Known Vulnerabilities for products from Owasp
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Owasp".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-40316 json | Not Provided | 2026-04-15 | 2026-04-16 | |
| CVE-2026-33691 json | The OWASP core rule set (CRS) is a set of generic attack detection rules for use with compatible web application firewalls. P... | Not Provided | 2026-04-02 | 2026-04-18 |
| CVE-2026-21876 json | The OWASP core rule set (CRS) is a set of generic attack detection rules for use with compatible web application firewalls. P... | Not Provided | 2026-01-08 | 2026-04-09 |
| CVE-2024-23686 json | 5.3 - MEDIUM | 2024-01-19 | 2024-01-26 | |
| CVE-2023-38199 json | coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not detect multiple Content-Type request headers on some... | 9.8 - CRITICAL | 2023-07-13 | 2023-09-05 |
| CVE-2022-39958 json | The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and undetect... | 7.5 - HIGH | 2022-09-20 | 2023-11-07 |
| CVE-2022-39957 json | The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. A client can issue an HTTP Accept header fie... | 7.5 - HIGH | 2022-09-20 | 2023-11-07 |
| CVE-2022-39956 json | The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP multipart requests by submitting ... | 9.8 - CRITICAL | 2022-09-20 | 2023-11-07 |
| CVE-2022-39955 json | The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass by submitting a specially crafted HTTP Con... | 9.8 - CRITICAL | 2022-09-20 | 2023-11-07 |
| CVE-2022-39351 json | Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software suppl... | 4.4 - MEDIUM | 2022-10-25 | 2022-10-28 |
| CVE-2022-39350 json | @dependencytrack/frontend is a Single Page Application (SPA) used in Dependency-Track, an open source Component Analysis plat... | 5.4 - MEDIUM | 2022-10-25 | 2023-11-07 |
| CVE-2022-27820 json | OWASP Zed Attack Proxy (ZAP) through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server. | 4 - MEDIUM | 2022-03-24 | 2022-03-31 |
| CVE-2022-24891 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.1 - MEDIUM | 2022-04-27 | 2023-06-23 |
| CVE-2022-23457 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2022-04-25 | 2023-02-23 |
| CVE-2021-42575 json | The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPT... | 9.8 - CRITICAL | 2021-10-18 | 2023-02-24 |
| CVE-2021-35368 json | OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body ... | 9.8 - CRITICAL | 2021-11-05 | 2023-11-07 |
| CVE-2021-28490 json | In OWASP CSRFGuard through 3.1.0, CSRF can occur because the CSRF cookie may be retrieved by using only a session token. | 8.8 - HIGH | 2021-08-19 | 2021-08-24 |
| CVE-2021-23900 json | OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead t... | 7.5 - HIGH | 2021-01-13 | 2021-01-19 |
| CVE-2021-23899 json | OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an... | 9.8 - CRITICAL | 2021-01-13 | 2021-01-19 |
| CVE-2021-4247 json | A vulnerability has been found in OWASP NodeGoat and classified as problematic. This vulnerability affects unknown code of th... | 7.5 - HIGH | 2022-12-18 | 2022-12-22 |
Known software with vulnerabilities from Owasp
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Owasp | Dependency-check | 0.2.0 |
| Application | Owasp | Dependency-track | - |
| Application | Owasp | Enterprise Security Api | 2.0 |
| Application | Owasp | Json-sanitizer | 1.0 |