39 matches found
ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +2921 more potentially affected by CVE-2026-41417 via io.netty:netty-codec-http (>=4.2.0.Alpha1 <=4.2.12.Final)
io.netty:netty-codec-http MAVEN version =4.2.0.Alpha1, =0.1.0, =0.1.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.2 and more Source cves: CVE-2026-41417 Source advisory: SNYK:JAVA-IONETTY-16425695...
ai.platon.pulsar:pulsar-e2e-tests (>=4.5.0 <=4.6.0), ai.platon.pulsar:pulsar-it-tests (>=4.5.0 <=4.7.4) +1858 more potentially affected by CVE-2026-22741 via org.springframework:spring-webmvc (>=7.0.0-M1 <=7.0.6)
org.springframework:spring-webmvc MAVEN version =7.0.0-M1, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =2.0.0, =2.0.0, =0.1.1, =0.2.0, =0.5.0, =0.7.0, =0.5.0, =0.5.0, =0.7.5 and more Source cves: CVE-2026-22741 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-16109603...
CVE-2026-32735 Unpacking Arbitrary Mustache Template Files via `maven-dependency-plugin`
openapi-to-java-records-mustache-templates allows users to generate Java Records from OpenAPI specifications. Starting in version 5.1.1 and prior to version 5.5.1, the parent POM file of this project openapi-to-java-records-mustache-templates-parent, which is used to centralize plugin...
CVE-2026-32735 Unpacking Arbitrary Mustache Template Files via `maven-dependency-plugin`
openapi-to-java-records-mustache-templates allows users to generate Java Records from OpenAPI specifications. Starting in version 5.1.1 and prior to version 5.5.1, the parent POM file of this project openapi-to-java-records-mustache-templates-parent, which is used to centralize plugin...
CVE-2026-32735
openapi-to-java-records-mustache-templates allows users to generate Java Records from OpenAPI specifications. Starting in version 5.1.1 and prior to version 5.5.1, the parent POM file of this project openapi-to-java-records-mustache-templates-parent, which is used to centralize plugin...
ai.catboost:catboost-spark_2.11 (>=0.25-rc1 <=0.25-rc3), ai.catboost:catboost-spark_2.12 (>=0.25-rc1 <=0.25-rc3) +15057 more potentially affected by CVE-2025-12183 +1 more via org.lz4:lz4-java (>=1.4 <=1.8.1)
org.lz4:lz4-java MAVEN version =1.4, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =0.25, =0.25, =1.0.1, =1.0.6, =1.0.6, =1.1, =1.1.1, =1.2, =1.2, =1.2.3, =1.2.3, =1.2.10 and more Source cves: CVE-2025-12183, CVE-2025-66566 Source advisory: SNYK:JAVA-ORGLZ4-14219384...
ai.konduit.serving:konduit-serving-clients (>=0.0.2 <=0.3.0), ai.konduit.serving:konduit-serving-distro-bom (>=0.0.2 <=0.3.0) +4114 more potentially affected by CVE-2025-66453 via org.mozilla:rhino (>=1.7R3 <=1.7.14)
org.mozilla:rhino MAVEN version =1.7R3, =0.0.2, =0.0.2, =0.1-1, =1.0, =1.0, =1.0, =1.2.1 - blog.svenbayer:spring-cloud-contract-swagger =1.2.0.RELEASE - br.com.objectos.jabuticava:boleto =0.3.0 - br.com.objectos.jabuticava:duplicata =0.3.0 - br.com.objectos:boleto =0.1.0 - br.com.objectos:duplica...
EUVD-2024-49313
Malicious code in bioql PyPI...
GitLab 16.6 < 17.9.7 / 17.10 < 17.10.5 / 17.11 < 17.11.1 (CVE-2025-2443)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Gitlab reports: Cross Site Scripting XSS in Maven Dependency Proxy through CSP directives Cross Site Scripting XSS in Maven dependency proxy through cache headers Network Error Logging NEL Header...
CVE-2024-8635
A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It was possible for an attacker to make requests to internal resources using a custom Maven Dependency Proxy UR...
Malicious code in maven-dependency-submission-action (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1381f1caf30bbc11135c6f4ffc6634a4cdeaaa63627d583675758c564c38c804 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
br.com.nitertech:jwt (>=1.1.4.2 <=1.1.5), cn.herodotus.engine:oauth2-core (>=3.0.6.4 <=3.1.1.3) +354 more potentially affected by CVE-2024-38821 via org.springframework.security:spring-security-web (>=6.1.0 <=6.1.1)
org.springframework.security:spring-security-web MAVEN version =6.1.0, =1.1.4.2, =3.0.6.4, =3.0.6.4, =3.0.6.4, =3.0.6.4, =3.0.6.4, =3.0.6.4, =3.0.6.4, =4.0.1, =4.0.1, =4.0.1, =4.0.1, =0.1.0, =6.1.11, =7.0.4 and more Source cves: CVE-2024-38821 Source advisory: OSV:GHSA-C4Q5-6C82-3QPW...
CVE-2024-8635 Server-Side Request Forgery (SSRF) in GitLab
A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It was possible for an attacker to make requests to internal resources using a custom Maven Dependency Proxy UR...
CVE-2024-8635 Server-Side Request Forgery (SSRF) in GitLab
A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It was possible for an attacker to make requests to internal resources using a custom Maven Dependency Proxy UR...
CVE-2024-8635 Server-Side Request Forgery (SSRF) in GitLab
A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It was possible for an attacker to make requests to internal resources using a custom Maven Dependency Proxy UR...
CVE-2024-8635
Removed by vendor...
CVE-2024-8635
CVE-2024-8635 is a server-side request forgery (SSRF) in GitLab Enterprise Edition (EE). Affected: GitLab EE versions starting 16.8 up to but not including 17.1.7, 17.2 up to but not including 17.2.5, and 17.3 up to but not including 17.3.2. Root cause: abuse of a custom Maven Dependency Proxy UR...
GitLab 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability in GitLab EE versions 16.8 to before 17.1.7, 17.2 to...
ai.catboost:catboost-spark_3.1_2.12 (>=1.0.1 <=1.2.8), ai.catboost:catboost-spark_3.2_2.12 (>=1.0.6 <=1.2.10) +3568 more potentially affected by CVE-2024-25638 via dnsjava:dnsjava (>=1.2.3 <=3.5.3)
dnsjava:dnsjava MAVEN version =1.2.3, =1.0.1, =1.0.6, =1.0.6, =1.1, =1.1.1, =1.2, =1.2, =1.2.3, =1.2.3, =0.0.25, =0.0.25, =0.0.25, =0.0.86, =0.0.8, =threadcontention-0.0.23-dev3 and more Source cves: CVE-2024-25638 Source advisory: OSV:GHSA-CFXW-4H78-H7FW...
Fedora: Security Advisory for maven-dependency-analyzer (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...