Skip to main content
Components
Vulnerabilities
Pricing
MCP
API
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
io.kestra/kestra 1.3.20 | Vulnerabilities | Sonatype Guide
Get full component data and automated fixes with Sonatype Guide.
Sign up for free
maven
io.kestra
kestra
1.3.20
kestra 1.3.20
Latest
io.kestra
Published
May 26, 2026
•
Policy
compliance
maven Registry
Developer Trust Score
Recommended Version:
x.y.z
Recommended upgrade that meets your policy.
Compare Versions
Overview
Overview
Versions
461
Versions
461
Vulnerabilities
4
Vulnerabilities
4
Dependencies
0
Dependencies
0
Reset filters
Severity
Critical
(0)
High
(0)
Medium
(2)
Low
(0)
CVSS Score
0.0
10.0
EPSS Score
0.0
1.0
Malware
KEV Status
Published
Filter
Sort: Published (Newest first)
4.9
CVE-2025-1686
Versions of the package io.pebbletemplates:pebble from 0 and before 4.1.0 are vulnerable to External Control of File Name or Path via the include tag. A high privileged attacker can access sensitive local files by crafting malicious notification templates that leverage this tag to include files like /etc/passwd or /proc/1/environ. Workaround This vulnerability can be mitigated by disabling the include macro in Pebble Templates: java new PebbleEngine.Builder() .registerExtensionCustomizer(new DisallowExtensionCustomizerBuilder() .disallowedTokenParserTags(List.of("include")) .build()) .build();
affected
Severity
Medium
Published
Mar 3, 2025
6.0
sonatype-2018-0863
h2database - Improper Link Resolution Before File Access
affected
Severity
Medium
Published
Aug 18, 2022
