VulnScope — package-centric CVE lookup

Search

16,716 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

HIGH7.1CVE-2026-49346libde265 is an open source implementation of the h.265 video codec.6/20/2026
HIGH7.1libde265 is an open source implementation of the h.265 video codec.6/20/2026
HIGH7.5Langflow: Unauthenticated DoS through multipart form boundary file upload6/19/2026
HIGH7.1A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation.6/19/2026
HIGH7.6A heap buffer overflow vulnerability was found in libaom, the reference AV1 codec implementation.6/19/2026
HIGH7.1An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation.6/19/2026
HIGH7.1A heap-buffer-overflow read vulnerability was found in libaom, the reference AV1 codec implementation.6/19/2026
HIGH7.1jupyterlab-git excluded_paths Case-Sensitivity Bypass Allows Reading Excluded Directories6/19/2026
HIGH7.5Stanza: Remote Code Execution via Unsafe Pickle Deserialization in Model Loaders6/19/2026
HIGH7.6Home Assistant: Konnected alarm-panel switch state and zone topology disclosed to unauthenticated actors on the LAN6/19/2026
HIGH8.0py7zr: Arbitrary File Write Vulnerability6/19/2026
HIGH7.3Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK install_packages()6/19/2026
HIGH8.3libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftp_symlink() function in src/sf…6/19/2026
HIGH8.1Coturn is a free open source implementation of TURN and STUN Server.6/19/2026
CRITICAL9.0HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgi_conn structure's drl field that allo…6/18/2026
HIGH8.8An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in…6/18/2026
HIGH8.7HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpack_dht_insert() within src/hpack-tb…6/18/2026
HIGH7.5Pipecat: Telephony WebSocket `/ws` Unauthenticated Call-Control Abuse via Attacker-Supplied Call SID6/18/2026
HIGH7.8A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user i…6/18/2026
HIGH7.5undici WebSocket client vulnerable to denial of service via fragment count bypass6/17/2026
HIGH7.4undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent6/17/2026
HIGH7.5undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse6/17/2026
HIGH7.5Hermes Agent contains a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin validation6/17/2026
HIGH8.2Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header during stathost detection, allowing unauthent…6/17/2026
HIGH8.4pdfkit: Path traversal in from_string6/17/2026

Page 1 of 669Next →