Know every threat before it ships
200K+ vulnerabilities, malicious packages, and supply chain threats enriched with Corgea's research.
LOW 3.7
CVE-2020-9488
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender
LOW 3.7
CVE-2026-43514
Apache Tomcat - AJP secret compared in non-constant time
LOW 3.7
CVE-2026-44242
Micronaut has Unbounded `bundleCache` in `ResourceBundleMessageSource` that Allows Memory Exhaustion via `Accept-Language` Header
LOW 2.4
CVE-2026-42188
Geyser Vulnerable to Server-Side Request Forgery (SSRF) via Player Head Texture URL in Geyser
LOW 3.1
CVE-2024-20925
Vulnerability affecting the org.openjfx:javafx-media maven component of the OpenJFX project
LOW 3.7
CVE-2025-7789
xxl-job has Inadequate Encryption Strength
LOW 2.2
GHSA-x5hg-x4gv-j98m
OpenSearch has ineffective TLS certificate hostname verification
LOW 3.7
GHSA-83x9-vc3c-hghc
OpenSearch has a bypass of REST Layer Authorization Using Malformed Paths
LOW 2.2
GHSA-22vx-2x23-98w6
OpenSearch vulnerable to improper authorization for Rollover Requests
LOW 3.7
CVE-2026-7303
xxl-job has a Resource Injection issue
LOW 3.7
CVE-2026-40969
Spring gRPC AuthenticationException messages are reflected to remote client
LOW 3.7
CVE-2026-22746
Spring Security Vulnerable to User Attribute Enumeration when Using DaoAuthenticationProvider
LOW 3.1
CVE-2026-4874
Keycloak Server-Side Request Forgery via OIDC token endpoint manipulation
LOW 3.7
CVE-2026-4633
Keycloak's identity-first login flow exposes user information
LOW 3.9
CVE-2023-41329
Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes
LOW 3.7
CVE-2026-37977
Keycloak vulnerable to information disclosure via CORS header injection due to unvalidated JWT azp claim
LOW 2.7
CVE-2025-14083
Keycloak Admin REST API exposes backend schema and rules
LOW 2.7
CVE-2025-14082
Keycloak Admin REST (Representational State Transfer) API does not properly enforce permissions
LOW 2.7
CVE-2026-3911
Keycloak: Information disclosure of disabled user attributes via administrative endpoint
LOW 3.1
CVE-2026-1035
Keycloak does not validate and update refresh token usage atomically
LOW 2.6
CVE-2026-22735
Spring MVC and WebFlux has Server Sent Event stream corruption
LOW 3.7
CVE-2025-10939
Keycloak unable to restrict access to the admin console
LOW 3.3
CVE-2020-8908
Information Disclosure in Guava
LOW 2.0
CVE-2021-32729
A user without PR can reset user authentication failures information
LOW 3.0
CVE-2021-21331
Local Information Disclosure Vulnerability
LOW 2.7
CVE-2021-28163
Directory exposure in jetty
LOW 2.7
CVE-2022-2047
Jetty invalid URI parsing may produce invalid HttpURI.authority
LOW 3.5
CVE-2021-34428
SessionListener can prevent a session from being invalidated breaking logout
LOW 3.3
CVE-2021-23331
Insecure temporary file used in com.squareup:connect
LOW 3.7
CVE-2025-11143
org.eclipse.jetty:jetty-http has different parsing of invalid URIs
LOW 3.8
CVE-2026-2733
Keycloak: Missing Check on Disabled Client for Docker Registry Protocol
LOW 3.1
CVE-2026-1190
Keycloak's missing timestamp validation allows attackers to extend SAML response validity periods
LOW 3.7
CVE-2025-1396
WSO2's Input Validation Management Service contains Observable Discrepancy when Multi-Attribute Login is enabled
LOW 3.3
CVE-2026-3293
Snowflake JDBC Driver is Vulnerable to Uncontrolled Resource Consumption through SdkProxyRoutePlanner
LOW 3.1
CVE-2025-12150
Keycloak REST Services has a WebAuthn Attestation Statement Verification Bypass
LOW 2.7
CVE-2025-13881
Keycloak Admin API allows an administrator with limited privileges to retrieve sensitive custom attributes
LOW 3.9
GHSA-58qw-p7qm-5rvh
Eclipse Jetty XmlParser allows arbitrary DOCTYPE declarations
LOW 3.3
CVE-2025-27496
Snowflake JDBC Driver client-side encryption key in DEBUG logs
LOW 3.7
CVE-2024-6763
Eclipse Jetty URI parsing of invalid authority
LOW 2.4
CVE-2023-26049
Eclipse Jetty's cookie parsing of quoted values can exfiltrate values from other cookies
LOW 3.5
CVE-2025-67639
Jenkins has a CSRF vulnerability on the login form
LOW 3.3
GHSA-qqhq-8r2c-c3f5
nvdApiKey is logged in debug mode
LOW 2.7
CVE-2024-5967
Keycloak leaks configured LDAP bind credentials through the Keycloak admin console
LOW 3.7
CVE-2024-45384
druid-pac4j, Apache Druid extension, has Padding Oracle vulnerability
LOW 3.6
CVE-2023-27903
Incorrect Authorization in Jenkins Core
LOW 3.1
CVE-2025-22233
Spring Framework DataBinder Case Sensitive Match Exception
LOW 3.5
CVE-2023-41900
Jetty's OpenId Revoked authentication allows one request
LOW 3.7
CVE-2024-38829
Spring LDAP data exposure vulnerability
LOW 3.4
CVE-2023-0657
Keycloak vulnerable to impersonation via logout token exchange
LOW 2.7
CVE-2023-5384
Infinispan caches credentials in clear text
LOW 3.3
CVE-2024-23454
Apache Hadoop: Temporary File Local Information Disclosure
LOW 3.5
CVE-2023-36479
Jetty vulnerable to errant command quoting in CGI Servlet
LOW 3.1
CVE-2024-39458
Exposure of secrets through system log in Jenkins Structs Plugin
LOW 3.1
CVE-2023-27904
Information disclosure through error stack traces related to agents
LOW 2.7
CVE-2024-10492
Keycloak Path Traversal Vulnerability Due to External Control of File Name or Path
LOW 3.8
CVE-2024-4028
Keycloak allows cross-site scripting (XSS)
LOW 2.7
CVE-2026-1518
Keycloak Server-Side Request Forgery (SSRF) vulnerability
LOW 3.7
CVE-2026-0976
Keycloak has an improper input validation vulnerability
LOW 3.7
CVE-2026-24656
Apache Karaf Decanter has Deserialization of Untrusted Data in its Log Socket Collector
LOW 3.7
GHSA-c6cm-5gc7-c3f4
Duplicate Advisory: Keycloak allows access to admin path through flaw
Ready to move
Start Securing
Free, no credit card | First findings in minutes