VulnScope — package-centric CVE lookup

Search

5,316 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

HIGH8.2CVE-2026-54271protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names6/15/2026
HIGH7.5protobufjs: Denial of service through unbounded Any expansion during JSON conversion6/15/2026
HIGH8.2tmp: Type-confusion bypass of _assertPath allows path traversal via non-string prefix/postfix/template6/15/2026
HIGH7.5ws: Memory exhaustion DoS from tiny fragments and data chunks6/15/2026
HIGH7.5form-data: CRLF injection in form-data via unescaped multipart field names and filenames6/12/2026
HIGH8.1Budibase: Basic app users can exfiltrate stored REST datasource auth by rewriting datasource base URL6/12/2026
HIGH7.5Budibase: Webhook schema endpoint authorization bypass allows unauthenticated mutation of webhook and automation schema6/12/2026
HIGH7.7Budibase: SSRF via OAuth2 Config Validation — Missing fetchWithBlacklist Protection6/12/2026
HIGH7.3Vim is an open source, command line text editor.6/11/2026
HIGH7.5Vim is an open source, command line text editor.6/11/2026
HIGH7.1WsgiDAV encoded dot segments can escape filesystem share roots6/11/2026
HIGH7.5@grpc/grpc-js: A malformed request can cause a server crash6/11/2026
HIGH7.5@grpc/grpc-js: An incoming malformed compressed message can cause a client or server crash6/11/2026
HIGH8.8OpenZeppelin Contracts Wizard has Code Injection in Generated Hardhat and Foundry Tests via Unsanitized opts.name / opts.uri6/11/2026
HIGH8.1Litestar has HTML Injection Through its CSRF Token6/10/2026
HIGH7.5Issue summary: When an application drives an AES-OCB context through the public EVP_Cipher() one-shot interface, the application-supplied i…6/9/2026
HIGH7.5Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause…6/9/2026
HIGH7.5Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key unwrap) processes attacker-supplied CMS data, an attacker-chosen str…6/9/2026
HIGH7.5Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with…6/9/2026
HIGH7.4Issue Summary: The PKCS#12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentic…6/9/2026
HIGH7.5Issue summary: Remote peer may exhaust heap memory of the QUIC server or client by flooding it with packets containing PATH_CHALLENGE frame…6/9/2026
HIGH8.1Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1_mbstring_ncopy() can lead to a heap…6/9/2026
HIGH8.2FUXA: Unauthenticated SSRF via Socket.IO DEVICE_WEBAPI_REQUEST and DEVICE_PROPERTY with response reading6/8/2026
HIGH8.0MariaDB server is a community developed fork of MySQL server.6/7/2026
HIGH8.0MariaDB server is a community developed fork of MySQL server.6/7/2026

← PrevPage 2 of 213Next →