Security Advisories · ESAPI/esapi-java-legacy · GitHub

Security Advisories

View known security vulnerabilities and report new vulnerabilities privately to maintainers.

Report a vulnerability

Validator.isValidSafeHTML is being deprecated and will be deleted in 1 year
GHSA-r68h-jhhj-9jvm published Nov 24, 2023 by kwwall

Low
DoS vulnerabilities persist in ESAPI file uploads despite remediation of CVE-2023-24998
GHSA-7c2q-5qmr-v76q published Oct 26, 2023 by kwwall

High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in org.owasp.esapi:esapi -- antisamy-esapi.xml configuration file
GHSA-q77q-vx4q-xx6q published Apr 27, 2022 by kwwall

Moderate
GHSL-2022-008 - DefaultValidator.getValidDirectoryPath
GHSA-8m5h-hrqm-pxm2 published Apr 23, 2022 by kwwall

High