Red hat process automation

This hub aggregates every CVE we track for Red hat process automation, a product in the devtools ci space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Red hat process automation.

• CVE-2026-43512Apache Tomcat: Digest authenticator will authenticate any unknown user9.8May 12, 2026
• CVE-2026-27903minimatch has a ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments7.5Feb 26, 2026
• CVE-2025-48734Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default8.8May 28, 2025
• CVE-2024-12798JaninoEventEvaluator vulnerability7.3Dec 19, 2024
• CVE-2024-9823Jetty DOS vulnerability on DosFilter5.3Oct 14, 2024
• CVE-2024-45801Tampering by prototype polution in DOMPurify7.3Sep 16, 2024
• CVE-2024-6162Undertow: url-encoded request path information can be broken on ajp-listener7.5Jun 20, 2024
• CVE-2024-4067Regular Expression Denial of Service in micromatch5.3May 13, 2024
• CVE-2023-6717Keycloak: xss via assertion consumer service url in saml post-binding flow6.0Apr 25, 2024
• CVE-2023-5685Xnio: stackoverflowexception when the chain of notifier states becomes problematically big7.5Mar 22, 2024
• CVE-2023-26159Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, ...7.3Jan 2, 2024
• CVE-2023-31582jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less.7.5Oct 24, 2023
• CVE-2022-4245Codehaus-plexus: xml external entity (xxe) injection4.3Sep 25, 2023
• CVE-2022-4244Codehaus-plexus: directory traversal7.5Sep 25, 2023
• CVE-2023-4853Quarkus: http security policy bypass8.1Sep 20, 2023