VulnScope — package-centric CVE lookup

Search

1,515 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

CRITICAL9.8CVE-2026-47210vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass5/29/2026
CRITICAL10.0vm2 has a CVE-2023-37903 patch bypass: nesting:true without explicit require still allows full RCE5/29/2026
CRITICAL10.0vm2 is Vulnerable to Sandbox Breakout Through Promise Species5/29/2026
CRITICAL10.0vm2 has a Sandbox Escape issue5/29/2026
LOW3.7Axios has a Patch Bypass: Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype Fix5/29/2026
LOW3.17-Zip is a file archiver with a high compression ratio.5/29/2026
CRITICAL10.0LiquidJS is Vulnerable to Remote Code Execution5/27/2026
CRITICAL9.0EPSS 0.39%A flaw was found in Samba.5/26/2026
CRITICAL9.6OCI layer symlink escape → arbitrary host write5/21/2026
CRITICAL10.0Read-only volume remount bypass via guest CAP_SYS_ADMIN5/21/2026
LOW2.0NocoDB: OAuth Token Scope Not Enforced at ACL Layer Allows Scope Escalation5/21/2026
CRITICAL9.8EPSS 0.04%A use-after-free vulnerability exists within the DNS-over-HTTPS implementation.5/20/2026
CRITICAL10.0EPSS 0.03%NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section.5/20/2026
CRITICAL9.8EPSS 0.32%NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and…5/20/2026
LOW3.7EPSS 0.04%Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in s…5/20/2026
CRITICAL10.0Malicious code in @beproduct/nestjs-auth (0.1.2 through 0.1.19) — Mini Shai-Hulud worm5/19/2026
CRITICAL9.8EPSS 0.10%Turbo: Unexpected local code execution during Yarn Berry detection5/19/2026
CRITICAL10.09router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes5/19/2026
CRITICAL9.8EPSS 0.10%NGINX JavaScript has a vulnerability when the js_fetch_proxy directive is configured with at least one client-controlled NGINX variable (fo…5/19/2026
CRITICAL9.8EPSS 0.08%vm2 Has a Sandbox Breakout Using Async Generator5/14/2026
CRITICAL9.6EPSS 0.05%DeepSeek TUI: run_tests Tool Enables RCE via Malicious Repository Without Approval5/14/2026
CRITICAL9.3Apostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html`5/14/2026
CRITICAL9.1EPSS 0.10%SillyTavern has a Path Traversal issue5/12/2026
CRITICAL9.8EPSS 0.09%SillyTavern has Authentication Bypass via SSO Header Injection5/12/2026
CRITICAL9.8Open Source Kubectl MCP Server vulnerable to arbitrary code execution via user interaction with crafted HTML page5/12/2026

← PrevPage 2 of 61Next →