Vulnerability Directory

Every CVE we've remediated.

Filterable. RSS-subscribable. The patch cadence is public by design — not theatre.

Subscribe via RSS

10

Total CVEs

1

Critical

4

High

10

Remediated

HIGH
CVE-2026-3847·RabbitMQ·CVSS 8.6

AMQP 1.0 frame parsing heap overflow

Affected: 3.13.0 – 3.13.7·Patched in: OSSeva for RabbitMQ 3.13.7-1
Remediated

4d ago

MEDIUM
CVE-2026-2211·Apache Kafka·CVSS 6.5

KRaft metadata log injection via crafted vote request

Affected: 3.4.0 – 3.6.1·Patched in: OSSeva for Apache Kafka 3.6.2-osseva-1
Remediated

1w ago

CRITICAL
CVE-2026-1093·Spring Framework·CVSS 9.8

SpEL expression injection in @Value resolution

Affected: 5.3.0 – 5.3.35·Patched in: OSSeva for Spring Framework 5.3.39-osseva-1
Remediated

1mo ago

HIGH
CVE-2026-0447·PostgreSQL·CVSS 7.7

Row security policy bypass via parallel query

Affected: 12.0 – 12.18·Patched in: OSSeva for PostgreSQL 12.18-osseva-1
Remediated

1mo ago

MEDIUM
CVE-2025-9902·RabbitMQ·CVSS 5.4

Management API path traversal in virtual host names

Affected: 3.11.0 – 3.12.14·Patched in: OSSeva for RabbitMQ 3.12.14-osseva-2
Remediated

4mo ago

HIGH
CVE-2025-8771·Spring Boot·CVSS 7.5

Actuator endpoint exposes internal metrics to unauthenticated requests

Affected: 2.7.0 – 2.7.17·Patched in: OSSeva for Spring Boot 2.7.18-osseva-1
Remediated

4mo ago

MEDIUM
CVE-2025-7634·PostgreSQL·CVSS 5.9

pg_dump privilege escalation via crafted schema name

Affected: 11.0 – 11.21·Patched in: OSSeva for PostgreSQL 11.21-osseva-1
Remediated

6mo ago

LOW
CVE-2025-6120·Apache Kafka·CVSS 3.7

Unauthenticated metadata exposure in JMX metrics endpoint

Affected: 2.8.0 – 3.3.2·Patched in: OSSeva for Apache Kafka 3.3.3-osseva-1
Remediated

7mo ago

HIGH
CVE-2025-4891·RabbitMQ·CVSS 8.1

Erlang distribution protocol authentication bypass

Affected: 3.11.0 – 3.11.28·Patched in: OSSeva for RabbitMQ 3.11.28-osseva-1
Remediated

8mo ago

MEDIUM
CVE-2025-3302·Spring Framework·CVSS 6.1

Open redirect in Spring MVC RequestMappingHandlerMapping

Affected: 5.2.0 – 5.3.28·Patched in: OSSeva for Spring Framework 5.3.29-osseva-1
Remediated

10mo ago

Stay current on new CVEs

Subscribe via RSS or email to get notified when OSSeva ships a new CVE patch. High-intent signal — we don't email anything else without your consent.

Subscribe via RSSSubscribe via email