com.codbex.atlas:codbex-atlas-application (>=2.97.0 <=2.99.0), com.codbex.gaia:codbex-gaia-application (=2.73.0) +24 more potentially affected by CVE-2026-3293 via net.snowflake:snowflake-jdbc (>=4.0.0 <=4.0.1)

net.snowflake:snowflake-jdbc MAVEN version =4.0.0, =2.97.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.1.0, =5.1.0, =5.1.1 and more Source cves: CVE-2026-3293 Source advisory: SNYK:JAVA-NETSNOWFLAKE-15361271...

EUVD-2022-1463

Malicious code in bioql PyPI...

EUVD-2022-2294

Malicious code in bioql PyPI...

EUVD-2022-2192

Malicious code in bioql PyPI...

Malicious code in @teselagen/liquibase-tools (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0428d8bfa4eb7de9a33acaa055690a899b5357c7845f06a184b4181e5f8a0b02 Any computer that has this package installed or running should be considered fully compromised. All...

MAL-2025-47274 Malicious code in @teselagen/liquibase-tools (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0428d8bfa4eb7de9a33acaa055690a899b5357c7845f06a184b4181e5f8a0b02 Any computer that has this package installed or running should be considered fully compromised. All...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

CVE-2025-49146 vulnerabilities

Vulnerabilities for packages: sonarqube-10, apicurio-registry, keycloak, liquibase...

GHSA-HQ9P-PM7W-8P54 vulnerabilities

Vulnerabilities for packages: sonarqube-10, apicurio-registry, keycloak, liquibase...

CVE-2020-2285

A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

CVE-2018-1000146

An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM...

Security Bulletin: Enterprise Content Manager System Monitor For March 2024 - Multiple CVE adressed

Summary Enterprise Content Manager System Monitor is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details...

Spring Data JDBC - How To Maintain Your Database Schema

This is the fifth article of a series about how to tackle various challenges you might encounter when using Spring Data JDBC. The series consists of: 1. Spring Data JDBC - How to use custom ID generation? 2. Spring Data JDBC - How do I make bidirectional relationships?. 3. Spring Data JDBC - How ...

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Liquibase

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Liquibase. Vulnerability Details CVEID:CVE-2022-0839 DESCRIPTION: Liquibase is vulnerable to XML external entity processing, caused by improper validation of user-supplied input by the...

SUSE CVE-2018-1000146

An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM...

Security Bulletin: Improper Restriction of XML External Entity Reference in liquibase prior to 4.8.0 Affects IBM Partner Engagement Manager (CVE-2022-0839)

Summary IBM Sterling Partner Engagement Manager uses Liquibase that is vulnerable to XML external entity processing, caused by improper validation of user-supplied input by the XMLChangeLogSAXParser function. A remote attacker could exploit this vulnerability to input a malicious XML reference to...

liquibase: Improper Restriction of XML External Entity

A flaw was found in Liquiibase's XMLChangeLogSAXParser function. It uses SAXParser with no FEATURESECUREPROCESSING set, which could possibly allow XML External Entity XXE attacks...

liquibase: Improper Restriction of XML External Entity

A flaw was found in Liquiibase's XMLChangeLogSAXParser function. It uses SAXParser with no FEATURESECUREPROCESSING set, which could possibly allow XML External Entity XXE attacks...

liquibase: Improper Restriction of XML External Entity

A flaw was found in Liquiibase's XMLChangeLogSAXParser function. It uses SAXParser with no FEATURESECUREPROCESSING set, which could possibly allow XML External Entity XXE attacks...

This Week in Spring - May 31st, 2022

Hi, Spring fans! And welcome to another installment of This Week in Spring! Ive just returned from three wonderful weeks overseas and now, Im pleased as punch to convey, that Im home! And hopefully, COVID-19 free! Who knows what sort of nonsense I caught on the flight home, anyway. Some things, I...