VulnScope — package-centric CVE lookup

Search

3,922 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

MEDIUM6.1CVE-2026-50019yt-dlp: File Downloader cookie leak with curl6/16/2026
MEDIUM6.1Langflow: Unauthenticated Shareable Playground arbitrary local or S3 file read6/16/2026
MEDIUM6.5Langflow: Path Traversal in Knowledge Bases API via Creation Endpoint6/16/2026
LOW3.7Starlette: Unvalidated request path concatenated into authority poisons request.url.hostname6/15/2026
LOW3.7python-multipart: Negative Content-Length in parse_form buffers the entire body in memory6/15/2026
LOW3.7python-multipart: Semicolon treated as querystring field separator enables parameter smuggling6/15/2026
LOW3.7python-multipart: Content-Disposition parameter smuggling via RFC 2231/5987 extended parameters6/15/2026
MEDIUM5.3Starlette: Arbitrary HTTP method dispatched to `HTTPEndpoint` attributes via `getattr`6/15/2026
LOW3.7Tornado has out-of-bounds memory access via C extension6/12/2026
MEDIUM6.9Vim is an open source, command line text editor.6/11/2026
MEDIUM5.8Kolibri has Unauthenticated Server-Side Request Forgery (SSRF) in RemoteFacilityUserViewset6/11/2026
MEDIUM6.5python-zeroconf: Unbounded TC-deferred queue allows LAN-local memory exhaustion via spoofed-source flood6/11/2026
MEDIUM5.9Litestar: AllowedHostsMiddleware bypasses host validation via client-controlled X-Forwarded-Host header6/10/2026
MEDIUM6.5vLLM's Artifact Pin Decay allows pinned deployments to load unpinned code, weights, and processors6/10/2026
MEDIUM4.8Issue summary: The implementations of AES-SIV (RFC 5297) and AES-GCM-SIV (RFC 8452) mishandle the authentication of AAD (Additional Authent…6/9/2026
MEDIUM5.9Issue summary: A specially crafted password-encrypted CMS message can trigger a NULL pointer dereference during CMS decryption.6/9/2026
LOW3.7Issue summary: The CMS_decrypt and PKCS7_decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provid…6/9/2026
LOW3.7Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42) peer key, the peer key is not properly checked for the subgroup…6/9/2026
MEDIUM5.9Issue summary: An attacker-controlled CMP (Certificate Management Protocol) server could trigger a NULL pointer dereference in a CMP client…6/9/2026
MEDIUM5.3Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol (CM…6/9/2026
MEDIUM6.5The Apache Airflow Samba provider's `GCSToSambaOperator` joined GCS object names to the SMB destination path without a containment check, s…6/9/2026
MEDIUM5.4Authlib OAuth 2.0 has Open Redirect in Authorization API that allows attacker-controlled redirect_uri through unsupported response_type6/8/2026
MEDIUM4.3MariaDB server is a community developed fork of MySQL server.6/7/2026
MEDIUM6.3MariaDB server is a community developed fork of MySQL server.6/7/2026
MEDIUM5.0MariaDB server is a community developed fork of MySQL server.6/7/2026

Page 1 of 157Next →