CVE-2025-58188

Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains...

CVE-2025-61723

The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs...

Understand your software’s supply chain with GitHub’s dependency graph

What if you could spot the weakest link in your software supply chain before it breaks? With GitHub's dependency graph, you can. By providing a clear, complete view of the external packages your code depends on, both directly and indirectly, it allows you to understand, secure, and manage your...

at.molindo:esi4j (>=0.3.0 <=1.0.1), be.thematchbox:AbstractRiver (=1.0.1) +301 more potentially affected by CVE-2014-3120 via org.elasticsearch:elasticsearch (>=0.6.0 <=1.4.0)

org.elasticsearch:elasticsearch MAVEN version =0.6.0, =0.3.0, =1.0.0, =0.1PRE4, =0.1PRE4, =0.1PRE4, =0.1PRE4, =0.0.1, =0.1.13, =0.1.1, =0.8.1, =0.1.0, =1.0, =1.0.0, =1.1.2, =1.8.0 and more Source cves: CVE-2014-3120 Source advisory: OSV:GHSA-MRFM-JXGF-2H6V...