181 matches found
Medium: thunderbird
Issue Overview: There exists an out of bounds read/write in LibJXL versions prior to commit 9cc451b91b74ba470fd72bd48c121e9f33d24c99. The JPEG decoder used by the JPEG XL encoder when doing JPEG recompression i.e. if using JxlEncoderAddJPEGFrame on untrusted input does not properly check bounds i...
ai.superstream:kafka-clients (>=3.0.1 <=3.6.1-alpha1), ai.superstream:spring-kafka (>=2.8.4-alpha1 <=3.0.1-alpha1) +1831 more potentially affected by CVE-2020-36843 via net.i2p.crypto:eddsa (>=0.1.0 <=0.3.0)
net.i2p.crypto:eddsa MAVEN version =0.1.0, =3.0.1, =2.8.4-alpha1, =0.0.1-alpha1, =0.0.6, =2.1.2, =2.1.2, =2.2, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.9 and more Source cves: CVE-2020-36843 Source advisory: OSV:GHSA-P53J-G8PW-4W5F...
br.com.senior:crm-http-camel-api (>=0.0.2-alpha <=0.0.81-alpha), br.com.senior:novasoft-http-camel-api (>=0.0.3-alpha <=0.0.93-alpha) +3130 more potentially affected by CVE-2025-27636 via org.apache.camel:camel-support (>=3.10.0 <=3.22.3)
org.apache.camel:camel-support MAVEN version =3.10.0, =0.0.2-alpha, =0.0.3-alpha, =0.0.1-alpha, =1.0.0, =0.0.1-alpha, =0.0.1-alpha, =0.0.1-alpha, =0.0.1-alpha, =0.0.1-alpha, =0.0.1-alpha, =0.0.1-alpha, =18.4.0, =18.4.0, =24.17.0 - com.approvaltests:approvaltests-util-tests =18.4.0 and more Source...
openpgp-ca (>=0.12.0 <=0.12.0-alpha.1), openpgp-ca-lib (>=0.12.0 <=0.13.0-alpha.1) +2 more potentially affected by unknown CVE via openpgp-card-sequoia (>=0.0.10 <=0.1.5)
openpgp-card-sequoia CARGO version =0.0.10, =0.12.0, =0.12.0, =0.1.0, =0.0.1, =0.0.15 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0011...
com.databricks:automatedml_2.11 (=0.7.2), com.github.aishfenton:vegas-flink_2.11 (=0.3.4) +11 more potentially affected by CVE-2025-25304 via org.webjars.bower:vega (>=1.5.4 <=3.0.0-rc4)
org.webjars.bower:vega MAVEN version =1.5.4, =0.3.6, =0.3.6, =0.3.6, =1.1.0, =2.1.0, =1.0.10, =2.0.1 Source cves: CVE-2025-25304 Source advisory: SNYK:JAVA-ORGWEBJARSBOWER-8730845...
be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +330 more potentially affected by CVE-2024-53677 via org.apache.struts:struts2-core (>=2.0.5 <=6.3.0.2)
org.apache.struts:struts2-core MAVEN version =2.0.5, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =1.2.2, =1.2.2, =1.2.2, =1.2.2, =1.9, =1.2, =1.0, =1.0, =1.0.4 and more Source cves: CVE-2024-53677 Source advisory: OSV:GHSA-43MQ-6XMG-29VM...
BiliupApi (>=0.1.0 <=0.1.7), BrewStillery (>=6.0.1 <=6.0.2) +6288 more potentially affected by CVE-2024-12224 via idna (>=0.1.5 <=0.5.0)
idna CARGO version =0.1.5, =0.1.0, =6.0.1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.3.3, =0.3.2, =1.0.3, =0.1.0, =0.1.0, =0.1.1, =0.1.8 and more Source cves: CVE-2024-12224 Source advisory: OSV:RUSTSEC-2024-0421...
app.valuationcontrol:library (>=0.5.2 <=0.5.5), app.valuationcontrol:webservice (>=0.5.0 <=0.5.1) +1837 more potentially affected by CVE-2024-38821 via org.springframework.security:spring-security-web (>=6.2.0 <=6.2.6)
org.springframework.security:spring-security-web MAVEN version =6.2.0, =0.5.2, =0.5.0, =7.0.0, =1.0.0, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.6, =1.0.1, =1.0.31 and more Source cves: CVE-2024-38821 Source advisory: OSV:GHSA-C4Q5-6C82-3QPW...
ai.ancf.lmos:arc-graphql-spring-boot-starter (>=0.1.1 <=0.112.0), ai.ancf.lmos:arc-memory-mongo-spring-boot-starter (>=0.1.1 <=0.112.0) +8300 more potentially affected by CVE-2024-38820 via org.springframework:spring-context (>=6.1.0 <=6.1.13)
org.springframework:spring-context MAVEN version =6.1.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.1.0, =0.5.0, =0.5.0, =0.5.0, =0.5.8, =0.5.0, =0.5.7, =0.5.0, =0.6.0, =0.6.0, =0.8.7 and more Source cves: CVE-2024-38820 Source advisory: OSV:GHSA-4GC7-5J7H-4QPH...
ca.ibodrov.concord:testcontainers-concord (>=0.0.2 <=0.0.20), ca.ibodrov.concord:testcontainers-concord-core (>=0.0.21 <=2.0.2) +945 more potentially affected by CVE-2023-25581 via org.pac4j:pac4j-core (>=1.4.0 <=4.0.0-RC3)
org.pac4j:pac4j-core MAVEN version =1.4.0, =0.0.2, =0.0.21, =0.0.6, =0.5.0, =0.1.0, =12.1.0, =12.1.1, =12.1.2, =12.1.0, =12.1.4, =1.1.0, =1.1.0, =1.1.0, =1.1.2 and more Source cves: CVE-2023-25581 Source advisory: OSV:GHSA-76MW-6P95-X9X5...
ai.cheq.sst.android:cheq-sst-kotlin-protobuf (>=0.1.0 <=0.1.3), at.asitplus:warden (>=2.1.0 <=2.3.1) +46 more potentially affected by CVE-2024-7254 via com.google.protobuf:protobuf-javalite (>=4.0.0-rc-2 <=4.27.4)
com.google.protobuf:protobuf-javalite MAVEN version =4.0.0-rc-2, =0.1.0, =2.1.0, =1.6.0, =4.26.0, =0.29.1, =0.6.0, =0.1.0, =0.10.13, =0.10.13, =0.10.13, =0.10.13, =0.10.13, =0.10.13, =0.10.13, =0.10.35 and more Source cves: CVE-2024-7254 Source advisory: OSV:GHSA-735F-PC8J-V9W8...
io.americanexpress.synapse:sample-function-greeter-gcp (>=0.4.15 <=0.4.16), io.zipkin:zipkin-server (>=3.3.1 <=3.4.1) +3 more potentially affected by CVE-2024-38807 via org.springframework.boot:spring-boot-loader-classic (>=3.3.0 <=3.3.2)
org.springframework.boot:spring-boot-loader-classic MAVEN version =3.3.0, =0.4.15, =3.3.1, =3.3.0, =3.3.13 - org.springframework.cloud:spring-cloud-function-adapter-gcp =4.1.6 - org.springframework.cloud:spring-cloud-function-deployer =4.1.6 Source cves: CVE-2024-38807 Source advisory:...
@9troisquarts/ant-form (>=2.3.0 <=6.0.1), @beliantech/bt-components (>=0.8.0 <=0.33.11) +105 more potentially affected by CVE-2024-43368 via trix (>=0.10.2 <=2.1.19)
trix NPM version =0.10.2, =2.3.0, =0.8.0, =0.1.1, =4.0.0-alpha.1, =4.0.0-alpha.1, =4.0.0-alpha.1, =4.0.0-alpha.5, =4.0.0-alpha.1, =0.1.18, =0.1.85, =0.1.0, =0.2.0, =1.0.0, =1.1.1-beta.44 and more Source cves: CVE-2024-43368 Source advisory: OSV:GHSA-QM2Q-9F3Q-2VCV...
com.aoapps:ao-appcluster-all (=2.0.1), com.aoapps:ao-appcluster-core (=2.0.1) +239 more potentially affected by CVE-2023-50868 via dnsjava:dnsjava (>=3.5.0 <=3.5.3)
dnsjava:dnsjava MAVEN version =3.5.0, =1.3.1, =1.3.1, =1.3.1, =0.3.2-patch6, =6.3.2, =1.1.1, =2.5.9, =2.5.9, =2.1.4, =2.1.4, =2.1.4, =1.0, =1.2 and more Source cves: CVE-2023-50868 Source advisory: OSV:GHSA-MMWX-RJ87-VFGR...
com.fizzed:nats-ninja-demo (>=0.0.1 <=0.0.5), com.fizzed:nats-ninja-module (>=0.0.1 <=0.0.8) +15 more potentially affected by CVE-2024-36823 via org.ninjaframework:ninja-core (=7.0.0)
org.ninjaframework:ninja-core MAVEN version =7.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.ninjaframework:ninja-core and may be impacted: - com.fizzed:nats-ninja-demo =0.0.1, =0.0.1, =0.0.8 - org.ninjaframework:ninja-db-classic =7.0.0 -...
app.cash.lilbitcoinj:lilbitcoinj-core (>=0.0.2 <=0.0.3), app.cash.lninvoice:ln-invoice (>=0.0.1 <=0.0.6) +1309 more potentially affected by CVE-2024-29857 via org.bouncycastle:bcprov-jdk15to18 (>=1.63 <=1.77)
org.bouncycastle:bcprov-jdk15to18 MAVEN version =1.63, =0.0.2, =0.0.1, =0.2.9, =0.1.0, =0.2.1, =0.2.0, =1.0.0, =1.0.1, =0.2.0, =0.2.0, =1.0.0.RELEASE, =1.0.0, =1.0.0.RELEASE, =2.7.0 and more Source cves: CVE-2024-29857 Source advisory: OSV:GHSA-8XFC-GM6G-VGPV...
cn.sliew:carp-ageiport-server (>=0.0.10 <=0.0.14), com.abavilla:fpi-bot-api (>=1.8.1 <=1.8.5) +190 more potentially affected by CVE-2023-5675 via io.quarkus:quarkus-resteasy-reactive-common (>=3.3.0 <=3.6.8)
io.quarkus:quarkus-resteasy-reactive-common MAVEN version =3.3.0, =0.0.10, =1.8.1, =1.8.1, =1.8.6, =1.8.6, =1.9.0, =1.9.0, =1.10.1, =1.10.1, =1.0.29, =1.0.29, =1.6.1, =1.6.1, =1.5.1, =1.5.1, =1.6.0 and more Source cves: CVE-2023-5675 Source advisory: OSV:GHSA-25W4-HFQG-4R52...
@0xunreal/dynamic-amm-sdk (>=0.4.22 <=0.4.23), @0xunreal/vault-sdk (=0.5.3) +57 more potentially affected by CVE-2024-30253 via @solana/web3.js (>=1.66.0 <=1.66.2)
@solana/web3.js NPM version =1.66.0, =0.4.22, =2.0.0-alpha.1, =2.0.0-alpha.5, =2.0.0-alpha.1, =2.11.0, =0.1.0, =0.2.0-master.41, =1.9.0, =0.0.2, =4.0.0-beta.5, =4.0.0-beta.5, =0.7.0, =0.7.1 and more Source cves: CVE-2024-30253 Source advisory: OSV:GHSA-8M45-2RJM-J347...
ai.optfor:spring-openai-api (>=0.1 <=0.3.25), am.ik.s3:simple-s3-client (>=0.1.0 <=0.1.1) +3872 more potentially affected by CVE-2024-22262 via org.springframework:spring-web (>=6.0.0 <=6.0.18)
org.springframework:spring-web MAVEN version =6.0.0, =0.1, =0.1.0, =0.2.3, =0.2.3, =4.0.0, =1.5.0.RELEASE, =1.5.1.RELEASE, =1.5.0.RELEASE, =2.1.0.RELEASE, =1.5.0.RELEASE, =1.5.2.RELEASE - be.tomcools:rickroll-security-spring-boot-starter =3.1.1 -...
ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.6.0.0), androidx.baselineprofile.apptarget:androidx.baselineprofile.apptarget.gradle.plugin (>=1.2.0-alpha12 <=1.2.0-alpha14) +2529 more potentially affected by CVE-2023-51775 via org.bitbucket.b_c:jose4j (>=0.4.1 <=0.9.3)
org.bitbucket.bc:jose4j MAVEN version =0.4.1, =4.4.0.0, =1.2.0-alpha12, =1.2.0-alpha12, =1.2.0-alpha12, =1.2.0-alpha12, =1.2.0-alpha07, =1.2.0-alpha12, =1.2.0-alpha07, =2.6.0, =2.6.0, =2.6.0, =1.0.0-alpha01, =1.0.0-alpha01,...