VulnScope — package-centric CVE lookup

Search

480 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

LOW3.7CVE-2026-49854Tornado has out-of-bounds memory access via C extension6/12/2026
LOW3.5Papra HTTP redirect bypass can lead to SSRF via webhook delivery system6/10/2026
LOW3.7Issue summary: The CMS_decrypt and PKCS7_decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provid…6/9/2026
LOW3.7Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42) peer key, the peer key is not properly checked for the subgroup…6/9/2026
LOW3.1Bugsink: Issue bulk actions can affect another project’s issue if its UUID is known6/5/2026
LOW3.1Bugsink: Issue event views can show an event from another project if its UUID is known6/5/2026
LOW3.1EPSS 0.04%Apache Airflow: Log server JWT authorization bypass via Python lstrip() character stripping allows cross-Dag log access6/1/2026
LOW3.7Axios has a Patch Bypass: Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype Fix5/29/2026
LOW3.3Dulwich doesn't sanitize commit subjects in `porcelain.format_patch`5/29/2026
LOW3.7EPSS 0.06%PyJWT is a JSON Web Token implementation in Python.5/28/2026
LOW3.3EPSS 0.01%pypdf: Possible long runtimes for zero-only width values in cross-reference streamsuntimes for zero-only width values in cross-reference streams5/28/2026
LOW2.0NocoDB: OAuth Token Scope Not Enforced at ACL Layer Allows Scope Escalation5/21/2026
LOW3.7EPSS 0.04%Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in s…5/20/2026
LOW3.1Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs5/19/2026
LOW3.5EPSS 0.01%Open WebUI: Read-Only Users Can Toggle Note Pin Status via Incorrect Permission Check (Write via Read-Only Access)5/14/2026
LOW3.1dbt MCP Server Transmits All MCP Tool Arguments Including Raw SQL and --vars Credentials to dbt Labs Telemetry by Default Without Redaction5/14/2026
LOW2.5dbt MCP Server Logs Tool Arguments Including SQL Queries and Credentials in Plaintext Without Redaction When File Logging Is Enabled5/14/2026
LOW2.7EPSS 0.09%Synapse pagination Denial of Service5/14/2026
LOW3.7EPSS 0.01%Next.js's Middleware / Proxy redirects can be cache-poisoned5/11/2026
LOW3.7EPSS 0.01%Next.js vulnerable to cache poisoning via collisions in React Server Component cache-busting5/11/2026
LOW3.8EPSS 0.02%Hono has improper validation of NumericDate claims (exp, nbf, iat) in JWT verify()5/9/2026
LOW3.3EPSS 0.01%OSGeo gdal GDapi.c GDfieldinfo out-of-bounds5/7/2026
LOW3.7EPSS 0.04%nuxt-og-image SSRF — bypass of GHSA-pqhr-mp3f-hrpp / v6.2.5 fix (IPv6 + redirect)5/7/2026
LOW3.5EPSS 0.04%Magic Wormhole: receive, with --output pointing at an existing directory can be path-traversed5/6/2026
LOW3.7EPSS 0.02%Flowise: Bcrypt Password Hash Exposure5/6/2026

Page 1 of 20Next →