Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.apache.santuario/xmlsec@2.0.1
purl pkg:maven/org.apache.santuario/xmlsec@2.0.1
Next non-vulnerable version 2.1.7
Latest non-vulnerable version 3.0.3
Risk 4.0
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-46y3-rx34-pyc6
Aliases:
CVE-2021-40690
GHSA-j8wc-gxx9-82hx
Exposure of Sensitive Information to an Unauthorized Actor All versions of Apache Santuario - XML Security for Java is vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.
2.1.7
Affected by 0 other vulnerabilities.
2.2.3
Affected by 0 other vulnerabilities.
VCID-s52q-y45a-f7cw
Aliases:
CVE-2014-8152
GHSA-w7cq-j9p9-hm3m
Apache Santuario XML Security for Java 2.0.x before 2.0.3 allows remote attackers to bypass the streaming XML signature protection mechanism via a crafted XML document.
2.0.3
Affected by 2 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T21:31:13.266362+00:00 GitLab Importer Affected by VCID-46y3-rx34-pyc6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.santuario/xmlsec/CVE-2021-40690.yml 38.4.0
2026-04-16T20:32:10.482867+00:00 GitLab Importer Affected by VCID-s52q-y45a-f7cw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.santuario/xmlsec/CVE-2014-8152.yml 38.4.0
2026-04-11T22:44:22.115673+00:00 GitLab Importer Affected by VCID-46y3-rx34-pyc6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.santuario/xmlsec/CVE-2021-40690.yml 38.3.0
2026-04-11T21:42:33.452545+00:00 GitLab Importer Affected by VCID-s52q-y45a-f7cw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.santuario/xmlsec/CVE-2014-8152.yml 38.3.0
2026-04-02T22:54:24.370374+00:00 GitLab Importer Affected by VCID-46y3-rx34-pyc6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.santuario/xmlsec/CVE-2021-40690.yml 38.1.0
2026-04-02T21:56:41.796541+00:00 GitLab Importer Affected by VCID-s52q-y45a-f7cw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.santuario/xmlsec/CVE-2014-8152.yml 38.1.0
2026-04-01T17:12:41.866460+00:00 GitLab Importer Affected by VCID-46y3-rx34-pyc6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.santuario/xmlsec/CVE-2021-40690.yml 38.0.0
2026-04-01T16:13:52.860078+00:00 GitLab Importer Affected by VCID-s52q-y45a-f7cw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.santuario/xmlsec/CVE-2014-8152.yml 38.0.0