A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. Th

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads.

Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an ou

When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an ou

When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infi

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting