Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.apache.sshd/sshd-core@2.9.2
purl pkg:maven/org.apache.sshd/sshd-core@2.9.2
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-netd-rr9e-wbg5 Unsafe deserialization in Apache MINA SSHD Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys of an SSH server. Until version 2.1.0, the code affected by this vulnerability appeared in `org.apache.sshd:sshd-core`. Version 2.1.0 contains a [commit](https://github.com/apache/mina-sshd/commit/10de190e7d3f9189deb76b8d08c72334a1fe2df0) where the code was moved to the package `org.apache.sshd:sshd-common`, which did not exist until version 2.1.0. CVE-2022-45047
GHSA-fhw8-8j55-vwgq

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-03T21:28:20.004100+00:00 GitLab Importer Fixing VCID-netd-rr9e-wbg5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.sshd/sshd-core/CVE-2022-45047.yml 38.1.0
2026-04-01T16:04:01.593300+00:00 GHSA Importer Fixing VCID-netd-rr9e-wbg5 https://github.com/advisories/GHSA-fhw8-8j55-vwgq 38.0.0
2026-04-01T13:07:05.619820+00:00 GithubOSV Importer Fixing VCID-netd-rr9e-wbg5 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-fhw8-8j55-vwgq/GHSA-fhw8-8j55-vwgq.json 38.0.0