Sonatype CVE Security Advisories
When the Sonatype Security Research team discovers zero-day vulnerabilities in open source components, we work directly with project maintainers to disclose the issue responsibly and support remediation efforts. We publish technical details here so the open source community can take informed action.
CVE-2025-12183
8.8
high
org.lz4:lz4-java - Out-of-Bounds Memory Access
Various lz4-java compression and decompression implementations do not guard against out-of-bounds memory access. Untrusted input may lead to denial of service and information disclosure. Vulnerable Maven coordinates: org.lz4:lz4-java up to and including 1.8.0 org.lz4:lz4-pure-java up to and ...
CVE-2025-1945
5.3
medium
Pickescan - Bypass Malicious Pickle Detection inside PyTorch Models via ZIP File Flag Bits
picklescan before 0.0.23 fails to detect malicious pickle files inside PyTorch model archives when certain ZIP file flag bits are modified. By flipping specific bits in the ZIP file headers, an attacker can embed malicious pickle files that remain undetected by PickleScan while still being ...
CVE-2025-1944
5.3
medium
Picklescan - Security Scanning Bypass via Non-Standard File Extensions
picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to extract and scan PyTorch model archives. By modifying the filename in the ZIP header while keeping the original filename in the directory listing, an attacker can make PickleScan ...
CVE-2025-1889
5.3
medium
Picklescan - Security Scanning Bypass via Non-Standard File Extensions
picklescan before 0.0.22 only considers standard pickle file extensions in the scope for its vulnerability scan. An attacker could craft a malicious model that uses Pickle and include a malicious pickle file with a non-standard file extension. Because the malicious pickle file inclusion is not ...
CVE-2025-1716
5.3
medium
Picklescan - Security Scanning Bypass Via 'Pip Main'
picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that uses Pickle to pull in a malicious PyPI package (hosted, for example, on pypi.org or GitHub) via `pip.main()`. Because pip is not a restricted global, the model, when scanned with ...
CVE-2024-6060
9.3
critical
Phloc Webscopes - Sensitive Information Disclosure via Logs
Phloc Webscopes - Information Disclosure via Logs Description An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive information. Severity ...
CVE-2022-45868
8.4
high
H2 - Plaintext Password
H2 - Plaintext password H2 has a web-based admin console that can be started via the CLI. One of the arguments is -webAdminPassword, which allows the user to specify the password in plaintext for the web admin console. Consequently, a malicious local user or an attacker that has obtained local ...