Multiple CVEs in latest release

Hi, the latest release contains multiple CVEs which can be fixed:


Package | ID | Severity | Installed Version | Fixed Version(s)
-- | -- | -- | -- | --
com.hubspot.jinjava:jinjava | CVE-2025-59340 | 🔴 CRITICAL | 2.7.4 | 2.8.1, 2.7.5
commons-io:commons-io | CVE-2024-47554 | 🟠 HIGH | 2.11.0 | 2.14.0
io.netty:netty-codec-http2 | CVE-2025-55163 | 🟠 HIGH | 4.1.116.Final | 4.2.4.Final, 4.1.124.Final
io.netty:netty-handler | CVE-2025-24970 | 🟠 HIGH | 4.1.116.Final | 4.1.118.Final
org.lz4:lz4-java | CVE-2025-12183 | 🟠 HIGH | 1.8.0 | 1.8.1


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Multiple CVEs in latest release #650

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Package	ID	Severity	Installed Version	Fixed Version(s)
com.hubspot.jinjava:jinjava	CVE-2025-59340	🔴 CRITICAL	2.7.4	2.8.1, 2.7.5
commons-io:commons-io	CVE-2024-47554	🟠 HIGH	2.11.0	2.14.0
io.netty:netty-codec-http2	CVE-2025-55163	🟠 HIGH	4.1.116.Final	4.2.4.Final, 4.1.124.Final
io.netty:netty-handler	CVE-2025-24970	🟠 HIGH	4.1.116.Final	4.1.118.Final
org.lz4:lz4-java	CVE-2025-12183	🟠 HIGH	1.8.0	1.8.1

Multiple CVEs in latest release #650

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions