GHSA-3G76-F9XQ-8VP6 vulnerabilities

Vulnerabilities for packages: spark, apicurio-registry, apache-pulsar, wildfly, keycloak...

CVE-2026-6860 vulnerabilities

Vulnerabilities for packages: spark, apicurio-registry, apache-pulsar, wildfly, keycloak...

This Week in Spring - May 5th, 2026

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's May 5th, 2026, and I'm in Mainz, Germany, for the legendary JAX conference! It's been infinitely far too long since I've been at this amazing show, and I'm oh-so happy to be back here! Tonight, after my two talks here, I...

GHSA-P93R-85WP-75V3 vulnerabilities

Vulnerabilities for packages: thingsboard, ruby3.2-bouncy-castle-java, druid, kserve-modelmesh, ruby3.3-bouncy-castle-java, ruby3.4-bouncy-castle-java, spark, jruby, gradle, jenkins, apache-pulsar, ruby4.0-bouncy-castle-java, wildfly, apache-nifi, keycloak...

CVE-2026-40490 vulnerabilities

Vulnerabilities for packages: tez, druid, apache-pulsar...

GHSA-CMXV-58FP-FM3G vulnerabilities

Vulnerabilities for packages: tez, druid, apache-pulsar...

CVE-2026-5598 vulnerabilities

Vulnerabilities for packages: thingsboard, ruby3.2-bouncy-castle-java, druid, kserve-modelmesh, ruby3.3-bouncy-castle-java, ruby3.4-bouncy-castle-java, spark, jruby, gradle, jenkins, apache-pulsar, ruby4.0-bouncy-castle-java, wildfly, apache-nifi, keycloak...

CVE-2026-40490 vulnerabilities

Vulnerabilities for packages: apache-pulsar, tez, apache-pulsar-fips, pinot, druid, pinot-fips...

GHSA-CMXV-58FP-FM3G vulnerabilities

Vulnerabilities for packages: apache-pulsar, tez, apache-pulsar-fips, pinot, druid, pinot-fips...

GHSA-CRHR-QQJ8-RPXC vulnerabilities

Vulnerabilities for packages: strimzi-kafka-operator, kafka, apache-activemq-artemis, spark-kubernetes-operator, wso2is, druid, solr, spark, kserve-modelmesh, apache-pulsar-fips, spark-fips, apache-pulsar, zookeeper-fips, spark-kubernetes-operator-fips, trino, seata, apache-nifi, thingsboard, akh...

CVE-2026-24308 vulnerabilities

Vulnerabilities for packages: strimzi-kafka-operator, kafka, apache-activemq-artemis, spark-kubernetes-operator, wso2is, druid, solr, spark, kserve-modelmesh, apache-pulsar-fips, spark-fips, apache-pulsar, zookeeper-fips, spark-kubernetes-operator-fips, trino, seata, apache-nifi, thingsboard, akh...

GHSA-RP46-R563-JRC7 vulnerabilities

Vulnerabilities for packages: druid, akhq, spark, logstash, celeborn, apache-pulsar, wavefront-proxy...

CVE-2025-33042 vulnerabilities

Vulnerabilities for packages: druid, akhq, spark, logstash, celeborn, apache-pulsar, wavefront-proxy...

CVE-2023-31007

Improper Authentication vulnerability in Apache Software Foundation Apache Pulsar Broker allows a client to stay connected to a broker after authentication data expires if the client connected through the Pulsar Proxy when the broker is configured with authenticateOriginalAuthData=false or if a...

CVE-2022-33683

Apache Pulsar Brokers and Proxies create an internal Pulsar Admin Client that does not verify peer TLS certificates, even when tlsAllowInsecureConnection is disabled via configuration. The Pulsar Admin Client's intra-cluster and geo-replication HTTPS connections are vulnerable to man in the middl...

CVE-2022-33684

The Apache Pulsar C++ Client does not verify peer TLS certificates when making HTTPS calls for the OAuth2.0 Client Credential Flow, even when tlsAllowInsecureConnection is disabled via configuration. This vulnerability allows an attacker to perform a man in the middle attack and intercept and/or...

GHSA-PVP8-3XJ6-8C6X vulnerabilities

Vulnerabilities for packages: apache-pulsar...

CVE-2025-46392 vulnerabilities

Vulnerabilities for packages: apache-pulsar...

CVE-2025-46392 vulnerabilities

Vulnerabilities for packages: wso2is...

GHSA-PVP8-3XJ6-8C6X vulnerabilities

Vulnerabilities for packages: wso2is...