Components Vulnerabilities Pricing MCP API

Find vulnerabilities. Fix fast with AI.

Search components by package, version, or CVE to get started.

Get full component data and automated fixes with Sonatype Guide.

Sign up for free

jphyloref

1.1.1

jphyloref 1.1.1

Latest

org.phyloref

PublishedAug 11, 2021•Policy

compliance

Developer Trust Score

Recommended Version:x.y.z

Recommended upgrade that meets your policy.

Compare Versions

Severity

Critical (0)

High (0)

Medium (13)

Low (0)

CVSS Score

0.010.0

EPSS Score

0.01.0

Malware

KEV StatusPublished

6.9CVE-2026-54515

Jackson-databind - Case-insensitive deserialization bypasses per-property @JsonIgnoreProperties

PublishedJun 16, 2026

6.9CVE-2026-54514

Jackson-databind - InetSocketAddress deserialization triggers eager DNS resolution (SSRF)

PublishedJun 16, 2026

6.9CVE-2026-54518

jackson-databind - @JsonView bypass in unwrapped creator properties

PublishedJun 16, 2026

5.3CVE-2024-47554

Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.

PublishedOct 4, 2024

6.5CVE-2022-41854

Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.

PublishedNov 14, 2022

5.5CVE-2022-38750

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.

PublishedSep 6, 2022

6.5CVE-2022-38752

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.

PublishedSep 6, 2022

6.5CVE-2022-38749

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.

PublishedSep 6, 2022

5.5CVE-2022-21230

This affects all versions of package org.nanohttpd:nanohttpd. Whenever an HTTP Session is parsing the body of an HTTP request, the body of the request is written to a RandomAccessFile when the it is larger than 1024 bytes. This file is created with insecure permissions that allow its contents to be viewed by all users on the host machine. **Workaround:** Manually specifying the -Djava.io.tmpdir= argument when launching Java to set the temporary directory to a directory exclusively controlled by the current user can fix this issue.

PublishedApr 11, 2022

5.3CVE-2020-13956

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.

PublishedOct 14, 2020

5.3sonatype-2018-0705

commons-io - Path Traversal [CVE-2021-29425]

PublishedAug 19, 2020

5.3sonatype-2014-0173

Apache Commons FileUpload - Resource Leak

PublishedJul 30, 2018

5.9CVE-2018-10237

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.

PublishedApr 28, 2018