Software catalogue for OWASP

Enterprise Security API Java HTML Sanitizer json-sanitizer OWASP ModSecurity Core Rule Set (CRS)
Stinger ZAP


Latest security bulletins

Secuity bulletin Severity Status Published
SB2026021830: Cross-site scripting in OWASP Java HTML Sanitizer Low
Patched
18.02.2026
SB2026010786: Multipart bypass using multiple content-type parts in ModSecurity Core Rule Set Medium
Patched
07.01.2026
SB2023072508: Type Confusion in coreruleset Medium
Patched
25.07.2023
SB2023020956: Multiple vulnerabilities in OWASP ModSecurity Core Rule Set (CRS) Medium
Patched
09.02.2023
SB2022052008: Multiple vulnerabilities in OWASP Enterprise Security API High
Patched
20.05.2022
SB2022032419: MitM attack in OWASP ZAP Proxy Low
Not patched
24.03.2022
SB2021121350: Remote code execution in OWASP ZAP (Apache Log4j component) Critical
Patched Exploited
13.12.2021
SB2021070111: WAF ruleset bypass in OWASP ModSecurity Core Rule Set (CRS) Medium
Patched
01.07.2021
SB2020061506: Cross-site scripting in OWASP json-sanitizer package Low
Patched
15.06.2020
SB2019072816: Denial of service in OWASP ModSecurity Core Rule Set (CRS) Medium
Patched
28.07.2019