camunda-8.9

Direct Vulnerabilities

Known vulnerabilities in the camunda-8.9 package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • L
GHSA-w573-9ffj-6ff9

<8.9.6-r1
  • L
GHSA-676x-f7gg-47vc

<8.9.6-r1
  • L
Resource Exhaustion

<8.9.6-r1
  • L
GHSA-5pvg-856g-cp85

<8.9.6-r1
  • L
Improper Verification of Source of a Communication Channel

<8.9.6-r1
  • L
Resource Exhaustion

<8.9.6-r1
  • L
Improper Access Control

<8.9.6-r1
  • L
Information Exposure

<8.9.6-r1
  • C
Insufficient Verification of Data Authenticity

<8.9.6-r1
  • L
GHSA-3qp7-7mw8-wx86

<8.9.6-r1
  • L
GHSA-x4gw-5cx5-pgmh

<8.9.6-r1
  • L
GHSA-5x3r-wrvg-rp6q

<8.9.6-r1
  • C
Insufficient Verification of Data Authenticity

<8.9.6-r1
  • L
GHSA-c2rx-5r8w-8xr2

<8.9.6-r1
  • L
Allocation of Resources Without Limits or Throttling

<8.9.6-r1
  • L
GHSA-cmm3-54f8-px4j

<8.9.6-r1
  • L
Use of Insufficiently Random Values

<8.9.6-r1
  • L
GHSA-xmv7-r254-6q78

<8.9.6-r1
  • L
Incorrect Default Permissions

<8.9.5-r3
  • L
GHSA-q62f-h9x2-gcqc

<8.9.5-r3
  • L
GHSA-45q3-82m4-75jr

<8.9.5-r2
  • L
Resource Exhaustion

<8.9.5-r2
  • L
Improper Input Validation

<8.9.5-r2
  • L
GHSA-6p4f-wcwh-5vvm

<8.9.5-r2
  • C
HTTP Request Smuggling

<8.9.5-r2
  • L
Improper Handling of Case Sensitivity

<8.9.5-r2
  • L
Improper Authorization

<8.9.5-r2
  • L
Integer Overflow or Wraparound

<8.9.5-r2
  • L
GHSA-mj4r-2hfc-f8p6

<8.9.5-r2
  • C
HTTP Request Smuggling

<8.9.5-r2
  • L
GHSA-v8h7-rr48-vmmv

<8.9.5-r2
  • L
Authentication Bypass

<8.9.5-r2
  • L
GHSA-m4cv-j2px-7723

<8.9.5-r2
  • C
Improper Input Validation

<8.9.5-r2
  • L
GHSA-cm33-6792-r9fm

<8.9.5-r2
  • L
CRLF Injection

<8.9.5-r2
  • L
GHSA-5mp6-jrq3-r938

<8.9.5-r2
  • L
Information Exposure

<8.9.5-r2
  • L
GHSA-gx5v-xp9w-j4cg

<8.9.5-r2
  • H
HTTP Response Splitting

<8.9.5-r2
  • L
GHSA-h6fc-48rj-7qqh

<8.9.5-r2
  • L
GHSA-9m89-8frq-c98c

<8.9.5-r2
  • L
GHSA-xxqh-mfjm-7mv9

<8.9.5-r2
  • L
CVE-2026-22745

<8.9.5-r2
  • L
Information Exposure

<8.9.5-r2
  • L
GHSA-f6hv-jmp6-3vwv

<8.9.5-r2
  • L
Missing Release of Resource after Effective Lifetime

<8.9.5-r2
  • L
GHSA-r29c-68gh-xp6x

<8.9.5-r2
  • L
GHSA-rwm7-x88c-3g2p

<8.9.5-r2
  • H
HTTP Request Smuggling

<8.9.5-r2
  • L
Allocation of Resources Without Limits or Throttling

<8.9.5-r2
  • L
GHSA-57rv-r2g8-2cj3

<8.9.5-r2
  • L
Resource Exhaustion

<8.9.5-r2
  • L
CVE-2026-22741

<8.9.5-r2
  • L
GHSA-5m62-pw8w-7w9f

<8.9.5-r2
  • L
GHSA-fv25-8xcx-gqjc

<8.9.5-r2
  • L
GHSA-38f8-5428-x5cv

<8.9.5-r2
  • L
GHSA-wg35-8jpf-2xv3

<8.9.5-r2
  • L
GHSA-2c5c-chwr-9hqw

<8.9.5-r1
  • L
Allocation of Resources Without Limits or Throttling

<8.9.5-r1
  • L
Allocation of Resources Without Limits or Throttling

<8.9.5-r0
  • L
GHSA-98qh-xjc8-98pq

<8.9.5-r0
  • L
GHSA-x2wq-9x2f-fhj7

<8.9.2-r0
  • L
CVE-2026-22751

<8.9.2-r0
  • L
GHSA-hv2w-8mjj-jw22

<8.9.1-r0
  • L
CVE-2026-0636

<8.9.1-r0
  • L
GHSA-445c-vh5m-36rj

<8.9.1-r0
  • H
Improper Encoding or Escaping of Output

<8.9.1-r0
  • L
GHSA-c3fc-8qff-9hwx

<8.9.1-r0
  • L
GHSA-6hg6-v5c8-fphq

<8.9.1-r0
  • L
GHSA-w35j-pv5h-q9q9

<8.9.1-r0
  • H
Improper Encoding or Escaping of Output

<8.9.1-r0
  • L
GHSA-3pxv-7cmr-fjr4

<8.9.1-r0
  • L
GHSA-wg6q-6289-32hp

<8.9.1-r0
  • L
CVE-2026-5588

<8.9.1-r0
  • M
Improper Validation of Certificate with Host Mismatch

<8.9.1-r0
  • L
Overly Permissive Cross-domain Whitelist

<8.9.1-r0
  • H
Improper Output Neutralization for Logs

<8.9.1-r0
  • L
GHSA-2m67-wjpj-xhg9

<8.9.0-r1
  • H
Allocation of Resources Without Limits or Throttling

<8.9.0-r1
  • L
GHSA-6v53-7c9g-w56r

<8.9.0-r1
  • L
GHSA-72hv-8253-57qq

<8.9.0-r1