VulnScope — package-centric CVE lookup

Search

20,702 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

HIGH8.5CVE-2026-49444n8n: Python sandbox escape6/16/2026
CRITICAL9.1vLLM: OpenAI auth bypass6/16/2026
MEDIUM6.1Langflow: Unauthenticated Shareable Playground arbitrary local or S3 file read6/16/2026
CRITICAL9.6Langflow: Unauthenticated RCE in Shareable Playgrounds6/16/2026
MEDIUM6.5Langflow: Path Traversal in Knowledge Bases API via Creation Endpoint6/16/2026
HIGH7.5vLLM: Security Check Bypass via assert Statement in Activation Function Loading Allows Arbitrary Code Execution6/16/2026
HIGH8.8Langflow: IDOR/BOLA in Monitor API — Missing Ownership Enforcement on 7 Endpoints6/16/2026
MEDIUM4.2Astro: XSS via Unescaped Attribute Names in Spread Props6/16/2026
HIGH7.5Astro: Host header SSRF in prerendered error page fetch6/16/2026
MEDIUM5.3@astrojs/netlify broadens Astro image.remotePatterns in Netlify Image CDN config6/16/2026
HIGH7.5Natural Language Toolkit (NLTK): URL-Encoded Path Traversal in nltk.data.load() Allows Arbitrary Local File Read6/16/2026
MEDIUM6.5hono: Body Limit Middleware can be bypassed on AWS Lambda by understating `Content-Length`6/16/2026
MEDIUM4.8hono: Lambda@Edge adapter keeps only the last value of a repeated request header, dropping the rest6/16/2026
HIGH7.1hono: CORS Middleware reflects any Origin with credentials when `origin` defaults to the wildcard6/16/2026
MEDIUM5.9hono: Path traversal in `serve-static` on Windows via encoded backslash (`%5C`)6/16/2026
MEDIUM5.3hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice6/16/2026
—pypdf: Possible infinite loop when processing outlines/bookmarks in writer6/16/2026
—pypdf: Possible infinite loop when retrieving fonts for layout-mode text extraction6/16/2026
HIGH7.1Astro: Reflected XSS via unescaped slot name6/16/2026
—Nuxt: Reflected XSS in `<NuxtLink>` via unsanitised `javascript:` or `data:` URL6/16/2026
—Nuxt: Route-rule middleware bypass via case-sensitivity mismatch between vue-router and the routeRules matcher6/16/2026
—pypdf: Possible large memory usage for form XObjects during text extraction6/16/2026
—pypdf: Inefficient decoding of FlateDecode PNG predictor streams6/16/2026
HIGH7.3aws-cdk-lib: OS Command Injection in NodejsFunction Bundling6/15/2026
MEDIUM5.3markdown-it: Quadratic complexity DoS in smartquotes rule via replaceAt string operations6/15/2026

← PrevPage 2 of 829Next →