VulnScope — package-centric CVE lookup

Search

6,079 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

MEDIUM6.5CVE-2025-58175GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolution6/12/2026
MEDIUM5.8Kolibri has Unauthenticated Server-Side Request Forgery (SSRF) in RemoteFacilityUserViewset6/11/2026
MEDIUM6.5python-zeroconf: Unbounded TC-deferred queue allows LAN-local memory exhaustion via spoofed-source flood6/11/2026
MEDIUM5.3netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion6/11/2026
CRITICAL9.1Meta Ads MCP: Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token6/11/2026
MEDIUM5.9Litestar: AllowedHostsMiddleware bypasses host validation via client-controlled X-Forwarded-Host header6/10/2026
MEDIUM6.5vLLM's Artifact Pin Decay allows pinned deployments to load unpinned code, weights, and processors6/10/2026
MEDIUM6.5In Spring for Apache Kafka, unbounded delegate cache keyed on user-controlled, potentially malicious selector header6/10/2026
MEDIUM5.3Netty HTTP/2: Advertised MAX_CONCURRENT_STREAMS are not enforced6/8/2026
MEDIUM6.8Netty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source Port6/8/2026
MEDIUM4.0Netty: Unix-socket fd receive leaks descriptors when peer sends two at once6/8/2026
MEDIUM5.4Authlib OAuth 2.0 has Open Redirect in Authorization API that allows attacker-controlled redirect_uri through unsupported response_type6/8/2026
MEDIUM4.3Bugsink: DOS using large numbers of event tags6/5/2026
MEDIUM4.3Bugsink: Project scoping missing in sourcemap and debug-file lookup6/5/2026
CRITICAL9.1NASA AMMOS Instrument Toolkit: Path traversal resulting in arbitrary file append (can be triggered over the network by unauthenticated attacker)6/5/2026
MEDIUM6.5Authorization Bypass in SearchModelVersions in mlflow/mlflow6/5/2026
MEDIUM6.5Apache Airflow: revoke_token() unreachable in FabAuthManager / KeycloakAuthManager logout path6/5/2026
CRITICAL9.1Apache Airflow: BashOperator Jinja2 injection via dag_run.conf — low-privilege user pattern6/5/2026
MEDIUM4.3Apache Airflow: per-DAG RBAC bypass on /ui/partitioned_dag_runs endpoints6/5/2026
MEDIUM6.5Apache Airflow: Arbitrary File Read via Log Symlink following in FileTaskHandler6/5/2026
MEDIUM6.5epa4all-client: Unauthenticated REST API for Patient Record Writes6/4/2026
MEDIUM5.3Strawberry GraphQL's Bypass of MaxAliasesLimiter via Fragment Spreads leading to GraphQL Alias Amplification6/4/2026
MEDIUM5.3Strawberry GraphQL has a Circular Fragment Reference DOS6/4/2026
MEDIUM6.1WebOb: Location header normalization during redirect leads to open redirect - again6/4/2026
CRITICAL9.8Jupyter Enterprise Gateway: ContainerProcessProxy._enforce_prohibited_ids Bypass6/3/2026

Page 1 of 244Next →