Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.apache.santuario/xmlsec@2.2.0
purl pkg:maven/org.apache.santuario/xmlsec@2.2.0
Next non-vulnerable version 2.2.3
Latest non-vulnerable version 3.0.3
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-46y3-rx34-pyc6
Aliases:
CVE-2021-40690
GHSA-j8wc-gxx9-82hx
Exposure of Sensitive Information to an Unauthorized Actor All versions of Apache Santuario - XML Security for Java is vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.
2.2.3
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T21:31:13.328007+00:00 GitLab Importer Affected by VCID-46y3-rx34-pyc6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.santuario/xmlsec/CVE-2021-40690.yml 38.4.0
2026-04-11T22:44:22.197198+00:00 GitLab Importer Affected by VCID-46y3-rx34-pyc6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.santuario/xmlsec/CVE-2021-40690.yml 38.3.0
2026-04-02T22:54:24.436214+00:00 GitLab Importer Affected by VCID-46y3-rx34-pyc6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.santuario/xmlsec/CVE-2021-40690.yml 38.1.0
2026-04-02T16:58:13.953743+00:00 GHSA Importer Affected by VCID-46y3-rx34-pyc6 https://github.com/advisories/GHSA-j8wc-gxx9-82hx 38.1.0
2026-04-01T12:48:51.630386+00:00 GitLab Importer Affected by VCID-46y3-rx34-pyc6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.santuario/xmlsec/CVE-2021-40690.yml 38.0.0