26517 matches found
dsipts (>=1.1.5 <=1.1.39), kedro-aim (>=0.1.1 <=0.1.3) +7 more potentially affected by CVE-2025-5321 via aim (>=3.17.4 <=3.29.1)
aim PYPI version =3.17.4, =1.1.5, =0.1.1, =0.0.1, =0.0.1, =0.0.20, =0.1.0, =0.5.6 Source cves: CVE-2025-5321 Source advisory: OSV:GHSA-GP5H-F9C5-8355...
3d-rcnet (>=0.2.2 <=0.2.3), aa-prepflow (>=0.1.0 <=0.1.1) +1131 more potentially affected by CVE-2025-5320 via gradio (>=1.7.7 <=6.9.0)
gradio PYPI version =1.7.7, =0.2.2, =0.1.0, =0.3.0, =0.0.3, =0.1.5, =0.8.2.4, =0.2.1, =1.2.0, =0.1.0, =0.1.0, =0.1.0, =2.0.0, =3.3.9 and more Source cves: CVE-2025-5320 Source advisory: SNYK:PYTHON-GRADIO-10265013...
com.github.hazendaz:displaytag (>=2.8.0 <=3.3.0), com.github.hazendaz:displaytag-examples (>=2.8.0 <=3.3.0) +8 more potentially affected by CVE-2025-48734 via org.apache.commons:commons-beanutils2 (=2.0.0-M1)
org.apache.commons:commons-beanutils2 MAVEN version =2.0.0-M1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.commons:commons-beanutils2 and may be impacted: - com.github.hazendaz:displaytag =2.8.0, =2.8.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0,...
com.github.hazendaz:displaytag (>=2.8.0 <=3.3.0), com.github.hazendaz:displaytag-examples (>=2.8.0 <=3.3.0) +8 more potentially affected by CVE-2025-48734 via org.apache.commons:commons-beanutils2 (=2.0.0-M1)
org.apache.commons:commons-beanutils2 MAVEN version =2.0.0-M1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.commons:commons-beanutils2 and may be impacted: - com.github.hazendaz:displaytag =2.8.0, =2.8.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0,...
au.com.dius.pact.consumer:groovy (=4.7.0-beta.1), au.com.dius.pact.consumer:junit (=4.7.0-beta.1) +1556 more potentially affected by CVE-2025-48734 via commons-beanutils:commons-beanutils (>=1.0 <=1.10.1)
commons-beanutils:commons-beanutils MAVEN version =1.0, =1.10.1 is affected by a known vulnerability. The following packages have a transitive dependency on commons-beanutils:commons-beanutils and may be impacted: - au.com.dius.pact.consumer:groovy =4.7.0-beta.1 - au.com.dius.pact.consumer:junit...
au.com.dius.pact.consumer:groovy (=4.7.0-beta.1), au.com.dius.pact.consumer:junit (=4.7.0-beta.1) +1556 more potentially affected by CVE-2025-48734 via commons-beanutils:commons-beanutils (>=1.0 <=1.10.1)
commons-beanutils:commons-beanutils MAVEN version =1.0, =1.10.1 is affected by a known vulnerability. The following packages have a transitive dependency on commons-beanutils:commons-beanutils and may be impacted: - au.com.dius.pact.consumer:groovy =4.7.0-beta.1 - au.com.dius.pact.consumer:junit...
aggregation-agent (>=0.1.2 <=0.1.11), airflow-add-ons (>=0.2.7 <=0.2.15) +125 more potentially affected by CVE-2025-5279 via redshift-connector (>=2.0.888 <=2.1.2)
redshift-connector PYPI version =2.0.888, =0.1.2, =0.2.7, =0.0.1, =0.2.0, =0.1.0, =0.1.0, =0.1.0, =0.0.3, =0.1.0, =3.1.0rc1, =1.0.0, =1.0.4 - arrowjet =0.1.0 and more Source cves: CVE-2025-5279 Source advisory: OSV:GHSA-R244-WG5G-6W2R...
aggregation-agent (>=0.1.2 <=0.1.11), airflow-add-ons (>=0.2.7 <=0.2.15) +125 more potentially affected by CVE-2025-5279 via redshift-connector (>=2.0.888 <=2.1.2)
redshift-connector PYPI version =2.0.888, =0.1.2, =0.2.7, =0.0.1, =0.2.0, =0.1.0, =0.1.0, =0.1.0, =0.0.3, =0.1.0, =3.1.0rc1, =1.0.0, =1.0.4 - arrowjet =0.1.0 and more Source cves: CVE-2025-5279 Source advisory: SNYK:PYTHON-REDSHIFTCONNECTOR-10259369...
com.ritense.valtimo:portaaltaak (>=11.0.0.RELEASE <=11.3.3.RELEASE), com.ritense.valtimo:valtimo-gzac-dependencies (>=11.0.0.RELEASE <=11.3.3.RELEASE) +1 more potentially affected by CVE-2025-48881 via com.ritense.valtimo:object-management (>=11.0.0.RELEASE <=11.3.3.RELEASE)
com.ritense.valtimo:object-management MAVEN version =11.0.0.RELEASE, =11.0.0.RELEASE, =11.0.0.RELEASE, =11.0.0.RELEASE, =11.3.3.RELEASE Source cves: CVE-2025-48881 Source advisory: OSV:GHSA-965R-9CG9-G42P...
com.ritense.valtimo:portaaltaak (>=11.0.0.RELEASE <=12.12.0.RELEASE), com.ritense.valtimo:valtimo-gzac-dependencies (>=11.0.0.RELEASE <=12.12.0.RELEASE) +3 more potentially affected by CVE-2025-48881 via com.ritense.valtimo:object-management (>=11.0.0.RELEASE <=12.12.0.RELEASE)
com.ritense.valtimo:object-management MAVEN version =11.0.0.RELEASE, =11.0.0.RELEASE, =11.0.0.RELEASE, =11.0.0.RELEASE, =1.0.1, =0.3.0, =0.4.0 Source cves: CVE-2025-48881 Source advisory: SNYK:JAVA-COMRITENSEVALTIMO-10293747...
com.ritense.valtimo:portaaltaak (>=12.0.0.RELEASE <=12.12.0.RELEASE), com.ritense.valtimo:valtimo-gzac-dependencies (>=12.0.0.RELEASE <=12.12.0.RELEASE) +3 more potentially affected by CVE-2025-48881 via com.ritense.valtimo:object-management (>=12.0.0.RELEASE <=12.12.0.RELEASE)
com.ritense.valtimo:object-management MAVEN version =12.0.0.RELEASE, =12.0.0.RELEASE, =12.0.0.RELEASE, =12.0.0.RELEASE, =1.0.1, =0.3.0, =0.4.0 Source cves: CVE-2025-48881 Source advisory: OSV:GHSA-965R-9CG9-G42P...
airunner (>=3.0.0 <=3.1.7), athina (>=1.7.0 <=1.7.39) +26 more potentially affected by CVE-2025-1753 via llama-index-cli (>=0.1.13 <=0.4.0)
llama-index-cli PYPI version =0.1.13, =3.0.0, =1.7.0, =0.1.3, =0.1.169, =0.1.0, =0.3.0, =0.0.52, =1.0.9, =1.0.3.post1, =0.1.2, =0.1.7.dev20240924104148, =0.11.0, =0.11.23 - llama-index-callbacks-honeyhive =0.2.0 - llama-index-collection =0.2.0 and more Source cves: CVE-2025-1753 Source advisory:...
airunner (>=3.0.0 <=3.1.7), athina (>=1.7.0 <=1.7.39) +26 more potentially affected by CVE-2025-1753 via llama-index-cli (>=0.1.13 <=0.4.0)
llama-index-cli PYPI version =0.1.13, =3.0.0, =1.7.0, =0.1.3, =0.1.169, =0.1.0, =0.3.0, =0.0.52, =1.0.9, =1.0.3.post1, =0.1.2, =0.1.7.dev20240924104148, =0.11.0, =0.11.23 - llama-index-callbacks-honeyhive =0.2.0 - llama-index-collection =0.2.0 and more Source cves: CVE-2025-1753 Source advisory:...
org.apache.inlong:manager-client (>=1.3.0 <=2.1.0), org.apache.inlong:manager-client-examples (>=1.3.0 <=2.1.0) +2 more potentially affected by CVE-2025-27526 via org.apache.inlong:manager-pojo (>=1.13.0 <=2.1.0)
org.apache.inlong:manager-pojo MAVEN version =1.13.0, =1.3.0, =1.3.0, =1.3.0, =1.13.0, =2.1.0 Source cves: CVE-2025-27526 Source advisory: OSV:GHSA-532X-J9R7-8F73...
org.apache.inlong:manager-client (>=1.3.0 <=2.1.0), org.apache.inlong:manager-client-examples (>=1.3.0 <=2.1.0) +2 more potentially affected by CVE-2025-27528 via org.apache.inlong:manager-pojo (>=1.13.0 <=2.1.0)
org.apache.inlong:manager-pojo MAVEN version =1.13.0, =1.3.0, =1.3.0, =1.3.0, =1.13.0, =2.1.0 Source cves: CVE-2025-27528 Source advisory: OSV:GHSA-98V7-XXXV-HCRH...
org.apache.inlong:manager-client (>=1.3.0 <=2.1.0), org.apache.inlong:manager-client-examples (>=1.3.0 <=2.1.0) +2 more potentially affected by CVE-2025-27522 via org.apache.inlong:manager-pojo (>=1.13.0 <=2.1.0)
org.apache.inlong:manager-pojo MAVEN version =1.13.0, =1.3.0, =1.3.0, =1.3.0, =1.13.0, =2.1.0 Source cves: CVE-2025-27522 Source advisory: OSV:GHSA-R324-VGR5-73C9...
org.apache.inlong:manager-client (>=1.3.0 <=2.1.0), org.apache.inlong:manager-client-examples (>=1.3.0 <=2.1.0) +2 more potentially affected by CVE-2025-27526 via org.apache.inlong:manager-pojo (>=1.13.0 <=2.1.0)
org.apache.inlong:manager-pojo MAVEN version =1.13.0, =1.3.0, =1.3.0, =1.3.0, =1.13.0, =2.1.0 Source cves: CVE-2025-27526 Source advisory: SNYK:JAVA-ORGAPACHEINLONG-10255360...
org.apache.inlong:manager-client (>=1.1.0-incubating <=2.1.0), org.apache.inlong:manager-client-examples (>=1.1.0-incubating <=2.1.0) +3 more potentially affected by CVE-2025-27526 via org.apache.inlong:manager-common (>=1.13.0 <=2.1.0)
org.apache.inlong:manager-common MAVEN version =1.13.0, =1.1.0-incubating, =1.1.0-incubating, =1.1.0-incubating, =1.3.0, =1.13.0, =2.1.0 Source cves: CVE-2025-27526 Source advisory: SNYK:JAVA-ORGAPACHEINLONG-10255359...
org.apache.inlong:manager-client (>=1.1.0-incubating <=2.1.0), org.apache.inlong:manager-client-examples (>=1.1.0-incubating <=2.1.0) +3 more potentially affected by CVE-2025-27528 via org.apache.inlong:manager-common (>=1.13.0 <=2.1.0)
org.apache.inlong:manager-common MAVEN version =1.13.0, =1.1.0-incubating, =1.1.0-incubating, =1.1.0-incubating, =1.3.0, =1.13.0, =2.1.0 Source cves: CVE-2025-27528 Source advisory: SNYK:JAVA-ORGAPACHEINLONG-10255362...
org.apache.inlong:manager-client (>=1.3.0 <=2.1.0), org.apache.inlong:manager-client-examples (>=1.3.0 <=2.1.0) +2 more potentially affected by CVE-2025-27528 via org.apache.inlong:manager-pojo (>=1.13.0 <=2.1.0)
org.apache.inlong:manager-pojo MAVEN version =1.13.0, =1.3.0, =1.3.0, =1.3.0, =1.13.0, =2.1.0 Source cves: CVE-2025-27528 Source advisory: SNYK:JAVA-ORGAPACHEINLONG-10255363...
byro (=2023.1.0), django-ndr-core (>=0.8.0 <=0.42.0) +4 more potentially affected by CVE-2025-48383 via django-select2 (>=8.0.0 <=8.2.1)
django-select2 PYPI version =8.0.0, =0.8.0, =4.0.2, =0.1.4.12, =0.1.2.5, =0.1.2.15 - nobinobi-kitchen =0.1.1 Source cves: CVE-2025-48383 Source advisory: SNYK:PYTHON-DJANGOSELECT2-10255155...
aldryn-django-cms (=3.5.3.2), aleksis (>=1.0.0a4.dev0 <=2023.1.0.dev0) +43 more potentially affected by CVE-2025-48383 via django-select2 (>=4.3.2 <=8.2.4)
django-select2 PYPI version =4.3.2, =1.0.0a4.dev0, =2.0.0, =1.0.0, =2.0.0, =2.1.0, =2.0.0, =0.1.0, =2.0.0, =2.0.0, =2.0.0, =0.1.1, =2.0.0, =2.2.0 and more Source cves: CVE-2025-48383 Source advisory: OSV:GHSA-WJRH-HJ83-3WH7...
@beardeddudes/strapi-types (=0.1.0), @bimbeo160/admin (=4.12.2) +67 more potentially affected by CVE-2024-52588 via @strapi/admin (>=0.0.0-a230f29587d4a221c9c686ca4e467b3fb465631a <=4.25.19)
@strapi/admin NPM version =0.0.0-a230f29587d4a221c9c686ca4e467b3fb465631a, =4.12.2, =1.0.9, =1.3.2, =0.2.0, =1.0.0-alpha.0, =1.1.0, =4.12.4-lakileki.1, =4.12.4-rc4 - @musaev/strapi =4.12.4-rc2 - @musaev/strapiadmin =4.12.4 and more Source cves: CVE-2024-52588 Source advisory: OSV:GHSA-V8WJ-F5C7-P...
@env-hopper/backend-core (>=2.0.1-alpha-20260224145405 <=2.0.1-alpha.3), @env-hopper/frontend-core (>=2.0.1-alpha <=2.0.1-alpha.11) +4 more potentially affected by CVE-2025-48054 via radashi (=12.5.0-beta.6d5c035)
radashi NPM version =12.5.0-beta.6d5c035 is affected by a known vulnerability. The following packages have a transitive dependency on radashi and may be impacted: - @env-hopper/backend-core =2.0.1-alpha-20260224145405, =2.0.1-alpha, =2.0.1-alpha-20260224145405, =0.0.1, =0.0.1, =0.0.1,...
org.apache.inlong:manager-client (>=1.7.0 <=2.1.0), org.apache.inlong:manager-client-examples (>=1.7.0 <=2.1.0) +2 more potentially affected by CVE-2024-26579 +1 more via org.apache.inlong:manager-pojo (>=1.7.0 <=2.1.0)
org.apache.inlong:manager-pojo MAVEN version =1.7.0, =1.7.0, =1.7.0, =1.7.0, =2.0.0, =2.1.0 Source cves: CVE-2024-26579, CVE-2025-27522 Source advisory: SNYK:JAVA-ORGAPACHEINLONG-10255181...
kolibri-light (>=0.1.1 <=0.3.2) potentially affected by CVE-2025-5175 via pypickle (=1.1.0)
pypickle PYPI version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on pypickle and may be impacted: - kolibri-light =0.1.1, =0.3.2 Source cves: CVE-2025-5175 Source advisory: OSV:GHSA-QPXX-2CWH-R5VH...
kolibri-light (>=0.1.1 <=0.3.2) potentially affected by CVE-2025-5174 via pypickle (=1.1.0)
pypickle PYPI version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on pypickle and may be impacted: - kolibri-light =0.1.1, =0.3.2 Source cves: CVE-2025-5174 Source advisory: OSV:GHSA-5QWJ-342R-H886...
fast-label-studio (>=0.1.0 <=0.4.0), label-studio-paddleocr (>=0.1.0 <=0.2.0) +1 more potentially affected by CVE-2025-5173 via label-studio-ml (=1.0.9)
label-studio-ml PYPI version =1.0.9 is affected by a known vulnerability. The following packages have a transitive dependency on label-studio-ml and may be impacted: - fast-label-studio =0.1.0, =0.1.0, =0.2.0 - phenocv =0.1.0 Source cves: CVE-2025-5173 Source advisory: OSV:GHSA-55G9-6C2X-GF8Q...
kolibri-light (>=0.1.1 <=0.3.2) potentially affected by CVE-2025-5175 via pypickle (=1.1.0)
pypickle PYPI version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on pypickle and may be impacted: - kolibri-light =0.1.1, =0.3.2 Source cves: CVE-2025-5175 Source advisory: OSV:PYSEC-2025-46...
kolibri-light (>=0.1.1 <=0.3.2) potentially affected by CVE-2025-5174 via pypickle (=1.1.0)
pypickle PYPI version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on pypickle and may be impacted: - kolibri-light =0.1.1, =0.3.2 Source cves: CVE-2025-5174 Source advisory: OSV:PYSEC-2025-45...
fable3d (>=1.0.0 <=1.1.4), liblaf-melon (>=0.1.10 <=0.1.17) +4 more potentially affected by CVE-2025-5169 via pyassimp (=5.2.5)
pyassimp PYPI version =5.2.5 is affected by a known vulnerability. The following packages have a transitive dependency on pyassimp and may be impacted: - fable3d =1.0.0, =0.1.10, =0.2.1, =0.2.14, =0.1.4, =0.2.0, =0.2.1 Source cves: CVE-2025-5169 Source advisory: OSV:PYSEC-2025-176...
fable3d (>=1.0.0 <=1.1.4), liblaf-melon (>=0.1.10 <=0.1.17) +4 more potentially affected by CVE-2025-5168 via pyassimp (=5.2.5)
pyassimp PYPI version =5.2.5 is affected by a known vulnerability. The following packages have a transitive dependency on pyassimp and may be impacted: - fable3d =1.0.0, =0.1.10, =0.2.1, =0.2.14, =0.1.4, =0.2.0, =0.2.1 Source cves: CVE-2025-5168 Source advisory: OSV:PYSEC-2025-175...
fable3d (>=1.0.0 <=1.1.4), liblaf-melon (>=0.1.10 <=0.1.17) +4 more potentially affected by CVE-2025-5167 via pyassimp (=5.2.5)
pyassimp PYPI version =5.2.5 is affected by a known vulnerability. The following packages have a transitive dependency on pyassimp and may be impacted: - fable3d =1.0.0, =0.1.10, =0.2.1, =0.2.14, =0.1.4, =0.2.0, =0.2.1 Source cves: CVE-2025-5167 Source advisory: OSV:PYSEC-2025-174...
fable3d (>=1.0.0 <=1.1.4), liblaf-melon (>=0.1.10 <=0.1.17) +4 more potentially affected by CVE-2025-5166 via pyassimp (=5.2.5)
pyassimp PYPI version =5.2.5 is affected by a known vulnerability. The following packages have a transitive dependency on pyassimp and may be impacted: - fable3d =1.0.0, =0.1.10, =0.2.1, =0.2.14, =0.1.4, =0.2.0, =0.2.1 Source cves: CVE-2025-5166 Source advisory: OSV:PYSEC-2025-173...
fable3d (>=1.0.0 <=1.1.4), liblaf-melon (>=0.1.10 <=0.1.17) +4 more potentially affected by CVE-2025-5165 via pyassimp (=5.2.5)
pyassimp PYPI version =5.2.5 is affected by a known vulnerability. The following packages have a transitive dependency on pyassimp and may be impacted: - fable3d =1.0.0, =0.1.10, =0.2.1, =0.2.14, =0.1.4, =0.2.0, =0.2.1 Source cves: CVE-2025-5165 Source advisory: OSV:PYSEC-2025-172...
alaas (>=0.1.6 <=0.2.1), annlite (>=0.3.14 <=0.4.0) +73 more potentially affected by CVE-2025-5150 via docarray (>=0.12.9 <=0.41.0)
docarray PYPI version =0.12.9, =0.1.6, =0.3.14, =0.0.3, =0.1.0, =0.1.0, =0.1.7, =0.3.9, =0.3.9, =0.5.2, =0.3.9, =0.3.9, =0.5.2, =0.5.7 - fasr-enhancement-deepfilternet =0.5.7 - fasr-enhancement-dtln =0.5.7 and more Source cves: CVE-2025-5150 Source advisory: SNYK:PYTHON-DOCARRAY-10246594...
arcodeai (>=0.1.0 <=0.1.2), auto-retrieval-plugin (>=0.1.0 <=0.1.5) +46 more potentially affected by CVE-2025-5150 via docarray (>=0.12.9 <=0.40.0)
docarray PYPI version =0.12.9, =0.1.0, =0.1.0, =0.2.5, =0.3.9, =0.3.9, =0.5.2, =0.3.9, =0.3.9, =0.5.2, =0.3.9, =0.5.7 and more Source cves: CVE-2025-5150 Source advisory: OSV:GHSA-J9WP-865G-RF48...
@applitools/bongo (>=5.1.2 <=5.10.0), @arakoodev/edgechains.js (>=0.25.0 <=0.30.1) +831 more potentially affected by CVE-2018-25110 via marked (>=0.0.1 <=0.3.16)
marked NPM version =0.0.1, =5.1.2, =0.25.0, =0.1.12-alpha.0, =0.0.1, =0.1.0, =1.0.0, =2.5.2, =2.5.4 and more Source cves: CVE-2018-25110 Source advisory: OSV:GHSA-P9WX-2529-FP83...
keeshond_editor (>=0.1.0 <=0.13.0), keeshond_migrator (>=0.1.0 <=0.1.1) +2 more potentially affected by unknown CVE via toodee (>=0.2.4 <=0.3.0)
toodee CARGO version =0.2.4, =0.1.0, =0.1.0, =0.10.0, =0.13.0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0062...
pingora (>=0.1.0 <=0.4.0), pingora-cache (>=0.1.0 <=0.4.0) +3 more potentially affected by CVE-2025-4366 via pingora-core (>=0.1.1 <=0.4.0)
pingora-core CARGO version =0.1.1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.4.0 - static-files-module =0.1.0 Source cves: CVE-2025-4366 Source advisory: OSV:RUSTSEC-2025-0037...
au.com.versent.jenkins.plugins:ignore-committer-strategy (>=37.v0d3157c4a_ef8 <=57.v0756db_b_f6926), ch.admin.bit.jeap:jeap-initializer (>=2.6.0 <=4.1.0) +224 more potentially affected by CVE-2025-4949 via org.eclipse.jgit:org.eclipse.jgit (=7.0.0.202409031743-r)
org.eclipse.jgit:org.eclipse.jgit MAVEN version =7.0.0.202409031743-r is affected by a known vulnerability. The following packages have a transitive dependency on org.eclipse.jgit:org.eclipse.jgit and may be impacted: - au.com.versent.jenkins.plugins:ignore-committer-strategy =37.v0d3157c4aef8,...
au.com.versent.jenkins.plugins:ignore-committer-strategy (=29.v7c3891a_434c3), ch.admin.bit.jeap:jeap-message-contract-domain (>=3.26.0 <=3.33.0) +709 more potentially affected by CVE-2025-4949 via org.eclipse.jgit:org.eclipse.jgit (>=6.0.0.202111291000-r <=6.10.0.202406032230-r)
org.eclipse.jgit:org.eclipse.jgit MAVEN version =6.0.0.202111291000-r, =3.26.0, =3.26.0, =3.26.0, =3.26.0, =3.26.0, =8.15.0, =8.15.0, =1.5.0, =1.15.2 - com.a65apps.changelog:com.a65apps.changelog.gradle.plugin =1.1.10 - com.a65apps.changelog:plugin =1.1.10 -...
ai.pipestream:quarkus-grpc-gatherer-deployment (>=0.1.0 <=0.1.1), ch.admin.bit.jeap:jeap-archrepo-importer-messagetype (>=1.10.0 <=1.23.0) +182 more potentially affected by CVE-2025-4949 via org.eclipse.jgit:org.eclipse.jgit (=7.1.0.202411261347-r)
org.eclipse.jgit:org.eclipse.jgit MAVEN version =7.1.0.202411261347-r is affected by a known vulnerability. The following packages have a transitive dependency on org.eclipse.jgit:org.eclipse.jgit and may be impacted: - ai.pipestream:quarkus-grpc-gatherer-deployment =0.1.0, =1.10.0, =1.10.0,...
ai.pipestream:quarkus-grpc-gatherer-deployment (>=0.1.0 <=0.1.1), ch.admin.bit.jeap:jeap-archrepo-importer-messagetype (>=1.10.0 <=1.23.0) +182 more potentially affected by CVE-2025-4949 via org.eclipse.jgit:org.eclipse.jgit (=7.1.0.202411261347-r)
org.eclipse.jgit:org.eclipse.jgit MAVEN version =7.1.0.202411261347-r is affected by a known vulnerability. The following packages have a transitive dependency on org.eclipse.jgit:org.eclipse.jgit and may be impacted: - ai.pipestream:quarkus-grpc-gatherer-deployment =0.1.0, =1.10.0, =1.10.0,...
at.molindo:git-commit-id-plugin (=2.1.10-alpha-1), at.nonblocking:nonsnapshot-maven-plugin (=3.0.1) +4321 more potentially affected by CVE-2025-4949 via org.eclipse.jgit:org.eclipse.jgit (>=1.2.0.201112221803-r <=5.13.3.202401111512-r)
org.eclipse.jgit:org.eclipse.jgit MAVEN version =1.2.0.201112221803-r, =2.0.0, =2.0.4, =0.1.1, =0.1.1, =2.0.0, =0.0.1, =0.2.8, =1.5.6 - br.com.sabium.gradle-bump:br.com.sabium.gradle-bump.gradle.plugin =1.0.1 and more Source cves: CVE-2025-4949 Source advisory: OSV:GHSA-VRPQ-QP53-QV56...
ch.admin.bit.jeap:jeap-messaging-avro-maven-plugin (>=8.31.0 <=8.50.0), ch.admin.bit.jeap:jeap-messaging-registry-maven-plugin (>=8.31.0 <=8.50.0) +166 more potentially affected by CVE-2025-4949 via org.eclipse.jgit:org.eclipse.jgit (=7.2.0.202503040940-r)
org.eclipse.jgit:org.eclipse.jgit MAVEN version =7.2.0.202503040940-r is affected by a known vulnerability. The following packages have a transitive dependency on org.eclipse.jgit:org.eclipse.jgit and may be impacted: - ch.admin.bit.jeap:jeap-messaging-avro-maven-plugin =8.31.0, =8.31.0, =2.59.0,...
au.com.versent.jenkins.plugins:ignore-committer-strategy (>=37.v0d3157c4a_ef8 <=57.v0756db_b_f6926), ch.admin.bit.jeap:jeap-initializer (>=2.6.0 <=4.1.0) +224 more potentially affected by CVE-2025-4949 via org.eclipse.jgit:org.eclipse.jgit (=7.0.0.202409031743-r)
org.eclipse.jgit:org.eclipse.jgit MAVEN version =7.0.0.202409031743-r is affected by a known vulnerability. The following packages have a transitive dependency on org.eclipse.jgit:org.eclipse.jgit and may be impacted: - au.com.versent.jenkins.plugins:ignore-committer-strategy =37.v0d3157c4aef8,...
ch.admin.bit.jeap:jeap-messaging-avro-maven-plugin (>=8.31.0 <=8.50.0), ch.admin.bit.jeap:jeap-messaging-registry-maven-plugin (>=8.31.0 <=8.50.0) +166 more potentially affected by CVE-2025-4949 via org.eclipse.jgit:org.eclipse.jgit (=7.2.0.202503040940-r)
org.eclipse.jgit:org.eclipse.jgit MAVEN version =7.2.0.202503040940-r is affected by a known vulnerability. The following packages have a transitive dependency on org.eclipse.jgit:org.eclipse.jgit and may be impacted: - ch.admin.bit.jeap:jeap-messaging-avro-maven-plugin =8.31.0, =8.31.0, =2.59.0,...
org.coldis.library:persistence (>=2.0.34 <=2.0.38), org.eclipse.hawkbit:hawkbit-ddi-server (>=0.7.0 <=0.8.0) +10 more potentially affected by CVE-2025-41232 via org.springframework.security:spring-security-aspects (>=6.4.1 <=6.4.4)
org.springframework.security:spring-security-aspects MAVEN version =6.4.1, =2.0.34, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.8.0 Source cves: CVE-2025-41232 Source advisory: OSV:GHSA-9PP5-9C7G-4R83...
app.valuationcontrol:library (>=0.5.8 <=0.5.9), at.aimon.ops:aimon-ops-api (>=0.0.1 <=0.0.2) +2667 more potentially affected by CVE-2025-41232 via org.springframework.security:spring-security-core (>=6.4.0 <=6.4.5)
org.springframework.security:spring-security-core MAVEN version =6.4.0, =0.5.8, =0.0.1, =55.v51410e712e0c, =1.5.4.RELEASE, =1.0.1, =1.0.2, =1.0.4, =1.0.2, =1.0.16, =1.0.2, =1.0.4, =1.10.0, =1.10.0, =1.10.0, =1.15.1 and more Source cves: CVE-2025-41232 Source advisory: OSV:GHSA-9PP5-9C7G-4R83...