4
8.0.0.Beta1
8.0.0.CR1
8.0.0.Final
...
2024-05-02T15:30:35Z
No fix available
GHSA-xh9c-vcf9-h94m
Maven/org.jenkins-ci.plugins:git-server
Jenkins Git server Plugin does not perform a permission check
1.0
1.1
1.10
1.11
1.2
1.3
1.4
...
2024-05-02T15:30:35Z
Fix available
GHSA-gj5m-m88j-v7c3
Maven/org.apache.activemq:apache-activemq
Apache ActiveMQ's default configuration doesn't secure the API web context
6.0.0
6.0.1
6.1.0
6.1.1
2024-05-02T09:30:48Z
Fix available
GHSA-chfm-68vv-pvw5
Maven/org.xmlunit:xmlunit-core
XMLUnit for Java has Insecure Defaults when Processing XSLT Stylesheets
2.0.0
2.0.0-alpha-02
2.0.0-alpha-03
2.0.0-alpha-04
2.1.0
2.1.1
2.2.0
...
2024-05-01T16:40:01Z
Fix available
GHSA-25w4-hfqg-4r52
Maven/io.quarkus:quarkus-resteasy-reactive-common-deployment
Maven/io.quarkus:quarkus-resteasy-reactive-common
Quarkus: authorization flaw in quarkus resteasy reactive and classic
1.11.0.Beta1
1.11.0.Beta2
1.11.0.CR1
1.11.0.Final
1.11.1.Final
1.11.2.Final
1.11.3.Final
...
2024-04-25T18:30:39Z
Fix available
GHSA-9wmf-xf3h-r8pr
Maven/org.jberet:jberet-core
Jberet: jberet-core logging database credentials
1.0.0.Alpha1
1.0.0.Alpha2
1.0.0.Alpha3
1.0.0.Alpha4
1.0.0.Beta1
1.0.0.Beta2
1.0.0.CR1
...
2024-04-25T18:30:39Z
Fix available
GHSA-mv64-86g8-cqq7
Maven/io.quarkus.resteasy.reactive:resteasy-reactive
Quarkus: security checks in resteasy reactive may trigger a denial of service
3.8.0.CR1
3.3.0
3.3.0.CR1
3.3.1
3.3.2
3.3.3
3.4.0
...
2024-04-25T18:30:39Z
Fix available
GHSA-5xv3-fm7g-865r
Maven/org.open-metadata:openmetadata-service
OpenMetadata vulnerable to a SpEL Injection in `GET /api/v1/policies/validation/condition/<expr>` (`GHSL-2023-236`)
0.12.1
0.12.1.preview
0.12.2
0.12.2-REPUBLISHED
0.13.1
0.13.2
0.13.2-beta
...
2024-04-24T17:06:02Z
Fix available
GHSA-8p5r-6mvv-2435
Maven/org.open-metadata:openmetadata-service
OpenMetadata vulnerable to a SpEL Injection in `PUT /api/v1/events/subscriptions` (`GHSL-2023-251`)
0.12.1
0.12.1.preview
0.12.2
0.12.2-REPUBLISHED
0.13.1
0.13.2
0.13.2-beta
...
2024-04-24T17:06:00Z
Fix available
GHSA-7vf4-x5m2-r6gr
Maven/org.open-metadata:openmetadata-service
OpenMetadata vulnerable to SpEL Injection in `PUT /api/v1/policies` (`GHSL-2023-252`)
0.12.1
0.12.1.preview
0.12.2
0.12.2-REPUBLISHED
0.13.1
0.13.2
0.13.2-beta
...
2024-04-23T21:11:23Z
Fix available
Load more...
Maven - OSV