LOW3.7CVE-2026-44219EPSS 0.02%ciguard: SCA HTTP client reads response body without size cap
LOW3.7EPSS 0.05%Microdot has HTTP response splitting in Response.set_cookie()
LOW2.6EPSS 0.04%Langchain-Chatchat Uses Insufficiently Random Values
LOW2.6EPSS 0.03%Langchain-Chatchat has a Race Condition in its OpenAI-Compatible File Upload API
LOW2.6EPSS 0.01%Langchain-Chatchat Uses a Broken or Risky Cryptographic Algorithm
LOW3.7EPSS 0.02%A flaw was found in gnutls.
LOW3.7EPSS 0.04%A flaw was found in gnutls.
LOW2.7EPSS 0.01%Langflow has an Information Leak through Incomplete API Key Redaction
LOW3.7EPSS 0.11%Apache Airflow Exposes Secrets in Variables Saved as JSON Dictionaries
LOW3.1EPSS 0.03%langchain-openai: Image token counting SSRF protection can be bypassed via DNS rebinding
LOW3.1EPSS 0.01%Weblate: Improper access control for pending tasks in API
LOW2.9EPSS 0.01%libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.
LOW3.5EPSS 0.03%OpenStack Keystone: Restricted application credentials can create EC2 credentials
LOW2.7EPSS 0.01%Django vulnerable to privilege abuse in ModelAdmin.list_editable
LOW2.7EPSS 0.01%Nautobot: Management of users via REST API does not apply configured password validators
LOW3.3EPSS 0.01%An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the promises API without the required permissi…
LOW3.3EPSS 0.01%A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()` without the required read permission checks, wh…
LOW3.1EPSS 0.01%Open WebUI's Insecure Direct Object Reference (IDOR) allows access to other users' memories