EUVD-2025-23665

Malicious code in bioql PyPI...

EUVD-2025-19625

Malicious code in bioql PyPI...

CVE-2025-54876

The Janssen Project is an open-source identity and access management IAM platform. In versions 1.9.0 and below, Janssen stores passwords in plaintext in the local clicmd.log file. This is fixed in the nightly prerelease...

CVE-2025-54876

The Janssen Project is an open-source identity and access management IAM platform. In versions 1.9.0 and below, Janssen stores passwords in plaintext in the local clicmd.log file. This is fixed in the nightly prerelease...

Janssen 安全漏洞

Janssen is an open source user authentication component from the Janssen Project open source. A security vulnerability exists in Janssen 1.9.0 and earlier versions, which stems from passwords being stored in plaintext in log files...

CVE-2025-54876

The Janssen Project IAM stores passwords in plaintext in the local cli_cmd.log file for versions 1.9.0 and below, creating a confidentiality risk. Root cause: passwords written to a local log. Severity is MEDIUM (CVSS 4.0 base 6.9) per the advisory. Remediation: upgrade to a version later than 1....

CVE-2025-54876 Jans CLI stores plaintext passwords in the local cli_cmd.log file

The Janssen Project is an open-source identity and access management IAM platform. In versions 1.9.0 and below, Janssen stores passwords in plaintext in the local clicmd.log file. This is fixed in the nightly prerelease...

CVE-2025-54876 Jans CLI stores plaintext passwords in the local cli_cmd.log file

The Janssen Project is an open-source identity and access management IAM platform. In versions 1.9.0 and below, Janssen stores passwords in plaintext in the local clicmd.log file. This is fixed in the nightly prerelease...

PT-2025-32006 · Unknown · Janssen Project

Name of the Vulnerable Software and Affected Versions: Janssen Project versions 1.9.0 and below Description: The Janssen Project, an open-source identity and access management IAM platform, stores passwords in plaintext in the local cli cmd.log file. Recommendations: Update to a version later tha...

CVE-2025-53003 Janssen Config API returns results without scope verification

The Janssen Project is an open-source identity and access management IAM platform. Prior to version 1.8.0, the Config API returns results without scope verification. This has a large internal surface attack area that exposes all sorts of information from the IDP including clients, users, scripts...

CVE-2025-53003

The Janssen Project Config API was vulnerable before version 1.8.0 due to lack of scope verification, exposing information from the IDP (clients, users, scripts, etc.). The issue has been fixed in 1.8.0. A recommended workaround mentioned in the sources is to fork and patch the Config API followi...

CVE-2025-53003 Janssen Config API returns results without scope verification

The Janssen Project is an open-source identity and access management IAM platform. Prior to version 1.8.0, the Config API returns results without scope verification. This has a large internal surface attack area that exposes all sorts of information from the IDP including clients, users, scripts...

CVE-2025-53003 Janssen Config API returns results without scope verification

The Janssen Project is an open-source identity and access management IAM platform. Prior to version 1.8.0, the Config API returns results without scope verification. This has a large internal surface attack area that exposes all sorts of information from the IDP including clients, users, scripts...

Janssen 安全漏洞

Janssen is an open source user authentication component from the Janssen Project Open Source. A security vulnerability exists in Janssen versions prior to 1.8.0, which stems from the Config API returning results without validating the scope, which could lead to information disclosure...

Janssen Config API returns results without scope verification

Impact What kind of vulnerability is it? Who is impacted? The configAPI is an internal service and hence should never be exposed to the internet. With that said, this is a serious vulnerability that has a large internal surface attack area that exposes all sorts of information from the IDP...

GHSA-373J-MHPF-84WG Janssen Config API returns results without scope verification

Impact What kind of vulnerability is it? Who is impacted? The configAPI is an internal service and hence should never be exposed to the internet. With that said, this is a serious vulnerability that has a large internal surface attack area that exposes all sorts of information from the IDP...

PT-2025-27496 · Gluu Flex +1 · Gluu Flex +1

Name of the Vulnerable Software and Affected Versions: Janssen Project versions prior to 1.8.0 Gluu Flex versions prior to 5.8.0 Description: The Janssen Project is an open-source identity and access management IAM platform. Prior to version 1.8.0, the Config API returns results without scope...

janssen-reisen.de Cross Site Scripting vulnerability OBB-3830422

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

janssen-holldiek.de Improper Access Control vulnerability OBB-3778764

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

dr-janssen-duesseldorf.de Improper Access Control vulnerability OBB-3776483

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...