ROOT-APP-MAVEN-CVE-2026-42583 CVE-2026-42583 in io.root.io.netty:netty-codec - Patched by Root

Root has patched CVE-2026-42583 in the io.root.io.netty:netty-codec package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2026-22741 CVE-2026-22741 in io.root.org.springframework:spring-webmvc - Patched by Root

Root has patched CVE-2026-22741 in the io.root.org.springframework:spring-webmvc package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2025-68390 CVE-2025-68390 in io.root.org.elasticsearch.plugin:x-pack-core - Patched by Root

Root has patched CVE-2025-68390 in the io.root.org.elasticsearch.plugin:x-pack-core package for Root:Maven. Multiple fixed versions available...

ai.chronon:online_2.13 (>=0.0.25 <=revert-391-thread-0.0.24), ai.chronon:service_2.13 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +4068 more potentially affected by CVE-2026-35554 via org.apache.kafka:kafka-clients (>=2.8.0 <=3.9.1)

org.apache.kafka:kafka-clients MAVEN version =2.8.0, =0.0.25, =0.0.86, =1.0.6, =1.0.6, =cloud-0.1, =0.2.7, =0.2.7, =3.0.1, =2.8.4-alpha1, =1.0.0, =1.0.0-beta, =0.0.1-alpha1, =1.2.4, =1.2.4, =1.2.6 and more Source cves: CVE-2026-35554 Source advisory: SNYK:JAVA-ORGAPACHEKAFKA-16032179...

ae.teletronics.nlp:categorisation (>=1.3 <=1.6), ae.teletronics.nlp:entityextraction (>=1.3 <=1.4) +4950 more potentially affected by CVE-2025-66566 via net.jpountz.lz4:lz4 (>=1.1.0 <=1.3.0)

net.jpountz.lz4:lz4 MAVEN version =1.1.0, =1.3, =1.3, =0.42.1, =1.3.0, =0.13.0, =1.1.0, =0.13.0, =0.13.0, =0.13.0, =0.7.0, =0.10.0, =0.13.0, =v1.1.0-226-g847ecff2d8e26f249422247d7665fe15f07b1744 and more Source cves: CVE-2025-66566 Source advisory: OSV:GHSA-CMP6-M4WJ-Q63Q...

EUVD-2025-199706

Malicious code in org.mvnpm:posthog-node Maven...

MAL-2025-191470 Malicious code in org.mvnpm:posthog-node (Maven)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security ea90a5928d7667bed4fa9f6effbbe6c8d3ad6521ca51ca2b01551bc02373a7d2 This package was compromised by the Sha1-Hulud: The Second Coming NPM worm. The malicious payload steals tokens and credentials and...

EUVD-2019-9239

Malware in sbrugna...

EUVD-2021-26296

Malware in sbrugna...

EUVD-2020-7512

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-39940

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 before 14.3.6, all versions starting from 14.4 before 14.4.4, all version...

CVE-2020-15525

GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of the Maven package upload endpoint...

CVE-2019-19628

In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient parameter sanitization for the Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditions...

org.webjars.npm:angular-lock (=2.0.3), org.webjars.npm:auth0-js (>=8.4.0 <=9.28.0) +11 more potentially affected by CVE-2025-46653 via org.webjars.npm:formidable (>=1.2.2 <=2.1.2)

org.webjars.npm:formidable MAVEN version =1.2.2, =8.4.0, =4.0.0-alpha, =1.1.0, =2.1.7, =1.0.6, =3.3.1, =7.1.6 - org.webjars.npm:supertest =3.4.2 Source cves: CVE-2025-46653 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-10006768...

MAL-2025-2552 Malicious code in io.github.leetcrunch:scribejava-core (Maven)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 8dd884cda209e50c2bd5185172f3c25968cb972cbd19234779b43f4f855f2d26 A malicious Maven Java package a typosquatting a legitimate OAuth Maven package. The malicious package collects and exfils OAuth credentia...

Malicious code in io.github.leetcrunch:scribejava-core (Maven)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 8dd884cda209e50c2bd5185172f3c25968cb972cbd19234779b43f4f855f2d26 A malicious Maven Java package a typosquatting a legitimate OAuth Maven package. The malicious package collects and exfils OAuth credentia...

SUSE: Security Advisory (SUSE-SU-2025:0719-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Advisory (SUSE-SU-2025:0719-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OPENSUSE-SU-2024:11042-1 maven-3.8.1-2.3 on GA media

These are all security issues fixed in the maven-3.8.1-2.3 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:12224-1 maven-3.8.6-1.1 on GA media

These are all security issues fixed in the maven-3.8.6-1.1 package on the GA media of openSUSE Tumbleweed...