com.elasticbox.jenkins-ci.plugins:elasticbox (>=4.0.9 <=4.1.0), org.jenkins-ci.lib:xtrigger-lib (=0.36) +13 more potentially affected by CVE-2016-0792 via org.jenkins-ci.main:jenkins-core (>=1.643 <=1.649)

org.jenkins-ci.main:jenkins-core MAVEN version =1.643, =4.0.9, =1.643, =1.643, =1.645, =0.5, =1.648, =4.0.4, =1.0.0, =1.643, =1.0.45, =0.3.2, =0.3.8 - org.jenkins.plugins.statistics.gatherer:statistics-gatherer =1.0.1 Source cves: CVE-2016-0792 Source advisory: OSV:GHSA-45RG-G72W-R393...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1594 more potentially affected by CVE-2016-3723 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.29)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2016-3723 Source advisory: OSV:GHSA-8572-5JRG-MX52...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1594 more potentially affected by CVE-2016-3722 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.29)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2016-3722 Source advisory: OSV:GHSA-3857-XM38-JMQ2...

demo-joplin (>=1.0.1 <=1.0.8) potentially affected by CVE-2018-1000534 via joplin (=0.10.93)

joplin NPM version =0.10.93 is affected by a known vulnerability. The following packages have a transitive dependency on joplin and may be impacted: - demo-joplin =1.0.1, =1.0.8 Source cves: CVE-2018-1000534 Source advisory: OSV:GHSA-M6MF-HMRH-PH4J...

org.cloudfoundry.identity:cloudfoundry-identity-api (>=3.0.0 <=4.11.0), org.cloudfoundry.identity:cloudfoundry-identity-app (>=3.0.0 <=4.11.0) +1 more potentially affected by CVE-2018-11041 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=3.0.0 <=4.7.4)

org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.0.0, =3.0.0, =3.0.0, =3.0.0, =4.30.0 Source cves: CVE-2018-11041 Source advisory: OSV:GHSA-XH4M-99QP-W483...

GHSA-XH4M-99QP-W483 Cloud Foundry UAA open redirect

Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 except 4.10.1 and 4.7.5 and uaa-release versions later than v48 and prior to v60 except v55.1 and v52.9, does not validate redirect URL values on a form parameter used for internal UAA redirects on the login page, allowing open...

at.molindo:esi4j (>=0.3.0 <=1.0.1), be.thematchbox:AbstractRiver (=1.0.1) +301 more potentially affected by CVE-2014-6439 via org.elasticsearch:elasticsearch (>=0.6.0 <=1.4.0)

org.elasticsearch:elasticsearch MAVEN version =0.6.0, =0.3.0, =1.0.0, =0.1PRE4, =0.1PRE4, =0.1PRE4, =0.1PRE4, =0.0.1, =0.1.13, =0.1.1, =0.8.1, =0.1.0, =1.0, =1.0.0, =1.1.2, =1.8.0 and more Source cves: CVE-2014-6439 Source advisory: OSV:GHSA-8699-M855-CWQF...

com.cloudbees.jenkins.plugins:additional-identities-plugin (=1.1), com.sonyericsson.hudson.plugins.rebuild:rebuild (>=1.15 <=1.27) +30 more potentially affected by CVE-2012-6072 via org.jenkins-ci.main:jenkins-core (>=1.481 <=1.490)

org.jenkins-ci.main:jenkins-core MAVEN version =1.481, =1.15, =1.1, =0.2.0, =0.1.0, =1.0.0, =1.481, =1.481, =1.481, =1.481, =1.0, =1.1 - org.jenkins-ci.modules:slave-installer =1.0 - org.jenkins-ci.modules:upstart-slave-installer =1.0 - org.jenkins-ci.modules:windows-slave-installer =1.0 and more...

GHSA-372Q-33VH-8MPC Inconsistent documentation in Apache Tomcat

As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correct. As a...

at.chrl:chrl-jms (=1.1.0), at.researchstudio.sat:won-core (>=0.2 <=0.9) +527 more potentially affected by CVE-2016-6810 via org.apache.activemq:activemq-client (>=5.10.0 <=5.14.1)

org.apache.activemq:activemq-client MAVEN version =5.10.0, =0.2, =0.3, =0.2, =0.2, =0.3, =0.3, =0.3, =0.3, =0.3, =0.2, =0.3, =0.3, =0.6 - at.researchstudio.sat:won-owner =0.3 - at.researchstudio.sat:won-owner-webapp =0.3 and more Source cves: CVE-2016-6810 Source advisory: OSV:GHSA-5JG4-P78R-P5J3...

au.com.turingg:turingg-files (=0.0.1), au.com.turingg:turingg-mimak (=1.0.0) +65 more potentially affected by CVE-2018-8036 via org.apache.pdfbox:pdfbox (>=2.0.1 <=2.0.10)

org.apache.pdfbox:pdfbox MAVEN version =2.0.1, =1.0.0, =1.2, =0.9.2, =2.6.1, =2.6.2 - com.norconex.collectors:norconex-importer =2.6.1 - de.redsix:pdfcompare =1.1.32 - edu.usc.ir:sentiment-analysis-parser =0.1 - fr.pilato.elasticsearch.crawler:fscrawler =2.1 - io.bigconnect:dw-mime-type-detector...

au.com.skytix:mesos-scheduler-client (>=1.0.11 <=1.0.15), au.com.skytix:velocity-scheduler (>=1.0.34 <=1.0.40) +40 more potentially affected by CVE-2017-9790 via org.apache.mesos:mesos (>=0.9.0-incubating <=1.1.2)

org.apache.mesos:mesos MAVEN version =0.9.0-incubating, =1.0.11, =1.0.34, =2.1.7, =2.1.7, =2.2.0, =2.2.0, =2.1.2, =2.1.2, =0.18.0, =0.1.3, =0.1.3, =0.18.0, =0.18.0, =0.18.0, =0.1.0, =0.2.0 and more Source cves: CVE-2017-9790 Source advisory: OSV:GHSA-VPCV-78CP-WHR3...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1304 more potentially affected by CVE-2015-5322 via org.jenkins-ci.main:jenkins-core (>=1.396 <=1.625.1)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =0.0.1, =0.9, =1.3, =1.0, =1.0, =2.2.1, =1.0.3, =1.0.0, =1.0, =1.0.0, =1.2.0 and more Source cves: CVE-2015-5322 Source advisory: OSV:GHSA-89VC-7FRQ-2RFJ...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1304 more potentially affected by CVE-2015-5318 via org.jenkins-ci.main:jenkins-core (>=1.396 <=1.625.1)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =0.0.1, =0.9, =1.3, =1.0, =1.0, =2.2.1, =1.0.3, =1.0.0, =1.0, =1.0.0, =1.2.0 and more Source cves: CVE-2015-5318 Source advisory: OSV:GHSA-3WMV-7PHP-RHG5...

com.piketec.jenkins.plugins:piketec-tpt (=6.3), io.jenkins.plugins:aws-lambda-cloud (>=0.3 <=0.4) +13 more potentially affected by CVE-2015-5321 via org.jenkins-ci.main:jenkins-core (>=1.626 <=1.637)

org.jenkins-ci.main:jenkins-core MAVEN version =1.626, =0.3, =1.2, =1.1.2, =1.626, =1.626, =1.1.0, =0.1, =0.2, =0.1, =2.4, =1.626, =1.21, =1.0.3, =1.0, =2.0.27 Source cves: CVE-2015-5321 Source advisory: SNYK:JAVA-ORGJENKINSCIMAIN-9404329...

cc.voox:publisher (=0.1.2.GA), com.bluejeans:ipc-channel-utils (>=1.0 <=1.0.1) +141 more potentially affected by CVE-2016-2173 via org.springframework.amqp:spring-amqp (>=1.0.0.RELEASE <=1.5.4.RELEASE)

org.springframework.amqp:spring-amqp MAVEN version =1.0.0.RELEASE, =1.0, =1.0, =0.9.0, =0.20.0, =1.31.1, =1.27.1, =1.31.0, =1.31.1, =1.31.1, =1.31.1, =1.31.1, =1.31.1, =1.31.1, =1.34.1 - com.bq.oss.corbel:evci =1.20.0 and more Source cves: CVE-2016-2173 Source advisory: OSV:GHSA-HRP3-8P5W-27GV...

be.orbinson.aem:aemaacs-opentelemetry-instrumentation.core (=1.2.0), biz.netcentric.cq.tools.accesscontroltool:accesscontroltool-bundle (>=1.2.8 <=4.2.1) +556 more potentially affected by CVE-2015-2944 via org.apache.sling:org.apache.sling.api (>=2.0.2-incubator <=2.2.0)

org.apache.sling:org.apache.sling.api MAVEN version =2.0.2-incubator, =1.2.8, =2.5.4, =3.0.0, =4.2.0, =1.0.0, =1.0.0, =0.1.1, =1.0.1, =3.1.1, =3.1.1, =0.0.1, =0.1.0, =0.1.3333 and more Source cves: CVE-2015-2944 Source advisory: OSV:GHSA-RXVX-44W5-44R7...

br.com.esec.icpm:certillion-client-library (>=1.1.7 <=1.2.0), br.com.esec.icpm:certillion-client-library-resteasy-plugin (>=1.1.9 <=1.1.10) +59 more potentially affected by CVE-2014-0034 via org.apache.cxf:cxf-rt-ws-security (>=2.7.0 <=2.7.8)

org.apache.cxf:cxf-rt-ws-security MAVEN version =2.7.0, =1.1.7, =1.1.9, =1.2.5, =0.6.49, =0.6.49, =1.0.1, =1.0.0, =1.0.0, =1.1, =2.11.0, =2.13.4 and more Source cves: CVE-2014-0034 Source advisory: OSV:GHSA-38X2-FP9M-87MX...

ai.idylnlp:idylnlp-nlp-language-detection-tika (>=1.0.0 <=1.1.0), com.argusoft:medplat_core (>=0.0.1 <=0.0.8) +412 more potentially affected by CVE-2017-5653 via org.apache.cxf:cxf-core (>=3.0.0-milestone1 <=3.0.12)

org.apache.cxf:cxf-core MAVEN version =3.0.0-milestone1, =1.0.0, =0.0.1, =3.0.1, =3.1.2, =0.0.1, =0.6, =0.1.0, =0.1.0, =1.1.0 and more Source cves: CVE-2017-5653 Source advisory: OSV:GHSA-HGG6-8X62-M9GF...

org.cloudfoundry.identity:cloudfoundry-identity-api (>=3.10.0 <=3.15.0), org.cloudfoundry.identity:cloudfoundry-identity-app (>=3.10.0 <=3.15.0) +1 more potentially affected by CVE-2017-4974 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=3.10.0 <=3.15.0)

org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.10.0, =3.10.0, =3.10.0, =3.10.0, =3.15.0 Source cves: CVE-2017-4974 Source advisory: OSV:GHSA-CW9C-V3V2-99HM...