VulnScope — package-centric CVE lookup

Search

15,658 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

MEDIUM4.4CVE-2026-55650Outerbase Studio: Stored XSS in Text Widget Leads to Authentication Token Exposure6/19/2026
HIGH7.5Langflow: Unauthenticated DoS through multipart form boundary file upload6/19/2026
MEDIUM6.1Langflow: Logout button does not clear session6/19/2026
MEDIUM6.1Allure Report: Stored XSS via unescaped ANSI helper in status message/trace rendering6/19/2026
MEDIUM6.2Allure Report: Path Traversal in HTTP Server Allows Arbitrary File Read6/19/2026
MEDIUM6.8dbt MCP Server: Unauthenticated OAuth Context Endpoint Leaks dbt Platform Tokens6/19/2026
HIGH7.8@tinacms/cli: Remote Code Execution in @tinacms/cli via Forestry migration — unsanitised __TINA_INTERNAL__ marker in user-controlled YAML labels6/19/2026
HIGH7.5flat-to-nested: Prototype pollution in flat-to-nested convert() via __proto__ parent/id key6/19/2026
MEDIUM6.5UltraJSON: Malformed/Truncated UTF-8 Accepted and Silently Rewritten in ujson.dumps()6/19/2026
HIGH7.1jupyterlab-git excluded_paths Case-Sensitivity Bypass Allows Reading Excluded Directories6/19/2026
HIGH7.5Stanza: Remote Code Execution via Unsafe Pickle Deserialization in Model Loaders6/19/2026
HIGH7.6Home Assistant: Konnected alarm-panel switch state and zone topology disclosed to unauthenticated actors on the LAN6/19/2026
HIGH8.0py7zr: Arbitrary File Write Vulnerability6/19/2026
HIGH7.3Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK install_packages()6/19/2026
HIGH8.8CedarJava has policy injection vulnerability6/19/2026
HIGH8.8CedarJava has type confusion vulnerability6/19/2026
MEDIUM5.3NL Portal Backend Libraries: Unauthenticated form resolver forwards the privileged Objecten-API token to a caller-supplied URL (SSRF)6/19/2026
MEDIUM5.3ts-deepmerge: Prototype Method Override leads to DoS6/19/2026
MEDIUM5.8Signal K Server: Server-Side Request Forgery via Remote Connection Endpoints6/18/2026
MEDIUM5.4OpenClaw: Empty-scope device re-pairing could confuse caller scope containment6/18/2026
HIGH7.1OpenClaw: Workspace-derived service PATH could influence trash command selection6/18/2026
HIGH7.1OpenClaw: Workspace .env STATE_DIRECTORY could influence bundled runtime dependency roots6/18/2026
HIGH8.1OpenClaw: Discord allowFrom could bind to mutable display names6/18/2026
HIGH7.1OpenClaw: Workspace .env npm_execpath could influence bundled runtime dependency install6/18/2026
HIGH7.1OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns6/18/2026

Page 1 of 627Next →