Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality.
References

https://nvd.nist.gov/vuln/detail/CVE-2017-3152
https://lists.apache.org/thread.html/4a4fef91e067fd0d9da569e30867c1fa…

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to cross frame scripting.
References

https://nvd.nist.gov/vuln/detail/CVE-2017-3155
https://lists.apache.org/thread.html/4a4fef91e067fd0d9da569e30867c1fa65e2a0520acde71d…

When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user’s concurrentl…

mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions.
References

https://nvd.nist.gov/vuln/detail/CVE-2017-15612
https://github.com/lepture…

The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a domain name in the subject’s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL/TLS s…

A long URL proxy request lead to java.nio.BufferOverflowException in Undertow.
References

https://nvd.nist.gov/vuln/detail/CVE-2016-7046
https://bugzilla.redhat.com/show_bug.cgi?id=1376646
https://github.com/undertow-io/undertow/commit/c518b5a1784061d…