Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

org.owasp.esapi:esapi

Ecosystem:
maven
Package URL:
pkg:maven/org.owasp.esapi:esapi
Total PRs:
69 Dependabot PRs
Latest PR:
about 2 months ago
Unique Repositories:
37 repositories
Unique Repos (30 days):
1 repository
Security Advisories
Missing Cryptographic Step in OWASP Enterprise Security API for Java
GHSA-2g56-7jv7-wxxq CVE-2013-5960 MODERATE published about 4 years ago • updated 7 days ago
The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2....
Path traversal in the OWASP Enterprise Security API
GHSA-8m5h-hrqm-pxm2 CVE-2022-23457 HIGH published about 4 years ago • updated about 1 month ago
### Impact The default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)` may incorrectly treat the tested input st...
Cross-site Scripting in org.owasp.esapi:esapi
GHSA-q77q-vx4q-xx6q CVE-2022-24891 MODERATE published about 4 years ago • updated 6 days ago
### Impact There is a potential for an XSS vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the **antisamy-esapi....
Validator.isValidSafeHTML is being deprecated and will be deleted from org.owasp.esapi:esapi in 1 year
GHSA-r68h-jhhj-9jvm MODERATE published over 2 years ago • updated 2 months ago
### Impact The `Validator.isValidSafeHTML` method can result in false negatives where it reports some input as safe (i.e., returns true), but reall...
DoS vulnerabilities persist in ESAPI file uploads despite remediation of CVE-2023-24998
GHSA-7c2q-5qmr-v76q HIGH published over 2 years ago • updated 2 months ago
### Impact ESAPI 2.5.2.0 and later addressed the DoS vulnerability described in CVE-2023-24998, which Apache Commons FileUpload 1.5 attempted to r...
View all 7 advisories
Recent PRs (filtered by: Closed , Patch PRs )
RSS Feed Clear filter
Bump the dependencies group across 1 directory with 2 updates

MetalDetectorRocks/metal-detector-main #1666

2.6.1.0 → 2.6.2.0 Patch PR
Closed about 1 year ago 1 comment
MetalDetectorRocks
Bump org.owasp.esapi:esapi from 2.6.0.0 to 2.6.2.0

Semaaii/OWASP-benchmark-java #11

2.6.0.0 → 2.6.2.0 Patch PR
Closed about 1 year ago 2 comments
Semaaii
Bump org.owasp.esapi:esapi from 2.6.1.0 to 2.6.2.0

halfdayinc-team/nautilus-benchmarkjava #7

2.6.1.0 → 2.6.2.0 Patch PR
Closed about 1 year ago 2 comments
halfdayinc-team
Bump org.owasp.esapi:esapi from 2.6.0.0 to 2.6.2.0

moontech69/Sichere-Webanwendungen-mit-Java-entwickeln #5

2.6.0.0 → 2.6.2.0 Patch PR
Closed about 1 year ago 1 comment
moontech69
Bump the dependencies group across 1 directory with 10 updates

MetalDetectorRocks/metal-detector-main #1658

2.6.0.0 → 2.6.1.0 Patch PR
Closed about 1 year ago 2 comments
MetalDetectorRocks
Bump org.owasp.esapi:esapi from 2.6.0.0 to 2.6.1.0

Semaaii/OWASP-benchmark-java #7

2.6.0.0 → 2.6.1.0 Patch PR
Closed about 1 year ago 2 comments
Semaaii
Bump org.owasp.esapi:esapi from 2.6.0.0 to 2.6.1.0

moontech69/Sichere-Webanwendungen-mit-Java-entwickeln #3

2.6.0.0 → 2.6.1.0 Patch PR
Closed about 1 year ago 1 comment
moontech69
Bump org.owasp.esapi:esapi from 2.6.0.0 to 2.6.1.0

hdgittest/BenchmarkJava #22

2.6.0.0 → 2.6.1.0 Patch PR
Closed about 1 year ago 3 comments
hdgittest
Package Details
Name: org.owasp.esapi:esapi
Ecosystem: maven
PURL Type: maven
Package URL: pkg:maven/org.owasp.esapi:esapi
JSON API: View JSON
Security Advisories

7

Active advisories
HIGH 2
MODERATE 4
LOW 1
View All maven Advisories
Package Information
Description:

The Enterprise Security API (ESAPI) project is an OWASP project to create simple strong security controls for every web platform. Security controls are not simple to build. You can read about the hundreds of pitfalls for unwary developers on the OWASP web site. By providing developers with a set of strong controls, we aim to eliminate some of the complexity of creating secure web applications. This can result in significant cost savings across the SDLC.

Repository: https://github.com/ESAPI/esapi-java-legacy
Homepage: https://owasp.org/www-project-enterprise-security-api/
Latest Release: 2.1.0
almost 13 years ago
Dependent Repos: 1,483
Dependent Packages: 106
Ranking: Top 0.3017% by dependent repos Top 0.7052% by dependent pkgs
PR Status
Open 32 (46.4%)
Merged 20 (29.0%)
Closed 12 (17.4%)
PR Types
Minor 37 (53.6%)
Patch 27 (39.1%)