Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.apache.santuario/xmlsec@1.5.6
purl pkg:maven/org.apache.santuario/xmlsec@1.5.6
Next non-vulnerable version 2.1.7
Latest non-vulnerable version 3.0.3
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-46y3-rx34-pyc6
Aliases:
CVE-2021-40690
GHSA-j8wc-gxx9-82hx
Exposure of Sensitive Information to an Unauthorized Actor All versions of Apache Santuario - XML Security for Java is vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.
2.1.7
Affected by 0 other vulnerabilities.
2.2.3
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-h8wa-77tk-m3av Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures. CVE-2013-4517
GHSA-4p4w-6h54-g885

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T21:31:13.247882+00:00 GitLab Importer Affected by VCID-46y3-rx34-pyc6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.santuario/xmlsec/CVE-2021-40690.yml 38.4.0
2026-04-16T20:31:07.594175+00:00 GitLab Importer Fixing VCID-h8wa-77tk-m3av https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.santuario/xmlsec/CVE-2013-4517.yml 38.4.0
2026-04-11T22:44:22.091727+00:00 GitLab Importer Affected by VCID-46y3-rx34-pyc6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.santuario/xmlsec/CVE-2021-40690.yml 38.3.0
2026-04-11T21:41:29.774067+00:00 GitLab Importer Fixing VCID-h8wa-77tk-m3av https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.santuario/xmlsec/CVE-2013-4517.yml 38.3.0
2026-04-02T22:54:24.350465+00:00 GitLab Importer Affected by VCID-46y3-rx34-pyc6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.santuario/xmlsec/CVE-2021-40690.yml 38.1.0
2026-04-02T21:55:41.979167+00:00 GitLab Importer Fixing VCID-h8wa-77tk-m3av https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.santuario/xmlsec/CVE-2013-4517.yml 38.1.0
2026-04-01T17:12:41.842614+00:00 GitLab Importer Affected by VCID-46y3-rx34-pyc6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.santuario/xmlsec/CVE-2021-40690.yml 38.0.0
2026-04-01T16:00:53.449627+00:00 GHSA Importer Fixing VCID-h8wa-77tk-m3av https://github.com/advisories/GHSA-4p4w-6h54-g885 38.0.0
2026-04-01T13:12:05.988086+00:00 GithubOSV Importer Fixing VCID-h8wa-77tk-m3av https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4p4w-6h54-g885/GHSA-4p4w-6h54-g885.json 38.0.0
2026-04-01T12:46:51.319219+00:00 GitLab Importer Fixing VCID-h8wa-77tk-m3av https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.santuario/xmlsec/CVE-2013-4517.yml 38.0.0