From ac94daf7fdb56414b0611f509ee17ea660898a31 Mon Sep 17 00:00:00 2001
From: "team-moderne[bot]" <team@moderne.io>
Date: Mon, 2 Dec 2024 11:20:26 +0000
Subject: [PATCH] [Auto] GitHub advisories as of 2024-12-02T1119 for Maven

---
 src/main/resources/advisories-maven.csv | 141 ++++++++++++++----------
 1 file changed, 83 insertions(+), 58 deletions(-)

diff --git a/src/main/resources/advisories-maven.csv b/src/main/resources/advisories-maven.csv
index ad44064..b40fedb 100644
--- a/src/main/resources/advisories-maven.csv
+++ b/src/main/resources/advisories-maven.csv
@@ -1214,8 +1214,8 @@ CVE-2017-12610,2022-05-13T01:25:19Z,"Improper Authentication in Apache Kafka","o
 CVE-2017-12610,2022-05-13T01:25:19Z,"Improper Authentication in Apache Kafka","org.apache.kafka:kafka-clients",0.11.0.0,0.11.0.2,MODERATE,CWE-287
 CVE-2017-12611,2018-10-16T19:35:40Z,"Apache Struts 2.0.1 uses an unintentional expression in a Freemarker tag instead of string literal","org.apache.struts:struts2-core",2.0.1,2.3.34,CRITICAL,CWE-20
 CVE-2017-12611,2018-10-16T19:35:40Z,"Apache Struts 2.0.1 uses an unintentional expression in a Freemarker tag instead of string literal","org.apache.struts:struts2-core",2.5.0,2.5.11,CRITICAL,CWE-20
-CVE-2017-12612,2018-11-09T17:43:25Z,"High severity vulnerability that affects org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11","org.apache.spark:spark-core_2.10",0,2.1.2,HIGH,CWE-502
-CVE-2017-12612,2018-11-09T17:43:25Z,"High severity vulnerability that affects org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11","org.apache.spark:spark-core_2.11",0,2.1.2,HIGH,CWE-502
+CVE-2017-12612,2018-11-09T17:43:25Z,"Apache Spark Deserialization of Untrusted Data vulnerability","org.apache.spark:spark-core_2.10",0,2.1.2,HIGH,CWE-502
+CVE-2017-12612,2018-11-09T17:43:25Z,"Apache Spark Deserialization of Untrusted Data vulnerability","org.apache.spark:spark-core_2.11",0,2.1.2,HIGH,CWE-502
 CVE-2017-12615,2018-10-17T16:30:31Z,"When running Apache Tomcat on Windows with HTTP PUTs enabled it was possible to upload a JSP file to the server","org.apache.tomcat.embed:tomcat-embed-core",7.0.0,7.0.79,HIGH,CWE-434
 CVE-2017-12616,2022-05-14T01:10:16Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat","org.apache.tomcat:tomcat-catalina",7.0.0,7.0.81,HIGH,CWE-200
 CVE-2017-12617,2022-05-14T01:07:15Z,"Unrestricted Upload of File with Dangerous Type Apache Tomcat",org.apache.tomcat:tomcat,7.0.0,7.0.82,HIGH,CWE-434
@@ -4731,7 +4731,7 @@ CVE-2022-24289,2022-02-12T00:00:48Z,"Deserialization of untrusted data in Apache
 CVE-2022-24329,2022-02-26T00:00:43Z,"Improper Locking in JetBrains Kotlin","org.jetbrains.kotlin:kotlin-stdlib",0,1.6.0,MODERATE,CWE-667;CWE-829
 CVE-2022-24434,2022-05-21T00:00:25Z,"Crash in HeaderParser in dicer",org.webjars.npm:dicer,0,,HIGH,CWE-248
 CVE-2022-24613,2022-02-25T00:01:05Z,"Improper Handling of Exceptional Conditions inn metadata-extractor","com.drewnoakes:metadata-extractor",0,2.18.0,MODERATE,CWE-755
-CVE-2022-24614,2022-02-25T00:01:05Z,"Allocation of Resources Without Limits or Throttling in metadata-extractor","com.drewnoakes:metadata-extractor",0,2.18.0,MODERATE,CWE-770
+CVE-2022-24614,2022-02-25T00:01:05Z,"Allocation of Resources Without Limits or Throttling in metadata-extractor","com.drewnoakes:metadata-extractor",0,2.18.0,HIGH,CWE-770
 CVE-2022-24615,2022-02-25T00:01:04Z,"Uncaught Exception in zip4j",net.lingala.zip4j:zip4j,0,2.10.0,MODERATE,CWE-248;CWE-755
 CVE-2022-2466,2022-09-01T00:00:23Z,"Quarkus does not terminate HTTP requests header context","io.quarkus:quarkus-core-parent",2.10.0,2.10.4,CRITICAL,CWE-444
 CVE-2022-24697,2023-07-06T19:24:01Z,"Apache Kylin vulnerable to remote code execution","org.apache.kylin:kylin-core-common",0,4.0.2,CRITICAL,CWE-77
@@ -5380,7 +5380,7 @@ CVE-2022-37866,2022-11-07T19:00:20Z,"Apache Ivy vulnerable to path traversal",or
 CVE-2022-38179,2022-08-13T00:00:43Z,"JetBrains Ktor before 2.1.0 was vulnerable to a Reflect File Download attack",io.ktor:ktor,0,2.1.0,MODERATE,CWE-697
 CVE-2022-38180,2022-08-13T00:00:43Z,"JetBrain Ktor before 2.1.0 vulnerable to selection of wrong authentication provider",io.ktor:ktor,0,2.1.0,MODERATE,CWE-287
 CVE-2022-38216,2022-08-17T00:00:33Z,"Mapbox is vulnerable to Integer Overflow","com.mapbox.mapboxsdk:mapbox-android-core",0,10.6.1,HIGH,CWE-190
-CVE-2022-38369,2022-09-06T00:00:27Z,"Apache IoTDB Session Fixation vulnerability","org.apache.iotdb:iotdb-server",0,0.13.1,HIGH,CWE-384
+CVE-2022-38369,2022-09-06T00:00:27Z,"Apache IoTDB Session Fixation vulnerability","org.apache.iotdb:iotdb-server",0,0.13.1,MODERATE,CWE-384
 CVE-2022-38370,2022-09-06T00:00:27Z,"Apache IoTDB grafana-connector contains an interface without authorization","org.apache.iotdb:iotdb-grafana-connector",0,0.13.1,HIGH,CWE-862
 CVE-2022-38398,2022-09-23T00:00:39Z,"Apache Batik Server-Side Request Forgery ","org.apache.xmlgraphics:batik",1.0,1.15,MODERATE,CWE-918
 CVE-2022-38648,2022-09-23T00:00:40Z,"Apache Batik vulnerable to Server-Side Request Forgery","org.apache.xmlgraphics:batik",1.0,1.15,MODERATE,CWE-918
@@ -6557,10 +6557,10 @@ CVE-2023-35925,2023-06-22T20:00:36Z,"FastAsyncWorldEdit vulnerable to Uncontroll
 CVE-2023-3597,2024-04-17T17:31:50Z,"Keycloak secondary factor bypass in step-up authentication","org.keycloak:keycloak-services",0,22.0.10,MODERATE,CWE-287;CWE-288
 CVE-2023-3597,2024-04-17T17:31:50Z,"Keycloak secondary factor bypass in step-up authentication","org.keycloak:keycloak-services",23.0.0,24.0.3,MODERATE,CWE-287;CWE-288
 CVE-2023-36106,2023-08-17T21:30:53Z,"PowerJob incorrect access control vulnerability",tech.powerjob:powerjob,0,,HIGH,CWE-284
-CVE-2023-3628,2023-12-30T00:30:23Z,"Infinispan REST Server's bulk read endpoints do not properly evaluate user permissions","org.infinispan:infinispan-server-rest",0,14.0.18.Final,MODERATE,CWE-304
-CVE-2023-3628,2023-12-30T00:30:23Z,"Infinispan REST Server's bulk read endpoints do not properly evaluate user permissions","org.infinispan:infinispan-server-rest",15.0.0.Dev01,15.0.0.Dev04,MODERATE,CWE-304
-CVE-2023-3629,2023-12-30T00:30:23Z," Infinispan REST Server's cache retrieval endpoints do not properly evaluate the necessary admin permissions","org.infinispan:infinispan-server-rest",0,14.0.18.Final,MODERATE,CWE-304
-CVE-2023-3629,2023-12-30T00:30:23Z," Infinispan REST Server's cache retrieval endpoints do not properly evaluate the necessary admin permissions","org.infinispan:infinispan-server-rest",15.0.0.Dev01,15.0.0.Dev04,MODERATE,CWE-304
+CVE-2023-3628,2023-12-30T00:30:23Z,"Infinispan REST Server's bulk read endpoints do not properly evaluate user permissions","org.infinispan:infinispan-server-rest",0,14.0.18.Final,HIGH,CWE-304
+CVE-2023-3628,2023-12-30T00:30:23Z,"Infinispan REST Server's bulk read endpoints do not properly evaluate user permissions","org.infinispan:infinispan-server-rest",15.0.0.Dev01,15.0.0.Dev04,HIGH,CWE-304
+CVE-2023-3629,2023-12-30T00:30:23Z," Infinispan REST Server's cache retrieval endpoints do not properly evaluate the necessary admin permissions","org.infinispan:infinispan-server-rest",0,14.0.18.Final,HIGH,CWE-304
+CVE-2023-3629,2023-12-30T00:30:23Z," Infinispan REST Server's cache retrieval endpoints do not properly evaluate the necessary admin permissions","org.infinispan:infinispan-server-rest",15.0.0.Dev01,15.0.0.Dev04,HIGH,CWE-304
 CVE-2023-3635,2023-07-12T21:30:50Z,"Okio Signed to Unsigned Conversion Error vulnerability","com.squareup.okio:okio-jvm",2.0.0-RC1,3.4.0,MODERATE,CWE-195;CWE-681
 CVE-2023-3635,2023-07-12T21:30:50Z,"Okio Signed to Unsigned Conversion Error vulnerability",com.squareup.okio:okio,0,1.17.6,MODERATE,CWE-195;CWE-681
 CVE-2023-3635,2023-07-12T21:30:50Z,"Okio Signed to Unsigned Conversion Error vulnerability",com.squareup.okio:okio,2.0.0-RC1,3.4.0,MODERATE,CWE-195;CWE-681
@@ -7236,25 +7236,25 @@ CVE-2023-51982,2024-01-30T03:30:30Z,"CrateDB authentication bypass vulnerability
 CVE-2023-51982,2024-01-30T03:30:30Z,"CrateDB authentication bypass vulnerability",io.crate:crate,5.3.0,5.3.8,HIGH,CWE-287
 CVE-2023-51982,2024-01-30T03:30:30Z,"CrateDB authentication bypass vulnerability",io.crate:crate,5.4.0,5.4.7,HIGH,CWE-287
 CVE-2023-51982,2024-01-30T03:30:30Z,"CrateDB authentication bypass vulnerability",io.crate:crate,5.5.0,5.5.2,HIGH,CWE-287
-CVE-2023-5236,2023-12-28T21:30:37Z,"Infinispan circular object references causes out of memory errors","org.infinispan.protostream:protostream",0,4.6.2.Final,MODERATE,CWE-1047
+CVE-2023-5236,2023-12-28T21:30:37Z,"Infinispan circular object references causes out of memory errors","org.infinispan.protostream:protostream",0,4.6.2.Final,HIGH,CWE-1047
 CVE-2023-52428,2024-02-11T06:30:27Z,"Denial of Service in Connect2id Nimbus JOSE+JWT","com.nimbusds:nimbus-jose-jwt",0,9.37.2,HIGH,CWE-400;CWE-770
 CVE-2023-5245,2023-11-15T15:30:21Z,"Zip slip in mleap","ml.combust.mleap:mleap-runtime_2.12",0,0.23.1,HIGH,CWE-22
-CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-cachestore-jdbc",0,14.0.25.Final,LOW,CWE-312
-CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-cachestore-jdbc",15.0.0.Dev01,15.0.0.Dev07,LOW,CWE-312
-CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-cachestore-jdbc-common",0,14.0.25.Final,LOW,CWE-312
-CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-cachestore-jdbc-common",15.0.0.Dev01,15.0.0.Dev07,LOW,CWE-312
-CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-cachestore-remote",0,14.0.25.Final,LOW,CWE-312
-CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-cachestore-remote",15.0.0.Dev01,15.0.0.Dev07,LOW,CWE-312
-CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-cachestore-sql",0,14.0.25.Final,LOW,CWE-312
-CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-cachestore-sql",15.0.0.Dev01,15.0.0.Dev07,LOW,CWE-312
-CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-client-hotrod",0,14.0.25.Final,LOW,CWE-312
-CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-client-hotrod",15.0.0.Dev01,15.0.0.Dev07,LOW,CWE-312
-CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-commons",0,14.0.25.Final,LOW,CWE-312
-CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-commons",15.0.0.Dev01,15.0.0.Dev07,LOW,CWE-312
-CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-core",0,14.0.25.Final,LOW,CWE-312
-CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-core",15.0.0.Dev01,15.0.0.Dev07,LOW,CWE-312
-CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-hotrod",0,14.0.25.Final,LOW,CWE-312
-CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-hotrod",15.0.0.Dev01,15.0.0.Dev07,LOW,CWE-312
+CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-cachestore-jdbc",0,14.0.25.Final,MODERATE,CWE-312
+CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-cachestore-jdbc",15.0.0.Dev01,15.0.0.Dev07,MODERATE,CWE-312
+CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-cachestore-jdbc-common",0,14.0.25.Final,MODERATE,CWE-312
+CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-cachestore-jdbc-common",15.0.0.Dev01,15.0.0.Dev07,MODERATE,CWE-312
+CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-cachestore-remote",0,14.0.25.Final,MODERATE,CWE-312
+CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-cachestore-remote",15.0.0.Dev01,15.0.0.Dev07,MODERATE,CWE-312
+CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-cachestore-sql",0,14.0.25.Final,MODERATE,CWE-312
+CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-cachestore-sql",15.0.0.Dev01,15.0.0.Dev07,MODERATE,CWE-312
+CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-client-hotrod",0,14.0.25.Final,MODERATE,CWE-312
+CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-client-hotrod",15.0.0.Dev01,15.0.0.Dev07,MODERATE,CWE-312
+CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-commons",0,14.0.25.Final,MODERATE,CWE-312
+CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-commons",15.0.0.Dev01,15.0.0.Dev07,MODERATE,CWE-312
+CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-core",0,14.0.25.Final,MODERATE,CWE-312
+CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-core",15.0.0.Dev01,15.0.0.Dev07,MODERATE,CWE-312
+CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-hotrod",0,14.0.25.Final,MODERATE,CWE-312
+CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-hotrod",15.0.0.Dev01,15.0.0.Dev07,MODERATE,CWE-312
 CVE-2023-5675,2024-04-25T18:30:39Z,"Quarkus: authorization flaw in quarkus resteasy reactive and classic","io.quarkus:quarkus-resteasy-reactive-common",0,3.2.10.Final,MODERATE,CWE-285;CWE-287
 CVE-2023-5675,2024-04-25T18:30:39Z,"Quarkus: authorization flaw in quarkus resteasy reactive and classic","io.quarkus:quarkus-resteasy-reactive-common",3.3.0,3.6.9,MODERATE,CWE-285;CWE-287
 CVE-2023-5675,2024-04-25T18:30:39Z,"Quarkus: authorization flaw in quarkus resteasy reactive and classic","io.quarkus:quarkus-resteasy-reactive-common",3.7.0,3.7.1,MODERATE,CWE-285;CWE-287
@@ -7270,8 +7270,8 @@ CVE-2023-6147,2024-01-09T09:30:29Z,"Qualys Jenkins Plugin for Policy Compliance
 CVE-2023-6148,2024-01-09T09:30:29Z,"Qualys Jenkins Plugin for Policy Compliance Cross-site Scripting vulnerability","com.qualys.plugins:qualys-pc",0,1.0.6,MODERATE,CWE-79
 CVE-2023-6149,2024-01-09T09:30:29Z,"Qualys Jenkins Plugin for WAS XML External Entity vulnerability","com.qualys.plugins:qualys-was",0,2.0.12,MODERATE,CWE-611
 CVE-2023-6236,2024-04-10T15:30:37Z,"WildFly Elytron: OIDC app attempting to access the second tenant, the user should be prompted to log","org.wildfly.security:wildfly-elytron-http-oidc",0,2.2.5.Final,HIGH,CWE-345
-CVE-2023-6267,2024-01-25T21:32:14Z,"Quarkus Improper Handling of Insufficient Permissions or Privileges and Improper Handling of Exceptional Conditions vulnerability","io.quarkus.resteasy.reactive:resteasy-reactive",0,2.13.9.Final,HIGH,CWE-280;CWE-755
-CVE-2023-6267,2024-01-25T21:32:14Z,"Quarkus Improper Handling of Insufficient Permissions or Privileges and Improper Handling of Exceptional Conditions vulnerability","io.quarkus.resteasy.reactive:resteasy-reactive",3.0.0.Final,3.2.9.Final,HIGH,CWE-280;CWE-755
+CVE-2023-6267,2024-01-25T21:32:14Z,"Quarkus Improper Handling of Insufficient Permissions or Privileges and Improper Handling of Exceptional Conditions vulnerability","io.quarkus.resteasy.reactive:resteasy-reactive",0,2.13.9.Final,HIGH,CWE-280;CWE-502;CWE-755
+CVE-2023-6267,2024-01-25T21:32:14Z,"Quarkus Improper Handling of Insufficient Permissions or Privileges and Improper Handling of Exceptional Conditions vulnerability","io.quarkus.resteasy.reactive:resteasy-reactive",3.0.0.Final,3.2.9.Final,HIGH,CWE-280;CWE-502;CWE-755
 CVE-2023-6291,2023-12-21T18:25:30Z,"The redirect_uri validation logic allows for bypassing explicitly allowed hosts that would otherwise be restricted","org.keycloak:keycloak-services",0,23.0.3,HIGH,CWE-20
 CVE-2023-6378,2023-11-29T12:30:16Z,"logback serialization vulnerability","ch.qos.logback:logback-classic",0,1.2.13,HIGH,CWE-502
 CVE-2023-6378,2023-11-29T12:30:16Z,"logback serialization vulnerability","ch.qos.logback:logback-classic",1.3.0,1.3.12,HIGH,CWE-502
@@ -7304,7 +7304,7 @@ CVE-2023-6836,2023-12-15T12:30:25Z,"WSO2 products vulnerable to XML External Ent
 CVE-2023-6836,2023-12-15T12:30:25Z,"WSO2 products vulnerable to XML External Entity attack",org.wso2.am:wso2am,0,4.0.0-beta,MODERATE,CWE-611
 CVE-2023-6837,2023-12-15T12:30:25Z,"Multiple WSO2 products vulnerable to perform user impersonatoin using JIT provisioning","org.wso2.carbon.identity.framework:org.wso2.carbon.identity.application.authentication.framework",0,5.20.254,HIGH,
 CVE-2023-6837,2023-12-15T12:30:25Z,"Multiple WSO2 products vulnerable to perform user impersonatoin using JIT provisioning","org.wso2.identity.apps:authentication-portal",0,1.6.179.1,HIGH,
-CVE-2023-6841,2024-09-10T18:30:44Z,"Keycloak Denial of Service vulnerability","org.keycloak:keycloak-core",0,24.0.0,MODERATE,CWE-231
+CVE-2023-6841,2024-09-10T18:30:44Z,"Keycloak Denial of Service vulnerability","org.keycloak:keycloak-core",0,24.0.0,HIGH,CWE-231
 CVE-2023-6886,2023-12-17T03:30:19Z,"Xnx3 Wangmarket Cross-Site Scripting vulnerability","com.xnx3.wangmarket:wangmarket",0,,MODERATE,CWE-79
 CVE-2023-6911,2023-12-22T18:30:30Z,"WSO2 Registry Stored Cross Site Scripting (XSS) vulnerability","org.wso2.carbon.registry:carbon-registry",0,4.7.37,MODERATE,CWE-79
 CVE-2023-6927,2023-12-19T00:30:21Z,"Keycloak Open Redirect vulnerability","org.keycloak:keycloak-parent",0,,MODERATE,CWE-601
@@ -7312,8 +7312,16 @@ CVE-2023-7148,2023-12-29T03:30:29Z,"ShifuML shifu code injection vulnerability",
 CVE-2023-7272,2024-07-17T15:30:50Z,"Eclipse Parsson stack overflow when parsing deeply nested input","org.eclipse.parsson:parsson",0,1.0.4,CRITICAL,CWE-787
 CVE-2023-7272,2024-07-17T15:30:50Z,"Eclipse Parsson stack overflow when parsing deeply nested input","org.eclipse.parsson:parsson",1.1.0,1.1.3,CRITICAL,CWE-787
 CVE-2024-0758,2024-01-19T21:30:36Z,"JavaScript execution via malicious molfiles (XSS)","de.ipb-halle:molecularfaces",0,0.3.0,MODERATE,CWE-79
+CVE-2024-10039,2024-11-25T19:40:46Z,"Keycloak mTLS Authentication Bypass via Reverse Proxy TLS Termination ","org.keycloak:keycloak-core",0,,HIGH,CWE-295
+CVE-2024-10039,2024-11-25T19:40:46Z,"Keycloak mTLS Authentication Bypass via Reverse Proxy TLS Termination ","org.keycloak:keycloak-core",25.0.0,26.0.6,HIGH,CWE-295
 CVE-2024-1023,2024-03-27T09:30:40Z,"Eclipse Vert.x memory leak",io.vertx:vertx-core,4.4.5,4.4.7,MODERATE,CWE-119;CWE-200
 CVE-2024-1023,2024-03-27T09:30:40Z,"Eclipse Vert.x memory leak",io.vertx:vertx-core,4.5.0,4.5.2,MODERATE,CWE-119;CWE-200
+CVE-2024-10270,2024-11-25T18:32:12Z,"org.keycloak:keycloak-services has Inefficient Regular Expression Complexity","org.keycloak:keycloak-services",0,24.0.9,HIGH,CWE-1333
+CVE-2024-10270,2024-11-25T18:32:12Z,"org.keycloak:keycloak-services has Inefficient Regular Expression Complexity","org.keycloak:keycloak-services",25.0.0,26.0.6,HIGH,CWE-1333
+CVE-2024-10451,2024-11-25T18:41:17Z,"Keycloak Build Process Exposes Sensitive Data","org.keycloak:keycloak-quarkus-server",0,24.0.9,HIGH,CWE-798
+CVE-2024-10451,2024-11-25T18:41:17Z,"Keycloak Build Process Exposes Sensitive Data","org.keycloak:keycloak-quarkus-server",25.0.0,26.0.6,HIGH,CWE-798
+CVE-2024-10492,2024-11-25T18:37:14Z,"Keycloak Path Traversal Vulnerability Due to External Control of File Name or Path","org.keycloak:keycloak-quarkus-server",0,26.0.6,MODERATE,CWE-73
+CVE-2024-10492,2024-11-25T18:37:14Z,"Keycloak Path Traversal Vulnerability Due to External Control of File Name or Path","org.keycloak:keycloak-quarkus-server",25.0.0,26.0.6,MODERATE,CWE-73
 CVE-2024-1102,2024-04-25T18:30:39Z,"Jberet: jberet-core logging database credentials",org.jberet:jberet-core,0,2.2.1.Final,MODERATE,CWE-200;CWE-523;CWE-532
 CVE-2024-1132,2024-04-17T18:25:08Z,"Keycloak path traversal vulnerability in redirection validation","org.keycloak:keycloak-services",0,22.0.10,HIGH,CWE-22
 CVE-2024-1132,2024-04-17T18:25:08Z,"Keycloak path traversal vulnerability in redirection validation","org.keycloak:keycloak-services",23.0.0,24.0.3,HIGH,CWE-22
@@ -7401,8 +7409,8 @@ CVE-2024-22371,2024-02-26T18:30:30Z,"Apache Camel data exposure vulnerability","
 CVE-2024-22371,2024-02-26T18:30:30Z,"Apache Camel data exposure vulnerability","org.apache.camel:camel-core",3.22.0,3.22.1,LOW,CWE-200;CWE-922
 CVE-2024-22371,2024-02-26T18:30:30Z,"Apache Camel data exposure vulnerability","org.apache.camel:camel-core",4.0.0,4.0.4,LOW,CWE-200;CWE-922
 CVE-2024-22371,2024-02-26T18:30:30Z,"Apache Camel data exposure vulnerability","org.apache.camel:camel-core",4.1.0,4.4.0,LOW,CWE-200;CWE-922
-CVE-2024-22399,2024-09-16T14:37:28Z,"Apache Seata Deserialization of Untrusted Data vulnerability","org.apache.seata:seata-core",1.0.0,1.8.1,HIGH,CWE-502
-CVE-2024-22399,2024-09-16T14:37:28Z,"Apache Seata Deserialization of Untrusted Data vulnerability","org.apache.seata:seata-core",2.0.0,2.1.0,HIGH,CWE-502
+CVE-2024-22399,2024-09-16T14:37:28Z,"Apache Seata Deserialization of Untrusted Data vulnerability","org.apache.seata:seata-core",1.0.0,1.8.1,CRITICAL,CWE-502
+CVE-2024-22399,2024-09-16T14:37:28Z,"Apache Seata Deserialization of Untrusted Data vulnerability","org.apache.seata:seata-core",2.0.0,2.1.0,CRITICAL,CWE-502
 CVE-2024-22490,2024-01-23T18:31:11Z,"Cross-site Scripting in beetl-bbs",com.ibeetl:beetl,0,,MODERATE,CWE-79
 CVE-2024-22491,2024-01-16T21:31:22Z,"Stored Cross Site Scripting in beetl-bbs",com.ibeetl:beetl,0,,MODERATE,CWE-79
 CVE-2024-22492,2024-01-12T18:30:20Z,"Cross-site Scripting in JFinal",com.jfinal:jfinal,0,,MODERATE,CWE-79
@@ -7580,8 +7588,8 @@ CVE-2024-27138,2024-03-01T18:30:23Z,"Apache Archiva Incorrect Authorization vuln
 CVE-2024-27139,2024-03-01T18:30:23Z,"Apache Archiva Incorrect Authorization vulnerability","org.apache.archiva:archiva",2.0.0,,HIGH,CWE-863
 CVE-2024-27140,2024-03-01T18:30:23Z,"Apache Archiva Reflected Cross-site Scripting vulnerability","org.apache.archiva:archiva-common",2.0.0,,MODERATE,CWE-79
 CVE-2024-27181,2024-08-02T12:31:43Z,"Apache Linkis vulnerable to privilege escalation",org.apache.linkis:linkis,0,1.6.0,HIGH,CWE-269
-CVE-2024-27182,2024-08-02T12:31:43Z,"Apache Linkis arbitrary file deletion vulnerability",org.apache.linkis:linkis,0,1.6.0,MODERATE,CWE-552
-CVE-2024-27309,2024-04-12T09:33:40Z,"Apache Kafka: Potential incorrect access control during migration from ZK mode to KRaft mode","org.apache.kafka:kafka-metadata",3.5.0,3.6.2,MODERATE,CWE-863
+CVE-2024-27182,2024-08-02T12:31:43Z,"Apache Linkis arbitrary file deletion vulnerability",org.apache.linkis:linkis,0,1.6.0,HIGH,CWE-552
+CVE-2024-27309,2024-04-12T09:33:40Z,"Apache Kafka: Potential incorrect access control during migration from ZK mode to KRaft mode","org.apache.kafka:kafka-metadata",3.5.0,3.6.2,HIGH,CWE-863
 CVE-2024-27317,2024-03-12T21:30:59Z,"Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification","org.apache.pulsar:pulsar-functions-worker",2.11.0,2.11.4,HIGH,CWE-22
 CVE-2024-27317,2024-03-12T21:30:59Z,"Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification","org.apache.pulsar:pulsar-functions-worker",2.4.0,2.10.6,HIGH,CWE-22
 CVE-2024-27317,2024-03-12T21:30:59Z,"Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification","org.apache.pulsar:pulsar-functions-worker",3.0.0,3.0.3,HIGH,CWE-22
@@ -7801,10 +7809,10 @@ CVE-2024-37899,2024-06-20T16:19:14Z,"XWiki Platform allows remote code execution
 CVE-2024-37899,2024-06-20T16:19:14Z,"XWiki Platform allows remote code execution from user account","org.xwiki.platform:xwiki-platform-oldcore",15.0-rc-1,15.5.5,CRITICAL,CWE-266;CWE-94
 CVE-2024-37899,2024-06-20T16:19:14Z,"XWiki Platform allows remote code execution from user account","org.xwiki.platform:xwiki-platform-oldcore",15.6-rc-1,15.10.6,CRITICAL,CWE-266;CWE-94
 CVE-2024-37899,2024-06-20T16:19:14Z,"XWiki Platform allows remote code execution from user account","org.xwiki.platform:xwiki-platform-oldcore",16.0.0-rc-1,16.0.0,CRITICAL,CWE-266;CWE-94
-CVE-2024-37900,2024-07-31T15:21:06Z,"XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader","org.xwiki.platform:xwiki-platform-web-war",15.0-rc-1,15.5.5,MODERATE,CWE-94;CWE-96
-CVE-2024-37900,2024-07-31T15:21:06Z,"XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader","org.xwiki.platform:xwiki-platform-web-war",15.6-rc-1,15.10.6,MODERATE,CWE-94;CWE-96
-CVE-2024-37900,2024-07-31T15:21:06Z,"XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader","org.xwiki.platform:xwiki-platform-web-war",16.0.0-rc-1,16.0.0,MODERATE,CWE-94;CWE-96
-CVE-2024-37900,2024-07-31T15:21:06Z,"XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader","org.xwiki.platform:xwiki-platform-web-war",4.2-milestone-3,14.10.21,MODERATE,CWE-94;CWE-96
+CVE-2024-37900,2024-07-31T15:21:06Z,"XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader","org.xwiki.platform:xwiki-platform-web-war",15.0-rc-1,15.5.5,HIGH,CWE-94;CWE-96
+CVE-2024-37900,2024-07-31T15:21:06Z,"XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader","org.xwiki.platform:xwiki-platform-web-war",15.6-rc-1,15.10.6,HIGH,CWE-94;CWE-96
+CVE-2024-37900,2024-07-31T15:21:06Z,"XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader","org.xwiki.platform:xwiki-platform-web-war",16.0.0-rc-1,16.0.0,HIGH,CWE-94;CWE-96
+CVE-2024-37900,2024-07-31T15:21:06Z,"XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader","org.xwiki.platform:xwiki-platform-web-war",4.2-milestone-3,14.10.21,HIGH,CWE-94;CWE-96
 CVE-2024-37901,2024-07-31T15:24:37Z,"XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet","org.xwiki.platform:xwiki-platform-search-ui",15.0-rc-1,15.5.5,CRITICAL,CWE-862;CWE-94;CWE-95
 CVE-2024-37901,2024-07-31T15:24:37Z,"XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet","org.xwiki.platform:xwiki-platform-search-ui",15.6-rc-1,15.10.2,CRITICAL,CWE-862;CWE-94;CWE-95
 CVE-2024-37901,2024-07-31T15:24:37Z,"XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet","org.xwiki.platform:xwiki-platform-search-ui",9.2-rc-1,14.10.21,CRITICAL,CWE-862;CWE-94;CWE-95
@@ -7852,15 +7860,15 @@ CVE-2024-39460,2024-06-26T18:30:28Z,"Bitbucket OAuth access token exposed in the
 CVE-2024-39610,2024-11-15T06:30:33Z,"FitNesse Cross-site scripting",org.fitnesse:fitnesse,0,20241026,MODERATE,CWE-79
 CVE-2024-39676,2024-07-24T09:30:40Z,"Apache Pinot: Unauthorized endpoint exposed sensitive information","org.apache.pinot:pinot-controller",0.1,1.0.0,HIGH,CWE-200
 CVE-2024-39900,2024-07-18T15:22:02Z,"The OpenSearch reporting plugin improperly controls tenancy access to reporting resources","org.opensearch.plugin:opensearch-reports-scheduler",0,2.14.0.0,MODERATE,CWE-639
-CVE-2024-39901,2024-07-10T16:04:08Z,"OpenSearch Observability does not properly restrict access to private tenant resources","org.opensearch.plugin:opensearch-observability",0,2.14.0.0,MODERATE,CWE-285;CWE-639
+CVE-2024-39901,2024-07-10T16:04:08Z,"OpenSearch Observability does not properly restrict access to private tenant resources","org.opensearch.plugin:opensearch-observability",0,2.14.0.0,LOW,CWE-285;CWE-639
 CVE-2024-39928,2024-09-25T03:30:35Z,"Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability","org.apache.linkis:linkis-engineplugin-spark",0,1.6.0,HIGH,CWE-326
 CVE-2024-40094,2024-07-30T09:31:50Z,"GraphQL Java does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service","com.graphql-java:graphql-java",0,19.11,HIGH,CWE-770
 CVE-2024-40094,2024-07-30T09:31:50Z,"GraphQL Java does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service","com.graphql-java:graphql-java",20.0,20.9,HIGH,CWE-770
 CVE-2024-40094,2024-07-30T09:31:50Z,"GraphQL Java does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service","com.graphql-java:graphql-java",21.0,21.5,HIGH,CWE-770
 CVE-2024-4029,2024-05-02T15:30:35Z,"Wildfly vulnerable to denial of service","org.wildfly:wildfly-domain-http",0,,MODERATE,CWE-770
 CVE-2024-40642,2024-07-18T22:14:28Z,"Absent Input Validation in BinaryHttpParser","io.netty.incubator:netty-incubator-codec-bhttp",0,0.0.13.Final,HIGH,CWE-20
-CVE-2024-41172,2024-07-19T09:32:06Z,"Apache CXF allows unrestricted memory consumption in CXF HTTP clients","org.apache.cxf:cxf-rt-transports-http",3.6.0,3.6.4,LOW,CWE-401
-CVE-2024-41172,2024-07-19T09:32:06Z,"Apache CXF allows unrestricted memory consumption in CXF HTTP clients","org.apache.cxf:cxf-rt-transports-http",4.0.0,4.0.5,LOW,CWE-401
+CVE-2024-41172,2024-07-19T09:32:06Z,"Apache CXF allows unrestricted memory consumption in CXF HTTP clients","org.apache.cxf:cxf-rt-transports-http",3.6.0,3.6.4,MODERATE,CWE-401
+CVE-2024-41172,2024-07-19T09:32:06Z,"Apache CXF allows unrestricted memory consumption in CXF HTTP clients","org.apache.cxf:cxf-rt-transports-http",4.0.0,4.0.5,MODERATE,CWE-401
 CVE-2024-41667,2024-07-25T14:15:32Z,"OpenAM FreeMarker template injection","org.openidentityplatform.openam:openam-oauth2",0,15.0.4,HIGH,CWE-94
 CVE-2024-41909,2024-08-12T18:30:47Z,"Apache MINA SSHD: integrity check bypass","org.apache.sshd:sshd-common",0,2.12.0,HIGH,CWE-354
 CVE-2024-41947,2024-07-31T16:54:36Z,"XWiki Platform vulnerable to Cross-Site Scripting (XSS) through conflict resolution","org.xwiki.platform:xwiki-platform-web-templates",11.8-rc-1,15.10.8,CRITICAL,CWE-79;CWE-80
@@ -7873,12 +7881,12 @@ CVE-2024-42470,2024-08-09T18:21:22Z,"CometVisu Backend for openHAB has a sensiti
 CVE-2024-42499,2024-11-15T06:30:33Z,"FitNesse Path Traversal",org.fitnesse:fitnesse,0,20241026,MODERATE,CWE-22
 CVE-2024-42681,2024-08-15T18:31:51Z,"Improper Preservation of Permissions in xxl-job",com.xuxueli:xxl-job-core,0,,HIGH,CWE-276;CWE-277;CWE-281
 CVE-2024-42850,2024-08-16T21:32:36Z,"Silverpeas vulnerable to password complexity rule bypass","org.silverpeas.core:silverpeas-core",0,,LOW,CWE-521
-CVE-2024-43044,2024-08-07T15:30:42Z,"Jenkins Remoting library arbitrary file read vulnerability","org.jenkins-ci.main:jenkins-core",0,2.452.4,CRITICAL,CWE-22;CWE-754
-CVE-2024-43044,2024-08-07T15:30:42Z,"Jenkins Remoting library arbitrary file read vulnerability","org.jenkins-ci.main:jenkins-core",2.460,2.462.1,CRITICAL,CWE-22;CWE-754
-CVE-2024-43044,2024-08-07T15:30:42Z,"Jenkins Remoting library arbitrary file read vulnerability","org.jenkins-ci.main:jenkins-core",2.470,2.471,CRITICAL,CWE-22;CWE-754
-CVE-2024-43044,2024-08-07T15:30:42Z,"Jenkins Remoting library arbitrary file read vulnerability","org.jenkins-ci.main:remoting",0,3206.3208,CRITICAL,CWE-22;CWE-754
-CVE-2024-43044,2024-08-07T15:30:42Z,"Jenkins Remoting library arbitrary file read vulnerability","org.jenkins-ci.main:remoting",3248,3248.3250,CRITICAL,CWE-22;CWE-754
-CVE-2024-43044,2024-08-07T15:30:42Z,"Jenkins Remoting library arbitrary file read vulnerability","org.jenkins-ci.main:remoting",3256,3256.3258,CRITICAL,CWE-22;CWE-754
+CVE-2024-43044,2024-08-07T15:30:42Z,"Jenkins Remoting library arbitrary file read vulnerability","org.jenkins-ci.main:jenkins-core",0,2.452.4,HIGH,CWE-22;CWE-754
+CVE-2024-43044,2024-08-07T15:30:42Z,"Jenkins Remoting library arbitrary file read vulnerability","org.jenkins-ci.main:jenkins-core",2.460,2.462.1,HIGH,CWE-22;CWE-754
+CVE-2024-43044,2024-08-07T15:30:42Z,"Jenkins Remoting library arbitrary file read vulnerability","org.jenkins-ci.main:jenkins-core",2.470,2.471,HIGH,CWE-22;CWE-754
+CVE-2024-43044,2024-08-07T15:30:42Z,"Jenkins Remoting library arbitrary file read vulnerability","org.jenkins-ci.main:remoting",0,3206.3208,HIGH,CWE-22;CWE-754
+CVE-2024-43044,2024-08-07T15:30:42Z,"Jenkins Remoting library arbitrary file read vulnerability","org.jenkins-ci.main:remoting",3248,3248.3250,HIGH,CWE-22;CWE-754
+CVE-2024-43044,2024-08-07T15:30:42Z,"Jenkins Remoting library arbitrary file read vulnerability","org.jenkins-ci.main:remoting",3256,3256.3258,HIGH,CWE-22;CWE-754
 CVE-2024-43045,2024-08-07T15:30:42Z,"Jenkins does not perform a permission check in an HTTP endpoint","org.jenkins-ci.main:jenkins-core",0,2.452.4,MODERATE,CWE-285;CWE-862
 CVE-2024-43045,2024-08-07T15:30:42Z,"Jenkins does not perform a permission check in an HTTP endpoint","org.jenkins-ci.main:jenkins-core",2.460,2.462.1,MODERATE,CWE-285;CWE-862
 CVE-2024-43045,2024-08-07T15:30:42Z,"Jenkins does not perform a permission check in an HTTP endpoint","org.jenkins-ci.main:jenkins-core",2.470,2.471,MODERATE,CWE-285;CWE-862
@@ -7914,11 +7922,11 @@ CVE-2024-45772,2024-09-30T09:30:47Z,"Deserialization of Untrusted Data vulnerabi
 CVE-2024-4629,2024-09-17T22:29:01Z,"Keycloak Services has a potential bypass of brute force protection","org.keycloak:keycloak-services",0,22.0.12,MODERATE,CWE-307;CWE-837
 CVE-2024-4629,2024-09-17T22:29:01Z,"Keycloak Services has a potential bypass of brute force protection","org.keycloak:keycloak-services",23.0.0,24.0.7,MODERATE,CWE-307;CWE-837
 CVE-2024-4629,2024-09-17T22:29:01Z,"Keycloak Services has a potential bypass of brute force protection","org.keycloak:keycloak-services",25.0.0,25.0.4,MODERATE,CWE-307;CWE-837
-CVE-2024-46942,2024-09-16T14:37:28Z,"OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) allows follower controller to set up flow entries","org.opendaylight.mdsal:mdsal-artifacts",0,,MODERATE,CWE-285
+CVE-2024-46942,2024-09-16T14:37:28Z,"OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) allows follower controller to set up flow entries","org.opendaylight.mdsal:mdsal-artifacts",0,,HIGH,CWE-285
 CVE-2024-46943,2024-09-16T14:37:28Z,"OpenDaylight Authentication, Authorization and Accounting (AAA) peer impersonation vulnerability","org.opendaylight.aaa:aaa-artifacts",0,,MODERATE,CWE-285;CWE-287;CWE-520
-CVE-2024-46978,2024-09-18T14:26:16Z,"org.xwiki.platform:xwiki-platform-notifications-ui is missing checks for notification filter preferences editions","org.xwiki.platform:xwiki-platform-notifications-ui",13.2-rc-1,14.10.21,MODERATE,CWE-648
-CVE-2024-46978,2024-09-18T14:26:16Z,"org.xwiki.platform:xwiki-platform-notifications-ui is missing checks for notification filter preferences editions","org.xwiki.platform:xwiki-platform-notifications-ui",15.0-rc-1,15.5.5,MODERATE,CWE-648
-CVE-2024-46978,2024-09-18T14:26:16Z,"org.xwiki.platform:xwiki-platform-notifications-ui is missing checks for notification filter preferences editions","org.xwiki.platform:xwiki-platform-notifications-ui",15.6-rc-1,15.10.1,MODERATE,CWE-648
+CVE-2024-46978,2024-09-18T14:26:16Z,"org.xwiki.platform:xwiki-platform-notifications-ui is missing checks for notification filter preferences editions","org.xwiki.platform:xwiki-platform-notifications-ui",13.2-rc-1,14.10.21,HIGH,CWE-648
+CVE-2024-46978,2024-09-18T14:26:16Z,"org.xwiki.platform:xwiki-platform-notifications-ui is missing checks for notification filter preferences editions","org.xwiki.platform:xwiki-platform-notifications-ui",15.0-rc-1,15.5.5,HIGH,CWE-648
+CVE-2024-46978,2024-09-18T14:26:16Z,"org.xwiki.platform:xwiki-platform-notifications-ui is missing checks for notification filter preferences editions","org.xwiki.platform:xwiki-platform-notifications-ui",15.6-rc-1,15.10.1,HIGH,CWE-648
 CVE-2024-46979,2024-09-18T14:26:20Z,"org.xwiki.platform:xwiki-platform-notifications-ui leaks data of notification filters of users","org.xwiki.platform:xwiki-platform-notifications-ui",13.2-rc-1,14.10.21,MODERATE,CWE-200;CWE-359
 CVE-2024-46979,2024-09-18T14:26:20Z,"org.xwiki.platform:xwiki-platform-notifications-ui leaks data of notification filters of users","org.xwiki.platform:xwiki-platform-notifications-ui",15.0-rc-1,15.5.5,MODERATE,CWE-200;CWE-359
 CVE-2024-46979,2024-09-18T14:26:20Z,"org.xwiki.platform:xwiki-platform-notifications-ui leaks data of notification filters of users","org.xwiki.platform:xwiki-platform-notifications-ui",15.6-rc-1,15.10.1,MODERATE,CWE-200;CWE-359
@@ -7934,8 +7942,8 @@ CVE-2024-47554,2024-10-03T12:30:48Z,"Apache Commons IO: Possible denial of servi
 CVE-2024-47561,2024-10-03T12:30:48Z,"Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK)",org.apache.avro:avro,0,1.11.4,CRITICAL,CWE-502
 CVE-2024-47803,2024-10-02T18:31:32Z,"Jenkins exposes multi-line secrets through error messages","org.jenkins-ci.main:jenkins-core",0,2.462.3,MODERATE,CWE-209
 CVE-2024-47803,2024-10-02T18:31:32Z,"Jenkins exposes multi-line secrets through error messages","org.jenkins-ci.main:jenkins-core",2.466,2.479,MODERATE,CWE-209
-CVE-2024-47804,2024-10-02T18:31:32Z,"Jenkins item creation restriction bypass vulnerability","org.jenkins-ci.main:jenkins-core",0,2.462.3,MODERATE,CWE-863
-CVE-2024-47804,2024-10-02T18:31:32Z,"Jenkins item creation restriction bypass vulnerability","org.jenkins-ci.main:jenkins-core",2.466,2.479,MODERATE,CWE-863
+CVE-2024-47804,2024-10-02T18:31:32Z,"Jenkins item creation restriction bypass vulnerability","org.jenkins-ci.main:jenkins-core",0,2.462.3,MODERATE,CWE-843;CWE-863
+CVE-2024-47804,2024-10-02T18:31:32Z,"Jenkins item creation restriction bypass vulnerability","org.jenkins-ci.main:jenkins-core",2.466,2.479,MODERATE,CWE-843;CWE-863
 CVE-2024-47805,2024-10-02T18:31:32Z,"Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permission","org.jenkins-ci.plugins:credentials",0,1371.1373.v4eb,MODERATE,CWE-200;CWE-522
 CVE-2024-47805,2024-10-02T18:31:32Z,"Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permission","org.jenkins-ci.plugins:credentials",1372,1381.v2c3a,MODERATE,CWE-200;CWE-522
 CVE-2024-47806,2024-10-02T18:31:32Z,"Jenkins OpenId Connect Authentication Plugin lacks audience claim validation","org.jenkins-ci.plugins:oic-auth",0,4.355.v3a,CRITICAL,CWE-287
@@ -7949,10 +7957,10 @@ CVE-2024-47881,2024-10-24T18:11:20Z,"OpenRefine's SQLite integration allows file
 CVE-2024-47882,2024-10-24T18:13:04Z,"OpenRefine's error page lacks escaping, leading to potential Cross-site Scripting on import of malicious project","org.openrefine:openrefine",0,3.8.3,MODERATE,CWE-79;CWE-81
 CVE-2024-47883,2024-10-24T18:16:43Z,"Butterfly has path/URL confusion in resource handling leading to multiple weaknesses","org.openrefine.dependencies:butterfly",0,1.2.6,CRITICAL,CWE-22;CWE-36;CWE-918
 CVE-2024-48307,2024-10-31T03:30:45Z,"JeecgBoot SQL Injection vulnerability","org.jeecgframework.boot:jeecg-boot-parent",0,,HIGH,CWE-89
-CVE-2024-49203,2024-11-20T21:30:50Z,"Querydsl SQL/HQL injection","com.querydsl:querydsl-apt",0,,HIGH,CWE-89
-CVE-2024-49203,2024-11-20T21:30:50Z,"Querydsl SQL/HQL injection","com.querydsl:querydsl-jpa",0,,HIGH,CWE-89
-CVE-2024-49203,2024-11-20T21:30:50Z,"Querydsl SQL/HQL injection","io.github.openfeign.querydsl:querydsl-apt",0,,HIGH,CWE-89
-CVE-2024-49203,2024-11-20T21:30:50Z,"Querydsl SQL/HQL injection","io.github.openfeign.querydsl:querydsl-jpa",0,,HIGH,CWE-89
+CVE-2024-49203,2024-11-27T19:00:53Z,"Querydsl vulnerable to HQL injection trough orderBy","com.querydsl:querydsl-apt",0,,HIGH,CWE-89
+CVE-2024-49203,2024-11-27T19:00:53Z,"Querydsl vulnerable to HQL injection trough orderBy","com.querydsl:querydsl-jpa",0,,HIGH,CWE-89
+CVE-2024-49203,2024-11-27T19:00:53Z,"Querydsl vulnerable to HQL injection trough orderBy","io.github.openfeign.querydsl:querydsl-apt",0,,HIGH,CWE-89
+CVE-2024-49203,2024-11-27T19:00:53Z,"Querydsl vulnerable to HQL injection trough orderBy","io.github.openfeign.querydsl:querydsl-jpa",0,,HIGH,CWE-89
 CVE-2024-49580,2024-10-17T15:31:08Z,"JetBrains Ktor information disclosure","io.ktor:ktor-client-core-jvm",0,3.0.0,MODERATE,CWE-524
 CVE-2024-49760,2024-10-24T18:32:40Z,"OpenRefine has a path traversal in LoadLanguageCommand","org.openrefine:openrefine",0,3.8.3,HIGH,CWE-22
 CVE-2024-49771,2024-10-28T18:30:32Z,"MPXJ has a Potential Path Traversal Vulnerability",net.sf.mpxj:mpxj,8.3.5,13.5.1,MODERATE,CWE-22
@@ -7989,7 +7997,7 @@ CVE-2024-52318,2024-11-18T15:33:20Z,"Apache Tomcat - XSS in generated JSPs","org
 CVE-2024-52318,2024-11-18T15:33:20Z,"Apache Tomcat - XSS in generated JSPs","org.apache.tomcat:tomcat-jasper",9.0.96,9.0.97,MODERATE,CWE-326
 CVE-2024-52506,2024-11-18T20:02:26Z,"Graylog concurrent PDF report rendering can leak other users' reports","org.graylog:graylog-parent",6.1.0,6.1.2,HIGH,CWE-200
 CVE-2024-52549,2024-11-13T21:30:38Z,"Missing permission check in Jenkins Script Security Plugin ","org.jenkins-ci.plugins:script-security",0,1368.vb,MODERATE,CWE-306;CWE-862
-CVE-2024-52550,2024-11-13T21:30:38Z,"Rebuilding a run with revoked script approval allowed by Jenkins Pipeline: Groovy Plugin ","org.jenkins-ci.plugins.workflow:workflow-cps",0,3993.v3e20a,HIGH,CWE-285
+CVE-2024-52550,2024-11-13T21:30:38Z,"Rebuilding a run with revoked script approval allowed by Jenkins Pipeline: Groovy Plugin ","org.jenkins-ci.plugins.workflow:workflow-cps",0,3993.v3e20a,HIGH,CWE-285;CWE-354
 CVE-2024-52551,2024-11-13T21:30:38Z,"Restarting a run with revoked script approval allowed by Jenkins Pipeline: Declarative Plugin ","org.jenkinsci.plugins:pipeline-model-parent",0,2.2218.v56d0cda,HIGH,CWE-276;CWE-285
 CVE-2024-52552,2024-11-13T21:30:38Z,"Stored XSS vulnerability in Jenkins Authorize Project Plugin ","org.jenkins-ci.plugins:authorize-project",0,1.8.0,HIGH,CWE-79
 CVE-2024-52553,2024-11-13T21:30:38Z,"Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin","org.jenkins-ci.plugins:oic-auth",0,4.421.v5422614eb,HIGH,CWE-384;CWE-613
@@ -7998,6 +8006,9 @@ CVE-2024-5273,2024-05-24T18:52:08Z,"Jenkins Report Info Plugin Path Traversal vu
 CVE-2024-52797,2024-11-20T22:46:53Z,"Searching Opencast may cause a denial of service","org.opencastproject:opencast-elasticsearch-impl",11.4,13.10,MODERATE,CWE-770
 CVE-2024-52797,2024-11-20T22:46:53Z,"Searching Opencast may cause a denial of service","org.opencastproject:opencast-elasticsearch-impl",14.0,14.3,MODERATE,CWE-770
 CVE-2024-52797,2024-11-20T22:46:53Z,"Searching Opencast may cause a denial of service","org.opencastproject:opencast-elasticsearch-impl",15.0,,MODERATE,CWE-770
+CVE-2024-53267,2024-11-26T16:38:18Z,"sigstore-java has vulnerability with bundle verification","dev.sigstore:sigstore-java",1.0.0,1.1.0,MODERATE,CWE-345;CWE-347
+CVE-2024-54003,2024-11-27T18:34:04Z,"Jenkins Simple Queue Plugin has stored cross-site scripting (XSS) vulnerability","io.jenkins.plugins:simple-queue",0,1.4.5,HIGH,CWE-79
+CVE-2024-54004,2024-11-27T18:34:04Z,"Jenkins Filesystem List Parameter Plugin has Path Traversal vulnerability","aendter.jenkins.plugins:filesystem-list-parameter-plugin",0,0.0.15,MODERATE,CWE-22
 CVE-2024-5520,2024-05-30T19:49:04Z,"OpenCMS Cross-Site Scripting vulnerability",org.opencms:opencms-core,16.0,17.0,MODERATE,CWE-79
 CVE-2024-5967,2024-06-21T15:52:38Z,"Keycloak leaks configured LDAP bind credentials through the Keycloak admin console","org.keycloak:keycloak-ldap-federation",0,22.0.12,LOW,CWE-276
 CVE-2024-5967,2024-06-21T15:52:38Z,"Keycloak leaks configured LDAP bind credentials through the Keycloak admin console","org.keycloak:keycloak-ldap-federation",23.0.0,24.0.6,LOW,CWE-276
@@ -8043,11 +8054,13 @@ CVE-2024-8391,2024-09-04T18:30:58Z,"Vertx gRPC server does not limit the maximum
 CVE-2024-8391,2024-09-04T18:30:58Z,"Vertx gRPC server does not limit the maximum message size","io.vertx:vertx-grpc-server",4.3.0,4.5.10,MODERATE,CWE-770
 CVE-2024-8642,2024-09-11T15:31:12Z,"Eclipse Dataspace Components's ConsumerPullTransferTokenValidationApiController doesn't check for token validit","org.eclipse.edc:transfer-data-plane",0.5.0,0.9.0,MODERATE,CWE-287;CWE-303
 CVE-2024-8646,2024-09-11T15:31:12Z,"Eclipse Glassfish URL redirection vulnerability","org.glassfish.main.web:web-core",0,7.0.10,MODERATE,CWE-601
-CVE-2024-8698,2024-09-19T18:30:52Z,"Keycloak SAML signature validation flaw","org.keycloak:keycloak-saml-core",0,25.0.6,HIGH,CWE-347
+CVE-2024-8698,2024-09-19T18:30:52Z,"Keycloak SAML signature validation flaw","org.keycloak:keycloak-saml-core",0,25.0.6,MODERATE,CWE-347
 CVE-2024-8883,2024-09-19T18:30:52Z,"Keycloak Open Redirect vulnerability","org.keycloak:keycloak-services",0,25.0.6,HIGH,CWE-601
 CVE-2024-9329,2024-09-30T09:30:47Z,"Eclipse Glassfish improperly handles http parameters","org.glassfish.main.admin:rest-service",0,7.0.17,MODERATE,CWE-233;CWE-601
 CVE-2024-9621,2024-10-08T18:33:14Z,"Quarkus CXF logs passwords and other secrets","io.quarkiverse.cxf:quarkus-cxf",0,3.15.2,MODERATE,CWE-532
 CVE-2024-9622,2024-10-08T18:33:14Z,"HTTP Request Smuggling Leading to Client Timeouts in resteasy-netty4","org.jboss.resteasy:resteasy-netty4-cdi",0,,MODERATE,CWE-444
+CVE-2024-9666,2024-11-25T19:39:12Z,"Keycloak proxy header handling Denial-of-Service (DoS) vulnerability","org.keycloak:keycloak-quarkus-server",0,,MODERATE,CWE-444
+CVE-2024-9666,2024-11-25T19:39:12Z,"Keycloak proxy header handling Denial-of-Service (DoS) vulnerability","org.keycloak:keycloak-quarkus-server",25.0.0,26.0.6,MODERATE,CWE-444
 CVE-2024-9823,2024-10-14T15:30:46Z,"Eclipse Jetty has a denial of service vulnerability on DosFilter","org.eclipse.jetty.ee10:jetty-ee10-servlets",12.0.0,12.0.3,MODERATE,CWE-400
 CVE-2024-9823,2024-10-14T15:30:46Z,"Eclipse Jetty has a denial of service vulnerability on DosFilter","org.eclipse.jetty.ee8:jetty-ee8-servlets",12.0.0,12.0.3,MODERATE,CWE-400
 CVE-2024-9823,2024-10-14T15:30:46Z,"Eclipse Jetty has a denial of service vulnerability on DosFilter","org.eclipse.jetty.ee9:jetty-ee9-servlets",12.0.0,12.0.3,MODERATE,CWE-400
@@ -8085,6 +8098,8 @@ GHSA-673j-qm5f-xpv8,2022-02-16T00:08:18Z,"pgjdbc Arbitrary File Write Vulnerabil
 GHSA-6g3j-p5g6-992f,2023-12-01T19:23:32Z,"OpenSearch StackOverflow vulnerability","org.opensearch:opensearch",0,1.3.14,MODERATE,
 GHSA-6g3j-p5g6-992f,2023-12-01T19:23:32Z,"OpenSearch StackOverflow vulnerability","org.opensearch:opensearch",2.0.0,2.11.1,MODERATE,
 GHSA-6hgr-2g6q-3rmc,2021-04-22T16:11:26Z,"Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19",com.vaadin:flow-client,5.0.0,6.0.5,MODERATE,CWE-287
+GHSA-6vrw-mpj8-3j59,2024-11-25T09:30:58Z,"Duplicate Advisory: Keycloak Path Traversal Vulnerability Due to External Control of File Name or Path","org.keycloak:keycloak-quarkus-server",0,24.0.9,LOW,CWE-73
+GHSA-6vrw-mpj8-3j59,2024-11-25T09:30:58Z,"Duplicate Advisory: Keycloak Path Traversal Vulnerability Due to External Control of File Name or Path","org.keycloak:keycloak-quarkus-server",25.0.0,26.0.6,LOW,CWE-73
 GHSA-72fp-w44g-625q,2023-11-09T16:02:51Z,"Signing DynamoDB Sets when using the AWS Database Encryption SDK.","software.amazon.cryptography:aws-database-encryption-sdk-dynamodb",3.0.0,3.1.1,LOW,
 GHSA-755v-r4x4-qf7m,2022-11-29T23:55:23Z,"Stored Cross-Site Scripting (XSS) in Keycloak via groups dropdown","org.keycloak:keycloak-core",0,20.0.0,MODERATE,CWE-80
 GHSA-76f4-fw33-6j2v,2021-04-19T14:48:26Z,"Potential sensitive data exposure in applications using Vaadin 15",com.vaadin:vaadin-bom,15.0.0,15.0.5,LOW,CWE-200
@@ -8149,9 +8164,13 @@ GHSA-hw7r-qrhp-5pff,2021-08-30T16:16:46Z,"Unauthorized property update in Checkb
 GHSA-hwvm-vfw8-93mw,2021-12-16T18:53:32Z,"Vulnerable dependency in XTDB connector","org.odpi.egeria:egeria-connector-xtdb",0,3.5,MODERATE,
 GHSA-hx5q-v6pj-533r,2024-02-26T20:04:50Z,"SAML authentication bypass due to missing validation on unsigned SAML messages","com.linecorp.centraldogma:centraldogma-server-auth-saml",0,0.64.3,CRITICAL,CWE-1395
 GHSA-j23j-q57m-63v3,2021-10-13T18:54:50Z,"Denial of service in DataCommunicator class in Vaadin 8",com.vaadin:vaadin-server,8.0.0,8.14.1,MODERATE,CWE-400
+GHSA-j3x3-r585-4qhg,2024-11-25T09:30:58Z,"Duplicate Advisory: org.keycloak:keycloak-services has Inefficient Regular Expression Complexity","org.keycloak:keycloak-services",0,24.0.9,MODERATE,CWE-1333
+GHSA-j3x3-r585-4qhg,2024-11-25T09:30:58Z,"Duplicate Advisory: org.keycloak:keycloak-services has Inefficient Regular Expression Complexity","org.keycloak:keycloak-services",25.0.0,26.0.6,MODERATE,CWE-1333
 GHSA-j7c3-96rf-jrrp,2021-12-16T21:01:51Z,"Critical vulnerability in log4j may affect generated PEAR projects","de.averbis.textanalysis:pear-archetype",2.0.0,2.0.1,CRITICAL,
 GHSA-j9wr-49vq-rm5g,2021-04-19T14:46:49Z,"Server classes and resources exposure in OSGi applications using Vaadin 12-14 and 19",com.vaadin:vaadin-bom,12.0.0,14.4.10,HIGH,CWE-402
 GHSA-j9wr-49vq-rm5g,2021-04-19T14:46:49Z,"Server classes and resources exposure in OSGi applications using Vaadin 12-14 and 19",com.vaadin:vaadin-bom,19.0.0,19.0.1,HIGH,CWE-402
+GHSA-jcgg-mg9g-p9wf,2024-11-25T09:30:58Z,"Duplicate Advisory: Keycloak Build Process Exposes Sensitive Data","org.keycloak:keycloak-quarkus-server",0,24.0.9,MODERATE,CWE-798
+GHSA-jcgg-mg9g-p9wf,2024-11-25T09:30:58Z,"Duplicate Advisory: Keycloak Build Process Exposes Sensitive Data","org.keycloak:keycloak-quarkus-server",25.0.0,26.0.6,MODERATE,CWE-798
 GHSA-jfmf-w293-8xr8,2021-10-13T18:55:52Z,"Regular expression Denial of Service (ReDoS) in EmailValidator class in V7 compatibility module in Vaadin 8",com.vaadin:vaadin-bom,8.0.0,8.13.0,HIGH,
 GHSA-jgvc-jfgh-rjvv,2023-04-27T23:52:54Z,"Chosen Ciphertext Attack in Jose4j",org.bitbucket.b_c:jose4j,0,0.9.3,MODERATE,CWE-327
 GHSA-jqj4-r483-4gvr,2021-04-19T14:48:51Z,"Reflected cross-site scripting in default RouteNotFoundError view in Vaadin 10 and 11-13",com.vaadin:vaadin-bom,10.0.0,10.0.14,MODERATE,CWE-81
@@ -8167,6 +8186,8 @@ GHSA-mmwx-rj87-vfgr,2024-07-22T14:46:59Z,"DNSJava affected by KeyTrap - NSEC3 cl
 GHSA-mmwx-rj87-vfgr,2024-07-22T14:46:59Z,"DNSJava affected by KeyTrap - NSEC3 closest encloser proof can exhaust CPU resources",org.jitsi:dnssecjava,0,,HIGH,CWE-400
 GHSA-mpcw-3j5p-p99x,2024-10-24T18:27:50Z,"Butterfly's parseJSON, getJSON functions eval malicious input, leading to remote code execution (RCE)","org.openrefine.dependencies:butterfly",0,1.2.6,MODERATE,CWE-185;CWE-95
 GHSA-mwm4-5qwr-g9pf,2022-04-28T21:00:31Z,"Keycloak is vulnerable to IDN homograph attack","org.keycloak:keycloak-services",0,18.0.0,LOW,CWE-284
+GHSA-pcx7-8hxg-j823,2024-11-25T09:30:59Z,"Duplicate Advisory: Keycloak proxy header handling Denial-of-Service (DoS) vulnerability","org.keycloak:keycloak-quarkus-server",0,24.0.9,MODERATE,CWE-444
+GHSA-pcx7-8hxg-j823,2024-11-25T09:30:59Z,"Duplicate Advisory: Keycloak proxy header handling Denial-of-Service (DoS) vulnerability","org.keycloak:keycloak-quarkus-server",25.0.0,26.0.6,MODERATE,CWE-444
 GHSA-q2fj-6h62-59m2,2022-12-30T22:13:59Z,"Apiman Vert.x Gateway has Transitive Hazelcast connection caching issue","io.apiman:apiman-distro-vertx",0,3.0.0.Final,HIGH,
 GHSA-q2fj-6h62-59m2,2022-12-30T22:13:59Z,"Apiman Vert.x Gateway has Transitive Hazelcast connection caching issue","io.apiman:apiman-gateway-platforms-vertx",0,3.0.0.Final,HIGH,
 GHSA-q2gp-gph3-88x9,2022-08-06T00:00:42Z,"Keycloak allows arbitrary Javascript to be uploaded for SAML protocol mapper even if UPLOAD_SCRIPTS feature disabled","org.keycloak:keycloak-saml-core",0,,HIGH,
@@ -8180,7 +8201,7 @@ GHSA-qqhq-8r2c-c3f5,2023-12-15T23:43:30Z,"nvdApiKey is logged in debug mode","or
 GHSA-qqhq-8r2c-c3f5,2023-12-15T23:43:30Z,"nvdApiKey is logged in debug mode","org.owasp:dependency-check-maven",9.0.0,9.0.6,LOW,CWE-532
 GHSA-r53m-pfr5-7v87,2019-04-18T14:50:19Z,"Moderate severity vulnerability that affects org.apache.tomcat.embed:tomcat-embed-core","org.apache.tomcat.embed:tomcat-embed-core",8.5.0,8.5.38,MODERATE,
 GHSA-r53m-pfr5-7v87,2019-04-18T14:50:19Z,"Moderate severity vulnerability that affects org.apache.tomcat.embed:tomcat-embed-core","org.apache.tomcat.embed:tomcat-embed-core",9.0.0.M1,9.0.16,MODERATE,
-GHSA-r68h-jhhj-9jvm,2023-11-27T17:25:46Z,"Validator.isValidSafeHTML is being deprecated and will be deleted from org.owasp.esapi:esapi in 1 year",org.owasp.esapi:esapi,0,,HIGH,
+GHSA-r68h-jhhj-9jvm,2023-11-27T17:25:46Z,"Validator.isValidSafeHTML is being deprecated and will be deleted from org.owasp.esapi:esapi in 1 year",org.owasp.esapi:esapi,0,2.6.0.0,MODERATE,
 GHSA-rm7j-f5g5-27vv,2023-10-12T18:30:28Z,"Duplicate Advisory: Denial of Service  in JSON-Java",org.json:json,0,20231013,HIGH,CWE-770
 GHSA-v57x-gxfj-484q,2022-01-21T23:25:04Z,"Security Advisory for ""Log4Shell""","com.hazelcast.jet:hazelcast-jet",4.1,4.5.3,CRITICAL,CWE-20;CWE-400;CWE-502
 GHSA-v57x-gxfj-484q,2022-01-21T23:25:04Z,"Security Advisory for ""Log4Shell""",com.hazelcast:hazelcast,4.0.0,4.0.5,CRITICAL,CWE-20;CWE-400;CWE-502
@@ -8196,6 +8217,10 @@ GHSA-w8gr-xwp4-r9f7,2024-10-14T20:55:22Z,"Vulnerable Redirect URI Validation Res
 GHSA-w8gr-xwp4-r9f7,2024-10-14T20:55:22Z,"Vulnerable Redirect URI Validation Results in Open Redirect","org.keycloak:keycloak-services",23.0.0,24.0.8,MODERATE,CWE-601
 GHSA-w8gr-xwp4-r9f7,2024-10-14T20:55:22Z,"Vulnerable Redirect URI Validation Results in Open Redirect","org.keycloak:keycloak-services",25.0.0,25.0.6,MODERATE,CWE-601
 GHSA-w8v7-c7pm-7wfr,2022-09-02T00:01:02Z,"Duplicate Advisory: Keycloak vulnerable to Cross-Site Scripting (XSS)","org.keycloak:keycloak-core",0,,MODERATE,CWE-79
+GHSA-wpvf-5mc3-hv6m,2024-11-20T21:30:50Z,"Duplicate Advisory: Querydsl SQL/HQL injection","com.querydsl:querydsl-apt",0,,HIGH,CWE-89
+GHSA-wpvf-5mc3-hv6m,2024-11-20T21:30:50Z,"Duplicate Advisory: Querydsl SQL/HQL injection","com.querydsl:querydsl-jpa",0,,HIGH,CWE-89
+GHSA-wpvf-5mc3-hv6m,2024-11-20T21:30:50Z,"Duplicate Advisory: Querydsl SQL/HQL injection","io.github.openfeign.querydsl:querydsl-apt",0,,HIGH,CWE-89
+GHSA-wpvf-5mc3-hv6m,2024-11-20T21:30:50Z,"Duplicate Advisory: Querydsl SQL/HQL injection","io.github.openfeign.querydsl:querydsl-jpa",0,,HIGH,CWE-89
 GHSA-wrr7-33fx-rcvj,2020-06-15T18:44:56Z,"Deserialization of Untrusted Data in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.7.0,2.7.9.4,HIGH,
 GHSA-wrr7-33fx-rcvj,2020-06-15T18:44:56Z,"Deserialization of Untrusted Data in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.8.0,2.8.11.2,HIGH,
 GHSA-wrr7-33fx-rcvj,2020-06-15T18:44:56Z,"Deserialization of Untrusted Data in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.9.0,2.9.6,HIGH,