libs/avenirs-portfolio-common/pom.xml - Trivy Report - 2026-03-27 15:08:14.328806241 +0000 UTC m=+30.908544905

pom
Package Vulnerability ID Severity Installed Version Fixed Version Links
org.springframework.security:spring-security-core CVE-2025-41248 HIGH 6.4.6 6.4.10, 6.5.4 https://access.redhat.com/security/cve/CVE-2025-41248 https://github.com/spring-projects/spring-security https://github.com/spring-projects/spring-security/commit/d0f93fa6d8338149943ae640c53db07de827867f https://github.com/spring-projects/spring-security/commit/e5694ac7b5e4394b920c6cab48b7bfbd871f84bd https://github.com/spring-projects/spring-security/issues/17898 https://github.com/spring-projects/spring-security/issues/17899 https://github.com/spring-projects/spring-security/releases/tag/6.4.10 https://github.com/spring-projects/spring-security/releases/tag/6.5.4 https://nvd.nist.gov/vuln/detail/CVE-2025-41248 https://spring.io/security/cve-2025-41248 https://www.cve.org/CVERecord?id=CVE-2025-41248
org.springframework:spring-core CVE-2025-41249 HIGH 6.2.7 6.2.11 https://access.redhat.com/security/cve/CVE-2025-41249 https://github.com/spring-projects/spring-framework https://github.com/spring-projects/spring-framework/commit/6d710d482a6785b069e35022e81758953afc21ff https://github.com/spring-projects/spring-framework/issues/35342 https://github.com/spring-projects/spring-framework/releases/tag/v6.2.11 https://nvd.nist.gov/vuln/detail/CVE-2025-41249 https://spring.io/security/cve-2025-41249 https://www.cve.org/CVERecord?id=CVE-2025-41249
No Misconfigurations found
pom
Package Vulnerability ID Severity Installed Version Fixed Version Links
com.fasterxml.jackson.core:jackson-core GHSA-72hv-8253-57qq HIGH 2.18.4 2.18.6, 2.21.1, 3.1.0 https://github.com/FasterXML/jackson-core https://github.com/FasterXML/jackson-core/commit/b0c428e6f993e1b5ece5c1c3cb2523e887cd52cf https://github.com/FasterXML/jackson-core/pull/1555 https://github.com/FasterXML/jackson-core/security/advisories/GHSA-72hv-8253-57qq
io.netty:netty-codec-http2 CVE-2025-55163 HIGH 4.1.121.Final 4.2.4.Final, 4.1.124.Final http://www.openwall.com/lists/oss-security/2025/08/16/1 https://access.redhat.com/security/cve/CVE-2025-55163 https://github.com/grpc/grpc-java/commit/6462ef9a11980e168c21d90bbc7245c728fd1a7a https://github.com/netty/netty https://github.com/netty/netty/commit/be53dc3c9acd9af2e20d0c3c07cd77115a594cf1 https://github.com/netty/netty/security/advisories/GHSA-prj3-ccx8-p6x4 https://kb.cert.org/vuls/id/767506 https://nvd.nist.gov/vuln/detail/CVE-2025-55163 https://www.cve.org/CVERecord?id=CVE-2025-55163 https://www.kb.cert.org/vuls/id/767506
org.apache.tomcat.embed:tomcat-embed-core CVE-2025-48988 HIGH 10.1.41 11.0.8, 10.1.42, 9.0.106 http://www.openwall.com/lists/oss-security/2025/06/16/1 https://access.redhat.com/errata/RHSA-2025:14181 https://access.redhat.com/security/cve/CVE-2025-48988 https://bugzilla.redhat.com/2373015 https://bugzilla.redhat.com/2373018 https://bugzilla.redhat.com/2373020 https://bugzilla.redhat.com/2373309 https://bugzilla.redhat.com/2379374 https://bugzilla.redhat.com/2379382 https://bugzilla.redhat.com/2379386 https://bugzilla.redhat.com/show_bug.cgi?id=2373015 https://bugzilla.redhat.com/show_bug.cgi?id=2373018 https://bugzilla.redhat.com/show_bug.cgi?id=2373020 https://bugzilla.redhat.com/show_bug.cgi?id=2373309 https://bugzilla.redhat.com/show_bug.cgi?id=2379374 https://bugzilla.redhat.com/show_bug.cgi?id=2379382 https://bugzilla.redhat.com/show_bug.cgi?id=2379386 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48976 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48988 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48989 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49125 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52434 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52520 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53506 https://errata.almalinux.org/9/ALSA-2025-14181.html https://errata.rockylinux.org/RLSA-2025:14181 https://github.com/apache/tomcat https://github.com/apache/tomcat/commit/2b0ab14fb55d4edc896e5f1817f2ab76f714ae5e https://github.com/apache/tomcat/commit/2b0ab14fb55d4edc896e5f1817f2ab76f714ae5e (11.0.8) https://github.com/apache/tomcat/commit/cdde8e655bc1c5c60a07efd216251d77c52fd7f6 https://github.com/apache/tomcat/commit/cdde8e655bc1c5c60a07efd216251d77c52fd7f6 (10.1.42) https://github.com/apache/tomcat/commit/ee8042ffce4cb9324dfd79efda5984f37bbb6910 https://github.com/apache/tomcat/commit/ee8042ffce4cb9324dfd79efda5984f37bbb6910 (9.0.106) https://linux.oracle.com/cve/CVE-2025-48988.html https://linux.oracle.com/errata/ELSA-2025-14181.html https://lists.apache.org/thread/nzkqsok8t42qofgqfmck536mtyzygp18 https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html https://nvd.nist.gov/vuln/detail/CVE-2025-48988 https://tomcat.apache.org/security-10.html https://tomcat.apache.org/security-11.html https://tomcat.apache.org/security-9.html https://www.cve.org/CVERecord?id=CVE-2025-48988
org.apache.tomcat.embed:tomcat-embed-core CVE-2025-48989 HIGH 10.1.41 11.0.10, 10.1.44, 9.0.108 http://www.openwall.com/lists/oss-security/2025/08/13/2 https://access.redhat.com/errata/RHSA-2025:14181 https://access.redhat.com/security/cve/CVE-2025-48989 https://bugzilla.redhat.com/2373015 https://bugzilla.redhat.com/2373018 https://bugzilla.redhat.com/2373020 https://bugzilla.redhat.com/2373309 https://bugzilla.redhat.com/2379374 https://bugzilla.redhat.com/2379382 https://bugzilla.redhat.com/2379386 https://bugzilla.redhat.com/show_bug.cgi?id=2373015 https://bugzilla.redhat.com/show_bug.cgi?id=2373018 https://bugzilla.redhat.com/show_bug.cgi?id=2373020 https://bugzilla.redhat.com/show_bug.cgi?id=2373309 https://bugzilla.redhat.com/show_bug.cgi?id=2379374 https://bugzilla.redhat.com/show_bug.cgi?id=2379382 https://bugzilla.redhat.com/show_bug.cgi?id=2379386 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48976 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48988 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48989 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49125 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52434 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52520 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53506 https://errata.almalinux.org/9/ALSA-2025-14181.html https://errata.rockylinux.org/RLSA-2025:14181 https://github.com/apache/tomcat https://github.com/apache/tomcat/commit/73c04a10395774bda71a0b37802cf983662ce255 https://github.com/apache/tomcat/commit/73c04a10395774bda71a0b37802cf983662ce255 (10.1.44) https://github.com/apache/tomcat/commit/f362c8eb3b8ec5b7f312f7f5610731c0fb299a06 https://github.com/apache/tomcat/commit/f362c8eb3b8ec5b7f312f7f5610731c0fb299a06 (11.0.10) https://github.com/apache/tomcat/commit/f36b8a4eea4ce8a0bc035079e1d259d29f5eb7bf https://github.com/apache/tomcat/commit/f36b8a4eea4ce8a0bc035079e1d259d29f5eb7bf (9.0.108) https://kb.cert.org/vuls/id/767506 https://linux.oracle.com/cve/CVE-2025-48989.html https://linux.oracle.com/errata/ELSA-2025-14181.html https://lists.apache.org/thread/9ydfg0xr0tchmglcprhxgwhj0hfwxlyf https://nvd.nist.gov/vuln/detail/CVE-2025-48989 https://tomcat.apache.org/security-10.html https://tomcat.apache.org/security-11.html https://tomcat.apache.org/security-9.html https://www.cve.org/CVERecord?id=CVE-2025-48989 https://www.kb.cert.org/vuls/id/767506
org.apache.tomcat.embed:tomcat-embed-core CVE-2025-52520 HIGH 10.1.41 11.0.9, 10.1.43, 9.0.107 http://www.openwall.com/lists/oss-security/2025/07/10/12 https://access.redhat.com/errata/RHSA-2025:14181 https://access.redhat.com/security/cve/CVE-2025-52520 https://bugzilla.redhat.com/2373015 https://bugzilla.redhat.com/2373018 https://bugzilla.redhat.com/2373020 https://bugzilla.redhat.com/2373309 https://bugzilla.redhat.com/2379374 https://bugzilla.redhat.com/2379382 https://bugzilla.redhat.com/2379386 https://bugzilla.redhat.com/show_bug.cgi?id=2373015 https://bugzilla.redhat.com/show_bug.cgi?id=2373018 https://bugzilla.redhat.com/show_bug.cgi?id=2373020 https://bugzilla.redhat.com/show_bug.cgi?id=2373309 https://bugzilla.redhat.com/show_bug.cgi?id=2379374 https://bugzilla.redhat.com/show_bug.cgi?id=2379382 https://bugzilla.redhat.com/show_bug.cgi?id=2379386 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48976 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48988 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48989 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49125 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52434 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52520 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53506 https://errata.almalinux.org/9/ALSA-2025-14181.html https://errata.rockylinux.org/RLSA-2025:14181 https://github.com/apache/tomcat https://github.com/apache/tomcat/commit/927d66fbc294cb65242102b817a45fd80834e040 https://github.com/apache/tomcat/commit/927d66fbc294cb65242102b817a45fd80834e040 (9.0.107) https://github.com/apache/tomcat/commit/a51e4bedccfafd35b7cdd0ee3e22267dee9f90db https://github.com/apache/tomcat/commit/a51e4bedccfafd35b7cdd0ee3e22267dee9f90db (11.0.9) https://github.com/apache/tomcat/commit/fc42bbccb9041fafd194fbfdf3eab1d44cb5c45c https://github.com/apache/tomcat/commit/fc42bbccb9041fafd194fbfdf3eab1d44cb5c45c (10.1.43) https://linux.oracle.com/cve/CVE-2025-52520.html https://linux.oracle.com/errata/ELSA-2025-14181.html https://lists.apache.org/thread/trqq01bbxw6c92zx69kx2mw2qgmfy0o5 https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html https://nvd.nist.gov/vuln/detail/CVE-2025-52520 https://www.cve.org/CVERecord?id=CVE-2025-52520
org.apache.tomcat.embed:tomcat-embed-core CVE-2025-53506 HIGH 10.1.41 9.0.107, 10.1.43, 11.0.9 http://www.openwall.com/lists/oss-security/2025/07/10/13 https://access.redhat.com/errata/RHSA-2025:14181 https://access.redhat.com/security/cve/CVE-2025-53506 https://bugzilla.redhat.com/2373015 https://bugzilla.redhat.com/2373018 https://bugzilla.redhat.com/2373020 https://bugzilla.redhat.com/2373309 https://bugzilla.redhat.com/2379374 https://bugzilla.redhat.com/2379382 https://bugzilla.redhat.com/2379386 https://bugzilla.redhat.com/show_bug.cgi?id=2373015 https://bugzilla.redhat.com/show_bug.cgi?id=2373018 https://bugzilla.redhat.com/show_bug.cgi?id=2373020 https://bugzilla.redhat.com/show_bug.cgi?id=2373309 https://bugzilla.redhat.com/show_bug.cgi?id=2379374 https://bugzilla.redhat.com/show_bug.cgi?id=2379382 https://bugzilla.redhat.com/show_bug.cgi?id=2379386 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48976 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48988 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48989 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49125 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52434 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52520 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53506 https://errata.almalinux.org/9/ALSA-2025-14181.html https://errata.rockylinux.org/RLSA-2025:14181 https://github.com/apache/tomcat https://github.com/apache/tomcat/commit/2aa6261276ebe50b99276953591e3a2be7898bdb https://github.com/apache/tomcat/commit/2aa6261276ebe50b99276953591e3a2be7898bdb (10.1.43) https://github.com/apache/tomcat/commit/434772930f362145516dd60681134e7f0cf8115b https://github.com/apache/tomcat/commit/434772930f362145516dd60681134e7f0cf8115b (9.0.107) https://github.com/apache/tomcat/commit/be8f330f83ceddaf3baeed57522e571572b6b99b https://github.com/apache/tomcat/commit/be8f330f83ceddaf3baeed57522e571572b6b99b (11.0.9) https://linux.oracle.com/cve/CVE-2025-53506.html https://linux.oracle.com/errata/ELSA-2025-14181.html https://lists.apache.org/thread/p09775q0rd185m6zz98krg0fp45j8kr0 https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html https://nvd.nist.gov/vuln/detail/CVE-2025-53506 https://www.cve.org/CVERecord?id=CVE-2025-53506
org.apache.tomcat.embed:tomcat-embed-core CVE-2025-55752 HIGH 10.1.41 11.0.11, 10.1.45, 9.0.109 http://www.openwall.com/lists/oss-security/2025/10/27/4 https://access.redhat.com/errata/RHSA-2025:23049 https://access.redhat.com/security/cve/CVE-2025-55752 https://bugzilla.redhat.com/2362782 https://bugzilla.redhat.com/2406591 https://bugzilla.redhat.com/show_bug.cgi?id=2362782 https://bugzilla.redhat.com/show_bug.cgi?id=2406591 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31651 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55752 https://errata.almalinux.org/9/ALSA-2025-23049.html https://errata.rockylinux.org/RLSA-2025:23049 https://github.com/apache/tomcat https://github.com/apache/tomcat/commit/130d36d8492ef9e4eb22952c17c92423cb35fd06 https://github.com/apache/tomcat/commit/b5042622b8b78340ae65403c55dcb9c7416924df https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a https://linux.oracle.com/cve/CVE-2025-55752.html https://linux.oracle.com/errata/ELSA-2025-23052.html https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog https://nvd.nist.gov/vuln/detail/CVE-2025-55752 https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.45 https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.11 https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.109 https://www.cve.org/CVERecord?id=CVE-2025-55752 https://www.vicarius.io/vsociety/posts/cve-2025-55752-detect-apache-tomcat-vulnerability https://www.vicarius.io/vsociety/posts/cve-2025-55752-mitigate-apache-tomcat-vulnerability
org.postgresql:postgresql CVE-2025-49146 HIGH 42.7.5 42.7.7 https://access.redhat.com/security/cve/CVE-2025-49146 https://datatracker.ietf.org/doc/html/rfc5802 https://datatracker.ietf.org/doc/html/rfc7677 https://github.com/pgjdbc/pgjdbc https://github.com/pgjdbc/pgjdbc/commit/9217ed16cb2918ab1b6b9258ae97e6ede244d8a0 https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-hq9p-pm7w-8p54 https://nvd.nist.gov/vuln/detail/CVE-2025-49146 https://www.cve.org/CVERecord?id=CVE-2025-49146 https://www.postgresql.org/docs/current/sasl-authentication.html#SASL-SCRAM-SHA-256
org.springframework.security:spring-security-core CVE-2025-41248 HIGH 6.4.6 6.4.10, 6.5.4 https://access.redhat.com/security/cve/CVE-2025-41248 https://github.com/spring-projects/spring-security https://github.com/spring-projects/spring-security/commit/d0f93fa6d8338149943ae640c53db07de827867f https://github.com/spring-projects/spring-security/commit/e5694ac7b5e4394b920c6cab48b7bfbd871f84bd https://github.com/spring-projects/spring-security/issues/17898 https://github.com/spring-projects/spring-security/issues/17899 https://github.com/spring-projects/spring-security/releases/tag/6.4.10 https://github.com/spring-projects/spring-security/releases/tag/6.5.4 https://nvd.nist.gov/vuln/detail/CVE-2025-41248 https://spring.io/security/cve-2025-41248 https://www.cve.org/CVERecord?id=CVE-2025-41248
org.springframework:spring-core CVE-2025-41249 HIGH 6.2.7 6.2.11 https://access.redhat.com/security/cve/CVE-2025-41249 https://github.com/spring-projects/spring-framework https://github.com/spring-projects/spring-framework/commit/6d710d482a6785b069e35022e81758953afc21ff https://github.com/spring-projects/spring-framework/issues/35342 https://github.com/spring-projects/spring-framework/releases/tag/v6.2.11 https://nvd.nist.gov/vuln/detail/CVE-2025-41249 https://spring.io/security/cve-2025-41249 https://www.cve.org/CVERecord?id=CVE-2025-41249
No Misconfigurations found