Skip to content
Tools / starrocks / Security

Security Deep Dive

starrocks

Security posture and CVE patch evidence from tracked releases.

Back to Tool

7 actively-exploited dependency CVEs affects 4.0.10.

KEV-listed CVEs are confirmed exploited in the wild — patch urgently.

Versions by Severity

CVEs are attributed to tracked releases published before the patch release.

14 versions tracked
Version Published C H M L KEV Notes
4.0.10 2026-05-09
Latest Patches CVE-2017-12615 Patches CVE-2017-12617 Patches CVE-2020-1938 Patches CVE-2021-44228 Patches CVE-2021-45046 Patches CVE-2023-44487 Patches CVE-2025-24813
4.1.0 2026-04-21 4 3 KEV 7
4.0.9 2026-04-17 4 3 KEV 7
3.5.15 2026-03-30 4 3 KEV 7
4.0.8 2026-03-26 4 3 KEV 7
3.5.14 2026-03-05 4 3 KEV 7
4.0.6 2026-02-16 4 3 KEV 7
3.5.13 2026-02-13 4 3 KEV 7
4.0.5 2026-02-04 4 3 KEV 7
3.3.22 2026-01-27 4 3 KEV 7
3.5.12 2026-01-22 4 3 KEV 7
4.0.4 2026-01-16 4 3 KEV 7
3.4.10 2026-01-14 4 3 KEV 7
3.5.11 2026-01-06 4 3 KEV 7
— Signed — SLSA — SBOM ✓ Security policy Weekly cadence · 7d median Active maintainer

Trust Signals — 3 of 9 Present

Evidence already collected from releases and repository metadata.

3/9 Present
Signed releases Unknown
Latest release artifact signature Latest release
SLSA provenance Unknown
Attestation predicate level Latest release
SBOM published Unknown
GitHub SBOM API Latest release
SECURITY.md Present
GitHub repository metadata Repository policy
Checked: 22d ago
Release cadence: weekly Present
7d median over recent releases Release history
Latest release: 25d ago
Maintainer active Present
Recent commit activity Repository
Last commit: 1d ago
Checksums (SHA256SUMS) Not active yet
SHA256SUMS or equivalent Release asset
Latest release: 25d ago
GitHub Actions attestation Not active yet
actions/attest-build-provenance Workflow file
Latest release: 25d ago
Signing assets Not active yet
.sig, .crt, cosign.pub, or similar Release asset
Latest release: 25d ago
0.5/10 Security Score
Dependency Exposure 276 transitive dependency CVEs found in the latest SBOM. 47 critical.

Security Score

A composite score aggregating Scorecard performance, CVE patch history, OpenSSF badge tier, and dependency vulnerability exposure. Score ≥ 7.0 is healthy; < 4.0 warrants attention.

epss

0.00 / 0.5

Max EPSS 0.945

freshness

1.00 / 1.0

1d stale

scorecard

2.00 / 4.0

⚠ Estimated — not yet collected

cve health

0.00 / 2.5

No open CVEs

patch speed

0.50 / 0.5

⚠ Estimated — no CVE patch history

kev exposure

-1.50 / 1.5

KEV exposure detected

supply chain risk

-1.50 / 10.0

Risk 100.0/100

Score breakdown

schema v2

Vulnerability posture

vulnerability posture

0.0

25%

direct cves: clear cve scan: available

Release responsiveness

release responsiveness

10.0

5%

patch speed days: no_history

Dependency exposure

dependency exposure

0.0

10%

supply chain risk: 100.0 transitive cves: 47c/143h

Provenance trust

provenance trust

5.0

40%

scorecard score: estimated openssf badge: none

Maintainer health

maintainer health

10.0

10%

activity freshness: 1d

Operational risk

operational risk

0.0

10%

kev exposure: detected epss max: 0.945
How is this calculated?

The six dimensions group the legacy score signals into weighted categories: direct vulnerability status, patch responsiveness, dependency exposure, provenance checks, maintainer activity, and exploitability risk. The flat component values above remain available for compatibility.

Supply Chain Risk

Risk 100.0/100
47 Transitive critical CVEs
7 KEV-transitive CVEs
61% Dependency freshness

OpenSSF Badge

OpenSSF none

Badge indicates adherence to open-source best practices.

CVE Patch History

Tracks CVEs that were addressed in tagged releases. Shorter gap between disclosure and patch = faster response. EPSS = predicted probability of exploitation in next 30 days (FIRST.org); colored at ≥90%ile and ≥50%ile.

CVEs Patched by Year

Critical High Medium Low
2026
7
CVE Severity EPSS Disclosed Fixed in Days to fix vs Ecosystem Median KEV
CVE-2017-12615 HIGH 99%ile 4.0.10 KEV
CVE-2017-12617 HIGH 99%ile 4.0.10 KEV
CVE-2020-1938 CRITICAL 99%ile 4.0.10 KEV
CVE-2021-44228 CRITICAL 99%ile 4.0.10 KEV
CVE-2021-45046 CRITICAL 99%ile 4.0.10 KEV
CVE-2023-44487 HIGH 99%ile 4.0.10 KEV
CVE-2025-24813 CRITICAL 99%ile 4.0.10 KEV

KEV = CISA Known Exploited Vulnerabilities catalog — actively exploited in the wild.

Dependency Vulnerabilities

1804 dependencies scanned View full dependency list →

Scanning the SBOM (Software Bill of Materials) of the latest release for known vulnerabilities in transitive dependencies.

Critical

47

High

143

Medium

75

Low

11

Unknown

0

7 dependency vulnerabilities are in KEV.

CISA confirmed these vulnerabilities are actively exploited. Treat as critical priority.

Still affecting latest (17) All (276)
Critical 47 High 143 Medium 75 Low 11
CVE Severity KEV Dependency Affected version Cleared in release
CVE-2012-4449 critical org.apache.hadoop:hadoop-client 4.0.10
CVE-2015-7501 critical commons-collections:commons-collections 4.0.10
CVE-2017-15095 critical com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2017-17485 critical com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2017-5645 critical org.apache.logging.log4j:log4j-core 4.0.10
CVE-2017-5648 critical org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2017-5651 critical org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2017-7525 critical com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2018-11307 critical com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2018-14718 critical com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2018-14719 critical com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2018-14720 critical com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2018-14721 critical com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2018-19360 critical com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2018-19361 critical com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2018-19362 critical com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2018-7489 critical com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2018-8014 critical org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2019-14379 critical com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2019-14540 critical com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2019-16335 critical com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2019-16942 critical com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2019-16943 critical com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2019-17267 critical com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2019-17531 critical com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2019-20330 critical com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2020-1938 critical KEV org.apache.tomcat.embed:tomcat-embed-core
CVE-2020-8840 critical com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2020-9546 critical com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2020-9547 critical com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2020-9548 critical com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2021-37404 critical org.apache.hadoop:hadoop-common 4.0.10
CVE-2021-44228 critical KEV org.apache.logging.log4j:log4j-core
CVE-2021-45046 critical KEV org.apache.logging.log4j:log4j-core
CVE-2022-25168 critical org.apache.hadoop:hadoop-common 4.0.10
CVE-2022-26612 critical org.apache.hadoop:hadoop-common 4.0.10
CVE-2022-36944 critical org.scala-lang:scala-library 4.0.10
CVE-2022-37865 critical org.apache.ivy:ivy 4.0.10
CVE-2023-22946 critical org.apache.spark:spark-core_2.12 4.0.10
CVE-2023-44981 critical org.apache.zookeeper:zookeeper 4.0.10
CVE-2024-1597 critical org.postgresql:postgresql 4.0.10
CVE-2024-36039 critical pymysql 1.1.0 4.0.10
CVE-2024-47561 critical org.apache.avro:avro 4.0.10
CVE-2025-24813 critical KEV org.apache.tomcat.embed:tomcat-embed-core
CVE-2025-30065 critical org.apache.parquet:parquet-avro 4.0.10
CVE-2025-59059 critical org.apache.ranger:ranger-plugins-common 4.0.10
CVE-2026-29145 critical org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2012-1618 high org.postgresql:postgresql 4.0.10
CVE-2012-3376 high org.apache.hadoop:hadoop-client 4.0.10
CVE-2013-1633 high setuptools 4.0.10
CVE-2015-6420 high commons-collections:commons-collections 4.0.10
CVE-2016-4970 high io.netty:netty-handler 4.0.10
CVE-2016-5393 high org.apache.hadoop:hadoop-common 4.0.10
CVE-2016-6811 high org.apache.hadoop:hadoop-common 4.0.10
CVE-2017-12615 high KEV org.apache.tomcat.embed:tomcat-embed-core
CVE-2017-12617 high KEV org.apache.tomcat.embed:tomcat-embed-core
CVE-2017-3162 high org.apache.hadoop:hadoop-client 4.0.10
CVE-2017-5637 high org.apache.zookeeper:zookeeper 4.0.10
CVE-2017-7669 high org.apache.hadoop:hadoop-common 4.0.10
CVE-2018-12022 high com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2018-12023 high com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2018-1320 high org.apache.thrift:libthrift 4.0.10
CVE-2018-1336 high org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2018-5968 high com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2018-8012 high org.apache.zookeeper:zookeeper 4.0.10
CVE-2018-8034 high org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2019-0199 high org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2019-0205 high org.apache.thrift:libthrift 4.0.10
CVE-2019-0232 high org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2019-10072 high org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2019-12086 high com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2019-12418 high org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2019-14439 high com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2019-14892 high com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2019-14893 high com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2019-16869 high io.netty:netty-all 4.0.10
CVE-2019-17563 high org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2020-10650 high com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2020-10672 high com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2020-10673 high com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2020-10968 high com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2020-10969 high com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2020-11111 high com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2020-11112 high com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2020-11113 high com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2020-11612 high io.netty:netty-handler 4.0.10
CVE-2020-11619 high com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2020-11620 high com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2020-13692 high org.postgresql:postgresql 4.0.10
CVE-2020-13949 high org.apache.thrift:libthrift 4.0.10
CVE-2020-14060 high com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2020-14061 high com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2020-14062 high com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2020-14195 high com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2020-24616 high com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2020-24750 high com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2020-25649 high com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2020-35490 high com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2020-35491 high com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2020-35728 high com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2020-36179 high com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2020-36180 high com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2020-36181 high com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2020-36182 high com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2020-36183 high com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2020-36184 high com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2020-36185 high com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2020-36186 high com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2020-36187 high com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2020-36188 high com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2020-36189 high com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2020-36518 high com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2020-7238 high io.netty:netty-handler 4.0.10
CVE-2020-9492 high org.apache.hadoop:hadoop-common 4.0.10
CVE-2021-0341 high com.squareup.okhttp3:okhttp 4.0.10
CVE-2021-20190 high com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2021-22569 high com.google.protobuf:protobuf-java 4.0.10
CVE-2021-25122 high org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2021-25329 high org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2021-33813 high org.jdom:jdom2 4.0.10
CVE-2021-45105 high org.apache.logging.log4j:log4j-core 4.0.10
CVE-2021-46877 high com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2022-21724 high org.postgresql:postgresql 4.0.10
CVE-2022-25647 high com.google.code.gson:gson 4.0.10
CVE-2022-31197 high org.postgresql:postgresql 4.0.10
CVE-2022-3509 high com.google.protobuf:protobuf-java 4.0.10
CVE-2022-3510 high com.google.protobuf:protobuf-java 4.0.10
CVE-2022-37866 high org.apache.ivy:ivy 4.0.10
CVE-2022-40897 high setuptools 4.0.10
CVE-2022-42003 high com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2022-42004 high com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2022-42252 high org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2022-45143 high org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2022-45688 high org.json:json 4.0.10
CVE-2022-46751 high org.apache.ivy:ivy 4.0.10
CVE-2023-1428 high io.grpc:grpc-protobuf 4.0.10
CVE-2023-22102 high com.mysql:mysql-connector-j 8.0.33 4.0.10
CVE-2023-24998 high org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2023-26464 high org.apache.logging.log4j:log4j-core 4.0.10
CVE-2023-28709 high org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2023-32731 high io.grpc:grpc-protobuf 4.0.10
CVE-2023-34455 high org.xerial.snappy:snappy-java 4.0.10
CVE-2023-34981 high org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2023-39410 high org.apache.avro:avro 4.0.10
CVE-2023-43642 high org.xerial.snappy:snappy-java 4.0.10
CVE-2023-46589 high org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2023-5072 high org.json:json 4.0.10
CVE-2024-21272 high mysql-connector-python 9.0.0 4.0.10
CVE-2024-34750 high org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2024-36114 high io.airlift:aircompressor 4.0.10
CVE-2024-47554 high commons-io:commons-io 4.0.10
CVE-2024-50379 high org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2024-51504 high org.apache.zookeeper:zookeeper 4.0.10
CVE-2024-56337 high org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2024-6345 high setuptools 4.0.10
CVE-2024-7254 high com.google.protobuf:protobuf-java 4.0.10
CVE-2025-12183 high at.yawk.lz4:lz4-java 4.0.10
CVE-2025-24970 high io.netty:netty-handler 4.0.10
CVE-2025-27820 high org.apache.httpcomponents.client5:httpclient5 4.0.10
CVE-2025-27821 high org.apache.hadoop:hadoop-hdfs-native-client 4.0.10
CVE-2025-46762 high org.apache.parquet:parquet-avro 4.0.10
CVE-2025-47273 high setuptools 4.0.10
CVE-2025-48988 high org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2025-48989 high org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2025-49146 high org.postgresql:postgresql 4.0.10
CVE-2025-52520 high org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2025-52999 high com.fasterxml.jackson.core:jackson-core 4.0.10
CVE-2025-53506 high org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2025-54920 high org.apache.spark:spark-core_2.12 4.0.10
CVE-2025-55163 high io.grpc:grpc-netty-shaded 1.63.0 4.0.10
CVE-2025-55752 high org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2025-59250 high com.microsoft.sqlserver:mssql-jdbc 4.0.10
CVE-2025-66566 high at.yawk.lz4:lz4-java 4.0.10
CVE-2025-67721 high io.airlift:aircompressor 4.0.10
CVE-2026-24281 high org.apache.zookeeper:zookeeper 4.0.10
CVE-2026-24308 high org.apache.zookeeper:zookeeper 4.0.10
CVE-2026-24400 high org.assertj:assertj-core 3.18.1 4.0.10
CVE-2026-24734 high org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2026-29129 high org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2026-34483 high org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2026-34487 high org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2026-35554 high org.apache.kafka:kafka-clients 3.9.1 4.0.10
CVE-2026-40542 high org.apache.httpcomponents.client5:httpclient5 4.0.10
CVE-2026-42198 high org.postgresql:postgresql 4.0.10
CVE-2026-42577 high io.netty:netty-transport-native-epoll 4.1.132 4.0.10
CVE-2026-43869 high org.apache.thrift:libthrift 0.22.0 4.0.10
CVE-2026-44728 high @babel/plugin-transform-modules-systemjs 7.29.0 4.0.10
CVE-2026-6321 high fast-uri 3.1.0 4.0.10
CVE-2026-6322 high fast-uri 3.1.0 4.0.10
GHSA-5c6j-r48x-rmvq high serialize-javascript 6.0.2 4.0.10
CVE-2008-1947 medium org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2014-0095 medium org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2014-0193 medium io.netty:netty-all 4.0.10
CVE-2014-0229 medium org.apache.hadoop:hadoop-common 4.0.10
CVE-2014-3488 medium io.netty:netty-handler 4.0.10
CVE-2014-3627 medium org.apache.hadoop:hadoop-client 4.0.10
CVE-2015-1776 medium org.apache.hadoop:hadoop-common 4.0.10
CVE-2016-2402 medium com.squareup.okhttp3:okhttp 4.0.10
CVE-2016-5001 medium org.apache.hadoop:hadoop-common 4.0.10
CVE-2016-8746 medium org.apache.ranger:ranger-plugins-common 4.0.10
CVE-2017-3161 medium org.apache.hadoop:hadoop-client 4.0.10
CVE-2018-10237 medium com.google.guava:guava 4.0.10
CVE-2018-11784 medium org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2018-11798 medium org.apache.thrift:libthrift 4.0.10
CVE-2018-1304 medium org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2018-1305 medium org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2018-8037 medium org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2019-0201 medium org.apache.zookeeper:zookeeper 4.0.10
CVE-2019-0221 medium org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2019-10782 medium com.puppycrawl.tools:checkstyle 4.0.10
CVE-2019-12384 medium com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2019-12814 medium com.fasterxml.jackson.core:jackson-databind 4.0.10
CVE-2019-17569 medium org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2019-20445 medium io.netty:netty-handler 4.0.10
CVE-2019-9658 medium com.puppycrawl.tools:checkstyle 4.0.10
CVE-2020-14340 medium org.jboss.xnio:xnio-nio 4.0.10
CVE-2020-15250 medium junit:junit 4.0.10
CVE-2020-1935 medium org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2021-24122 medium org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2021-29425 medium commons-io:commons-io 4.0.10
CVE-2021-44832 medium org.apache.logging.log4j:log4j-core 4.0.10
CVE-2022-30187 medium com.azure:azure-storage-blob 4.0.10
CVE-2022-3171 medium com.google.protobuf:protobuf-java 4.0.10
CVE-2022-31777 medium org.apache.spark:spark-core_2.12 4.0.10
CVE-2022-41946 medium org.postgresql:postgresql 4.0.10
CVE-2023-2976 medium com.google.guava:guava 4.0.10
CVE-2023-32732 medium io.grpc:grpc-protobuf 4.0.10
CVE-2023-34453 medium org.xerial.snappy:snappy-java 4.0.10
CVE-2023-34454 medium org.xerial.snappy:snappy-java 4.0.10
CVE-2023-34462 medium io.netty:netty-handler 4.0.10
CVE-2023-3635 medium com.squareup.okio:okio 4.0.10
CVE-2023-41080 medium org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2023-42795 medium org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2023-44487 medium KEV org.apache.tomcat.embed:tomcat-embed-core
CVE-2023-45648 medium org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2024-21733 medium org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2024-23689 medium com.clickhouse:clickhouse-jdbc 4.0.10
CVE-2024-23944 medium org.apache.zookeeper:zookeeper 4.0.10
CVE-2024-24549 medium org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2024-35255 medium com.azure:azure-identity 4.0.10
CVE-2024-52317 medium org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2025-31650 medium org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2025-48924 medium commons-lang:commons-lang 2.6 4.0.10
CVE-2025-48924 medium org.apache.commons:commons-lang3 3.3.2 4.0.10
CVE-2025-49124 medium org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2025-49125 medium org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2025-49128 medium com.fasterxml.jackson.core:jackson-core 4.0.10
CVE-2025-53864 medium com.nimbusds:nimbus-jose-jwt 9.37.2 4.0.10
CVE-2025-58457 medium org.apache.zookeeper:zookeeper 4.0.10
CVE-2025-66614 medium org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2025-68161 medium org.apache.logging.log4j:log4j-core 2.17.1 4.0.10
CVE-2025-71176 medium pytest 8.0 4.0.10
CVE-2026-25854 medium org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2026-32990 medium org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2026-33558 medium org.apache.kafka:kafka-clients 3.9.1 4.0.10
CVE-2026-34043 medium serialize-javascript 6.0.2 4.0.10
CVE-2026-34477 medium org.apache.logging.log4j:log4j-core 2.17.1 4.0.10
CVE-2026-34478 medium org.apache.logging.log4j:log4j-core 2.23.1 4.0.10
CVE-2026-34479 medium org.apache.logging.log4j:log4j-1.2-api 2.19.0 4.0.10
CVE-2026-34480 medium org.apache.logging.log4j:log4j-core 2.17.1 4.0.10
CVE-2026-34481 medium org.apache.logging.log4j:log4j-layout-template-json 2.19.0 4.0.10
CVE-2026-34500 medium org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2026-41305 medium postcss 8.5.9 4.0.10
GHSA-673j-qm5f-xpv8 medium org.postgresql:postgresql 4.0.10
GHSA-72hv-8253-57qq medium com.fasterxml.jackson.core:jackson-core 2.15.0 4.0.10
CVE-2013-2192 low org.apache.hadoop:hadoop-common 4.0.10
CVE-2020-8908 low com.google.guava:guava 4.0.10
CVE-2020-9488 low org.apache.logging.log4j:log4j-core 4.0.10
CVE-2022-26520 low org.postgresql:postgresql 4.0.10
CVE-2024-23454 low org.apache.hadoop:hadoop-common 4.0.10
CVE-2025-31651 low org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2025-46392 low commons-configuration:commons-configuration 1.6 4.0.10
CVE-2025-46701 low org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2025-55754 low org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2025-61795 low org.apache.tomcat.embed:tomcat-embed-core 4.0.10
CVE-2026-24733 low org.apache.tomcat.embed:tomcat-embed-core 4.0.10

Showing 276 of 276

Beta — feedback welcome: [email protected]