| bcpg-jdk18on | 1.83 | HIGH | GHSA-cj8j-37rh-8475 | 1.84 | Bouncy Castle Uncontrolled Resource Consumption vulnerability |
| glibc | 2.43-r6 | HIGH | CVE-2026-5928 | n/a | Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte |
| bcprov-jdk18on | 1.83 | HIGH | GHSA-p93r-85wp-75v3 | 1.84 | Bouncy Castle Has Covert Timing Channel Vulnerability |
| jetty-http | 12.1.6 | HIGH | GHSA-355h-qmc2-wpwf | 12.1.7 | Jetty has HTTP Request Smuggling via Chunked Extension Quoted-String Parsing |
| jackson-core | 3.1.0 | HIGH | GHSA-2m67-wjpj-xhg9 | 3.1.1 | Jackson Core: Document length constraint bypass in blocking, async, and DataInput parsers |
| bcprov-jdk18on | 1.83 | MEDIUM | GHSA-c3fc-8qff-9hwx | 1.84 | Bouncy Castle has an LDAP injection |
| commons-lang | 2.6 | MEDIUM | GHSA-j288-q9x7-2f5v | n/a | Apache Commons Lang is vulnerable to Uncontrolled Recursion when processing long inputs |
| spring-security-core | 6.5.9 | MEDIUM | GHSA-x2wq-9x2f-fhj7 | 6.5.10 | Spring Security Core has a TOCTOU race condition when One-Time Token login with JdbcOneTimeTokenService is configured |
| bcpkix-jdk18on | 1.83 | MEDIUM | GHSA-wg6q-6289-32hp | 1.84 | Bouncy Castle Crypto Package For Java: Use of a Broken or Risky Cryptographic Algorithm vulnerability in bcpkix modules |