VulnScope — package-centric CVE lookup

Search

2,782 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

CRITICAL9.6CVE-2026-45311EPSS 0.05%DeepSeek TUI: run_tests Tool Enables RCE via Malicious Repository Without Approval5/14/2026
CRITICAL9.3Apostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html`5/14/2026
CRITICAL9.8EPSS 0.05%Goobi viewer - Core: Unauthenticated Solr Streaming Expression Proxy5/13/2026
CRITICAL9.1EPSS 0.10%SillyTavern has a Path Traversal issue5/12/2026
CRITICAL9.8EPSS 0.09%SillyTavern has Authentication Bypass via SSO Header Injection5/12/2026
CRITICAL9.1EPSS 0.03%Security feature bypass vulnerability in Azure Key Vault Keys library for Java5/12/2026
CRITICAL9.8EPSS 0.05%mamba language model framework vulnerable to insecure deserialization when loading pre-trained models from HuggingFace Hub5/12/2026
CRITICAL9.8EPSS 0.09%Ludwig framework is vulnerable to insecure deserialization in its model serving component5/12/2026
CRITICAL9.8EPSS 0.51%Ludwig framework is vulnerable to insecure deserialization through its predict() method.5/12/2026
CRITICAL9.8EPSS 0.10%llm CLI tool contains a code injection vulnerability via `--functions` command-line argument5/12/2026
CRITICAL9.8EPSS 0.09%imgaug contains an insecure deserialization vulnerability in BackgroundAugmenter class within multicore.py module5/12/2026
CRITICAL9.8EPSS 0.73%Horovod contains an insecure deserialization vulnerability in its KVStore HTTP server component5/12/2026
CRITICAL9.8EPSS 0.38%Guardrails AI contains a code injection vulnerability in its Hub package installation mechanism5/12/2026
CRITICAL9.1EPSS 0.10%Apache Tomcat: Security constraints not correctly applied5/12/2026
CRITICAL9.8EPSS 0.14%Apache Tomcat: Digest authenticator will authenticate any unknown user5/12/2026
CRITICAL9.8EPSS 0.25%Apache Tomcat: HTTP/2 request headers not validated5/12/2026
CRITICAL9.8EPSS 0.31%PySyft server-side arbitrary Python execution after code approval5/12/2026
CRITICAL9.8EPSS 0.05%OpenClaude Sandbox Bypass via Model-Controlled `dangerouslyDisableSandbox` Input5/12/2026
CRITICAL9.1EPSS 0.01%sealed-env: TOTP secret embedded in unseal token payload (enterprise mode)5/12/2026
CRITICAL9.6⚠ KEVEPSS 17.1%Malware in @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys5/12/2026
CRITICAL10.0EPSS 0.06%SandboxJS has a sandbox escape via Function.caller leakage of internal call op5/11/2026
CRITICAL9.9EPSS 0.06%pgAdmin 4 server mode has an authorization vulnerability affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules5/11/2026
CRITICAL9.1EPSS 0.03%Unity Catalog has a JWT Issuer Validation Bypass tht Allows Complete User Impersonation5/11/2026
CRITICAL9.8EPSS 0.15%WebdriverIO BrowserStack Service has a Command Injection issue5/11/2026
CRITICAL9.6EPSS 0.14%PraisonAI MCP `tools/call` path-traversal => RCE via Python `.pth` injection5/11/2026

← PrevPage 3 of 112Next →