Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.apache.santuario/xmlsec@2.1.1
purl pkg:maven/org.apache.santuario/xmlsec@2.1.1
Next non-vulnerable version 2.1.7
Latest non-vulnerable version 3.0.3
Risk 4.0
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-46y3-rx34-pyc6
Aliases:
CVE-2021-40690
GHSA-j8wc-gxx9-82hx
Exposure of Sensitive Information to an Unauthorized Actor All versions of Apache Santuario - XML Security for Java is vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.
2.1.7
Affected by 0 other vulnerabilities.
2.2.3
Affected by 0 other vulnerabilities.
VCID-degg-m3tz-9ubj
Aliases:
CVE-2019-12400
GHSA-4q98-wr72-h35w
Improper input validation in Apache Santuario XML Security for Java In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this implementation might be cached and re-used by Apache Santuario - XML Security for Java, leading to potential security flaws when validating signed documents, etc. The vulnerability affects Apache Santuario - XML Security for Java 2.0.x releases from 2.0.3 and all 2.1.x releases before 2.1.4.
2.1.4
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T21:31:13.300516+00:00 GitLab Importer Affected by VCID-46y3-rx34-pyc6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.santuario/xmlsec/CVE-2021-40690.yml 38.4.0
2026-04-16T20:56:59.117417+00:00 GitLab Importer Affected by VCID-degg-m3tz-9ubj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.santuario/xmlsec/CVE-2019-12400.yml 38.4.0
2026-04-11T22:44:22.161309+00:00 GitLab Importer Affected by VCID-46y3-rx34-pyc6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.santuario/xmlsec/CVE-2021-40690.yml 38.3.0
2026-04-11T22:08:00.924745+00:00 GitLab Importer Affected by VCID-degg-m3tz-9ubj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.santuario/xmlsec/CVE-2019-12400.yml 38.3.0
2026-04-02T22:54:24.406786+00:00 GitLab Importer Affected by VCID-46y3-rx34-pyc6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.santuario/xmlsec/CVE-2021-40690.yml 38.1.0
2026-04-02T22:20:45.345346+00:00 GitLab Importer Affected by VCID-degg-m3tz-9ubj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.santuario/xmlsec/CVE-2019-12400.yml 38.1.0
2026-04-01T17:12:41.907260+00:00 GitLab Importer Affected by VCID-46y3-rx34-pyc6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.santuario/xmlsec/CVE-2021-40690.yml 38.0.0
2026-04-01T16:38:31.564977+00:00 GitLab Importer Affected by VCID-degg-m3tz-9ubj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.santuario/xmlsec/CVE-2019-12400.yml 38.0.0