ecommerce-poc

Event-Driven E-Commerce Saga POC This project is a small even...

Spring Office Hours Podcast: S5E14 - Spec Driven Development with Simon Martinelli

Join Dan Vega and DaShaun Carter for the latest updates from the Spring Ecosystem. In this episode, Dan and DaShaun are joined by Java Champion, Vaadin Champion, and Oracle ACE Pro Simon Martinelli to talk about Spec-Driven Development. With AI reshaping how we write code, Simon makes the case th...

@asyncapi/server-api (>=0.16.0 <=0.16.23) potentially affected by unknown CVE via @asyncapi/java-spring-template (=1.6.0)

@asyncapi/java-spring-template NPM version =1.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/java-spring-template and may be impacted: - @asyncapi/server-api =0.16.0, =0.16.23 Source cves: unknown CVE Source advisory:...

@asyncapi/server-api (>=0.16.0 <=0.16.23) potentially affected by unknown CVE via @asyncapi/java-spring-cloud-stream-template (=0.13.4)

@asyncapi/java-spring-cloud-stream-template NPM version =0.13.4 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/java-spring-cloud-stream-template and may be impacted: - @asyncapi/server-api =0.16.0, =0.16.23 Source cves: unknown CVE Source...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

EUVD-2025-198738

Malicious code in @asyncapi/java-spring-cloud-stream-template npm...

EUVD-2025-198770

Malicious code in @asyncapi/java-spring-template npm...

CVE-2025-46822

OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized...

CVE-2025-46822

OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized...

CVE-2025-46822 Unauthenticated Arbitrary File Read via Absolute Path

OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized...

CVE-2025-46822 Unauthenticated Arbitrary File Read via Absolute Path

OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized...

CVE-2025-46822

The CVE-2025-46822 entry corresponds to an Arbitrary File Read in OsamaTaher/Java-springboot-codebase prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, caused by insufficient path traversal protections. The vulnerability allows reading internal files via absolute paths at the /api/v1/file...

Java-springboot-codebase 信息泄露漏洞

Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects from osama individual developers. A security vulnerability exists in versions prior to Java-springboot-codebase c835c6f, which stems from an insufficient path traversal mechanism that could...

My-BBS 安全漏洞

My-BBS is a SpringBoot + Mybatis + Thymeleaf technology implemented BBS forum system by ZHENFENG13 individual developer. There is a security vulnerability in My-BBS version 1.0, which originates from the function Upload in the file src/main/java/com/my/bbs/controller/common/UploadController.java,...

A Bootiful Podcast: BellSoft's Catherine Edelveis

Hi, Spring and JDK fans! In this week's episode I talk to BellSoft developer advocate Catherine Edelveis java springboot jre jdk graalvm CRaC...

ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.4.0.1), ai.dstack:server-base-local (>=0.0.12 <=0.1.15) +12161 more potentially affected by CVE-2023-1932 via org.hibernate.validator:hibernate-validator (>=6.0.0.Alpha1 <=6.2.0.CR1)

org.hibernate.validator:hibernate-validator MAVEN version =6.0.0.Alpha1, =4.4.0.0, =0.0.12, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =j8.2.2.0, =j8.2.2.0, =Finchley.SR2.SR1, =Finchley.SR4, =j11.2.4.0 and more Source cves: CVE-2023-1932 Source advisory:...

Exploit for Code Injection in Vmware Spring_Framework

Expoitation-de-la-vuln-rabilit-CVE-2022-22965 La vulnérabilité...

Security Bulletin: IBM® Engineering Requirements Management DOORS/DWA vulnerabilities fixed in 9.7.2.7

Summary cURL libcurl, Apache Xerces2 Java, Apache Jena, Spring Framework, json-smart-v1 and json-smart-v2 , libxml2, Apache Standard Taglibs , Apache ActiveMQ, Apache Commons Codec are identified as vulnerable components with multiple reported vulnerabilities, CVE-2022-35260, CVE-2022-42915,...

aero.m-click:mcpdf (>=0.2.5 <=0.2.10), ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.6.0.0) +21452 more potentially affected by CVE-2024-34447 via org.bouncycastle:bcprov-jdk15on (>=1.61 <=1.70)

org.bouncycastle:bcprov-jdk15on MAVEN version =1.61, =0.2.5, =4.4.0.0, =0.1.12, =0.1.2, =0.28.0, =0.4.0, =0.4.0, =0.2.8, =22.3.0, =22.3.0, =22.3.0, =22.3.0, =22.3.0, =24.9.8 and more Source cves: CVE-2024-34447 Source advisory: OSV:GHSA-4H8F-2WVX-GG5W...

ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.6.0.0), androidx.baselineprofile.apptarget:androidx.baselineprofile.apptarget.gradle.plugin (>=1.2.0-alpha12 <=1.2.0-alpha14) +2529 more potentially affected by CVE-2023-51775 via org.bitbucket.b_c:jose4j (>=0.4.1 <=0.9.3)

org.bitbucket.bc:jose4j MAVEN version =0.4.1, =4.4.0.0, =1.2.0-alpha12, =1.2.0-alpha12, =1.2.0-alpha12, =1.2.0-alpha12, =1.2.0-alpha07, =1.2.0-alpha12, =1.2.0-alpha07, =2.6.0, =2.6.0, =2.6.0, =1.0.0-alpha01, =1.0.0-alpha01,...