Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.apache.santuario/xmlsec@2.1.7
purl pkg:maven/org.apache.santuario/xmlsec@2.1.7
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-46y3-rx34-pyc6 Exposure of Sensitive Information to an Unauthorized Actor All versions of Apache Santuario - XML Security for Java is vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element. CVE-2021-40690
GHSA-j8wc-gxx9-82hx

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T21:31:13.319209+00:00 GitLab Importer Fixing VCID-46y3-rx34-pyc6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.santuario/xmlsec/CVE-2021-40690.yml 38.4.0
2026-04-11T22:44:22.185980+00:00 GitLab Importer Fixing VCID-46y3-rx34-pyc6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.santuario/xmlsec/CVE-2021-40690.yml 38.3.0
2026-04-02T22:54:24.426673+00:00 GitLab Importer Fixing VCID-46y3-rx34-pyc6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.santuario/xmlsec/CVE-2021-40690.yml 38.1.0
2026-04-02T16:58:13.992498+00:00 GHSA Importer Fixing VCID-46y3-rx34-pyc6 https://github.com/advisories/GHSA-j8wc-gxx9-82hx 38.1.0
2026-04-01T13:01:01.550300+00:00 GithubOSV Importer Fixing VCID-46y3-rx34-pyc6 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/09/GHSA-j8wc-gxx9-82hx/GHSA-j8wc-gxx9-82hx.json 38.0.0
2026-04-01T12:48:51.633934+00:00 GitLab Importer Fixing VCID-46y3-rx34-pyc6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.santuario/xmlsec/CVE-2021-40690.yml 38.0.0