VulnScope — package-centric CVE lookup

Search

46,644 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

MEDIUM5.8guzzlehttp/guzzle: Dot-Only Cookie Domains Match All Hosts6/19/2026
MEDIUM5.9guzzlehttp/guzzle: Silent HTTPS-Proxy Downgrade to Cleartext6/19/2026
MEDIUM5.3NL Portal Backend Libraries: Unauthenticated form resolver forwards the privileged Objecten-API token to a caller-supplied URL (SSRF)6/19/2026
HIGH8.3libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftp_symlink() function in src/sf…6/19/2026
MEDIUM6.5A path traversal in handling the "path" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.1…6/19/2026
MEDIUM6.1OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry.6/19/2026
MEDIUM5.4Coturn is a free open source implementation of TURN and STUN Server.6/19/2026
MEDIUM4.9libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_ResumeParser from within handlers in cases of a policy violation.6/19/2026
HIGH8.1Coturn is a free open source implementation of TURN and STUN Server.6/19/2026
MEDIUM4.8guzzlehttp/psr7: CRLF Injection in HTTP Start-Line Serialization6/19/2026
CRITICAL9.0HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgi_conn structure's drl field that allo…6/18/2026
MEDIUM5.3A flaw in Node.js HTTP/2 server API can cause servers to keep accepting data even after sending a `GOAWAY` frame.6/18/2026
LOW1.8A flaw in Node.js Permission Model enforcement allows Bypass via `process.report.writeReport()` Path Misvalidation.6/18/2026
HIGH8.8An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in…6/18/2026
MEDIUM6.7NILFS utilities through 2.3.0, fixed in commit 26efb5d, nilfs_sb_is_valid() function fails to validate s_log_block_size field in NILFS2 sup…6/18/2026
HIGH8.7HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpack_dht_insert() within src/hpack-tb…6/18/2026
MEDIUM6.5NL Portal Backend Libraries: Document contents remained downloadable by any logged-in user (incomplete fix of CVE-2026-49463)6/18/2026
HIGH7.5Pipecat: Telephony WebSocket `/ws` Unauthenticated Call-Control Abuse via Attacker-Supplied Call SID6/18/2026
LOW2.2BBOT: Symlink-Following Arbitrary Write via github_workflows Module6/18/2026
MEDIUM6.5BBOT: Arbitrary File Write in postman_download Module6/18/2026
LOW3.1BBOT: Server-Side Request Forgery (SSRF) in docker_pull module via WWW-Authenticate realm parsing6/18/2026
MEDIUM5.3BBOT: Path traversal (Zip-Slip) in unarchive module - incomplete fix for CVE-2025-102846/18/2026
CRITICAL9.8python-statemachine SCXML <data expr> Eval Injection6/18/2026
MEDIUM5.4Strimzi: Unrestricted access to all Secrets within namespace watched by the Topic operator6/18/2026
HIGH8.0Strimzi: Cross-namespace privilege escalation via `Kafka.spec.entityOperator`6/18/2026

← PrevPage 2 of 1866Next →