h2: Remote Code Execution in Console

Loading of custom classes from remote servers through JNDI

OrientDB vulnerable to Improper Privilage Management leading to arbitrary command injection

tika: Native deserialization of Java objects in matlab files

GeoTools OGC Filter SQL Injection Vulnerabilities

Untrusted input may lead to RCE attack

cas-client: Bypass of security constraints via URL parameter injection

springframework: Authorization Bypass in RegexRequestMatcher

RCE via Data Binding on JDK 9+

spring: HttpInvokerServiceExporter readRemoteInvocation method untrusted java deserialization

Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: actions/checkout@v3, actions/setup-java@v3, gradle/gradle-build-action@v2, actions/upload-artifact@v3, mikepenz/action-junit-report@v3. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.