Skip to main content
Components
Vulnerabilities
Pricing
MCP
API
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
org.glassfish.jersey.examples/bookmark-em… | Sonatype Guide
Get full component data and automated fixes with Sonatype Guide.
Sign up for free
maven
org.glassfish.jersey.examples
bookmark-em
2.5.1
bookmark-em 2.5.1
org.glassfish.jersey.examples
Published
Jan 2, 2014
•
Policy
compliance
maven Registry
Developer Trust Score
Recommended Version:
x.y.z
Recommended upgrade that meets your policy.
Compare Versions
Overview
Overview
Versions
139
Versions
139
Vulnerabilities
10
Vulnerabilities
10
Dependencies
6
Dependencies
6
Severity
Critical
(0)
High
(7)
Medium
(2)
Low
(1)
CVSS Score
0.0
10.0
EPSS Score
0.0
1.0
Malware
KEV Status
Published
Filter
Sort: Published (Newest first)
7.4
CVE-2025-12383
In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain conditions, it could lead to unauthorized trust in insecure servers (see PoC)
affected
Severity
High
Published
Nov 19, 2025
7.1
CVE-2023-2976
Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.
affected
Severity
High
7.5
CVE-2023-1436
An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.
affected
Severity
High
Published
Mar 17, 2023
7.5
CVE-2022-45685
A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data.
affected
Severity
High
Published
Dec 14, 2022
7.5
CVE-2022-45693
Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.
affected
Severity
High
Published
Dec 14, 2022
7.5
CVE-2022-40150
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack.
affected
Severity
High
Published
Sep 19, 2022
7.5
CVE-2022-40149
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.
affected
Severity
High
Published
Sep 19, 2022
3.3
sonatype-2020-0926
guava - Creation of Temporary File in Directory with Insecure Permissions [CVE-2020-8908]
affected
Severity
Low
Published
Sep 22, 2020
6.5
sonatype-2016-0687
jersey - Exponential XML Entity Expansion
affected
Severity
Medium
Published
Apr 9, 2020
5.9
CVE-2018-10237
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.
affected
Severity
Medium
Published
May 31, 2023
Published
Apr 28, 2018
