VulnScope — package-centric CVE lookup

Search

10,103 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

CRITICAL9.6CVE-2026-55447Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit6/19/2026
HIGH7.5Langflow: Unauthenticated DoS through multipart form boundary file upload6/19/2026
CRITICAL9.9Langflow: IDOR Vulnerability in `/api/v1/responses` Endpoint Allows Authenticated Attackers to Access Another User's Flow6/19/2026
HIGH7.8@tinacms/cli: Remote Code Execution in @tinacms/cli via Forestry migration — unsanitised __TINA_INTERNAL__ marker in user-controlled YAML labels6/19/2026
HIGH7.5flat-to-nested: Prototype pollution in flat-to-nested convert() via __proto__ parent/id key6/19/2026
HIGH7.1jupyterlab-git excluded_paths Case-Sensitivity Bypass Allows Reading Excluded Directories6/19/2026
HIGH7.5Stanza: Remote Code Execution via Unsafe Pickle Deserialization in Model Loaders6/19/2026
HIGH7.6Home Assistant: Konnected alarm-panel switch state and zone topology disclosed to unauthenticated actors on the LAN6/19/2026
HIGH8.0py7zr: Arbitrary File Write Vulnerability6/19/2026
HIGH7.3Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK install_packages()6/19/2026
HIGH8.8CedarJava has policy injection vulnerability6/19/2026
HIGH8.8CedarJava has type confusion vulnerability6/19/2026
CRITICAL9.9Network-AI: Improper Neutralization of Special Elements used in an OS Command6/19/2026
CRITICAL9.1Network-AI: CVE-2026-46701 fix incomplete — empty default secret still authorizes all requests6/19/2026
CRITICAL9.8gemini-mcp-tool vulnerable to OS command injection and @file exfiltration via prompt quoting (CVE-2026-0755)6/18/2026
HIGH7.1OpenClaw: Workspace-derived service PATH could influence trash command selection6/18/2026
HIGH7.1OpenClaw: Workspace .env STATE_DIRECTORY could influence bundled runtime dependency roots6/18/2026
HIGH8.1OpenClaw: Discord allowFrom could bind to mutable display names6/18/2026
HIGH7.1OpenClaw: Workspace .env npm_execpath could influence bundled runtime dependency install6/18/2026
HIGH7.1OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns6/18/2026
HIGH8.1OpenClaw: Zalo allowFrom could bind to mutable display names6/18/2026
HIGH8.1OpenClaw: Shell positional parameters could weaken strict inline-eval checks6/18/2026
HIGH7.5Pipecat: Telephony WebSocket `/ws` Unauthenticated Call-Control Abuse via Attacker-Supplied Call SID6/18/2026
HIGH7.5undici WebSocket client vulnerable to denial of service via cumulative fragment bypass6/18/2026
CRITICAL9.8python-statemachine SCXML <data expr> Eval Injection6/18/2026

Page 1 of 405Next →