maven
OSS Librariespackage-ecosystem
Latest CVEs
The 15 most recently published vulnerabilities affecting maven.
- CVE-2026-25534Spinnaker clouddriver and orca URL validation bypass via underscores in hostnames9.1
- CVE-2025-60012Apache Livy: Restrict file access6.3
- CVE-2025-66249Apache Livy: Unauthorized directory access6.3
- CVE-2026-3911Org.keycloak.services.resources.admin.userresource: keycloak: information disclosure of disabled user attributes via administrative endpoint2.7
- CVE-2026-2742Unauthorized session creation via reserved framework path access5.3
- CVE-2026-2741Zip Slip Path Traversal on Node Unpack6.8
- CVE-2026-23907Apache PDFBox Examples: Path Traversal in PDFBox ExtractEmbeddedFiles Example Code5.3
- CVE-2026-24713Apache IoTDB: JEXL Expression Injection Vulnerability9.8
- CVE-2026-24015Apache IoTDB: Insecure Default Configuration Vulnerability9.8
- CVE-2026-24308Apache ZooKeeper: Sensitive information disclosure in client configuration handling7.5
- CVE-2026-3047Org.keycloak.broker.saml: keycloak saml broker: authentication bypass due to disabled saml client completing idp-initiated login8.8
- CVE-2026-3009Org.keycloak/keycloak-services: improper enforcement of disabled identity provider in identitybrokerservice (authentication bypass)8.1
- CVE-2026-1605In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, class GzipHandler exposes a vulnerability when a compressed HTTP request, with Content-Encoding: gzip, is processed and the correspondin...7.5
- CVE-2025-11143The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in secur...3.7
- CVE-2026-29000pac4j-jwt JwtAuthenticator Authentication Bypass9.1