VulnScope — package-centric CVE lookup

Search

19,660 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

HIGH7.1CVE-2026-49346libde265 is an open source implementation of the h.265 video codec.6/20/2026
HIGH7.1libde265 is an open source implementation of the h.265 video codec.6/20/2026
HIGH7.8@tinacms/cli: Remote Code Execution in @tinacms/cli via Forestry migration — unsanitised __TINA_INTERNAL__ marker in user-controlled YAML labels6/19/2026
HIGH7.1A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation.6/19/2026
HIGH7.6A heap buffer overflow vulnerability was found in libaom, the reference AV1 codec implementation.6/19/2026
HIGH7.1An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation.6/19/2026
HIGH7.1A heap-buffer-overflow read vulnerability was found in libaom, the reference AV1 codec implementation.6/19/2026
HIGH7.5flat-to-nested: Prototype pollution in flat-to-nested convert() via __proto__ parent/id key6/19/2026
HIGH8.8CedarJava has policy injection vulnerability6/19/2026
HIGH8.8CedarJava has type confusion vulnerability6/19/2026
HIGH8.3libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftp_symlink() function in src/sf…6/19/2026
HIGH8.1Coturn is a free open source implementation of TURN and STUN Server.6/19/2026
CRITICAL9.0HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgi_conn structure's drl field that allo…6/18/2026
LOW1.8A flaw in Node.js Permission Model enforcement allows Bypass via `process.report.writeReport()` Path Misvalidation.6/18/2026
HIGH8.8An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in…6/18/2026
HIGH8.7HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpack_dht_insert() within src/hpack-tb…6/18/2026
HIGH7.1OpenClaw: Workspace-derived service PATH could influence trash command selection6/18/2026
HIGH7.1OpenClaw: Workspace .env STATE_DIRECTORY could influence bundled runtime dependency roots6/18/2026
HIGH8.1OpenClaw: Discord allowFrom could bind to mutable display names6/18/2026
HIGH7.1OpenClaw: Workspace .env npm_execpath could influence bundled runtime dependency install6/18/2026
HIGH7.1OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns6/18/2026
HIGH8.1OpenClaw: Zalo allowFrom could bind to mutable display names6/18/2026
HIGH8.1OpenClaw: Shell positional parameters could weaken strict inline-eval checks6/18/2026
HIGH7.5undici WebSocket client vulnerable to denial of service via cumulative fragment bypass6/18/2026
HIGH7.5http-proxy-middleware: multipart/form-data field injection via unescaped CRLF in `fixRequestBody`6/18/2026

Page 1 of 787Next →