VulnScope — package-centric CVE lookup

Search

1,791 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

HIGH7.1CVE-2026-48099WsgiDAV encoded dot segments can escape filesystem share roots6/11/2026
HIGH8.1CVE-2026-48060Litestar has HTML Injection Through its CSRF Token6/10/2026
HIGH8.3praisonai-platform: Agent endpoints accept any agent_id without workspace ownership check, cross-workspace read/update/delete IDOR6/5/2026
HIGH7.3Apache Airflow: Arbitrary import in custom deadline-reference deserialization6/5/2026
HIGH8.8Apache Airflow: Authenticated RCE via XCom PATCH endpoint — XComUpdateBody missing FORBIDDEN_XCOM_KEYS validator6/5/2026
HIGH7.5Apache Airflow: API authorization bypass: bulk TaskInstances allows cross-DAG mutation6/5/2026
HIGH8.6Docling Core: Unsafe remote filename resolution6/3/2026
HIGH8.1Docling Core: Insufficient validation of image reference URIs6/3/2026
HIGH7.1Docling: Unsafe URI and Path Handling in HTML Backend6/3/2026
HIGH7.5Docling: Unsafe XML Entity Expansion in USPTO Patent Backend6/3/2026
HIGH8.2Docling: Unsafe Playwright-based HTML Rendering6/3/2026
HIGH7.5Docling: Unsafe Zip Extraction in EasyOCR Model Download6/3/2026
HIGH7.5AIOHTTP is vulnerable to cross-origin redirect with per-request cookies6/2/2026
HIGH8.1praisonai-platform: Any workspace member can delete the entire workspace via DELETE /workspaces/{id}6/1/2026
HIGH8.3praisonai-platform: Issue endpoints accept any issue_id without workspace ownership check, cross-workspace read/update/delete IDOR6/1/2026
HIGH8.1praisonai-platform: Comment endpoints accept any issue_id without workspace ownership check, cross-workspace comment read and post IDOR6/1/2026
HIGH8.1praisonai-platform: Project endpoints accept any project_id without workspace ownership check, cross-workspace read/update/delete IDOR6/1/2026
HIGH8.1praisonai-platform: Missing authorization on member removal enables full workspace takeover by any user regardless of role5/29/2026
HIGH7.6praisonai-platform: Label endpoints' unchecked label_id/issue_id enable cross-workspace label IDOR (edit, delete, link)5/29/2026
HIGH8.1praisonai-platform: IDOR in dependency endpoints allows cross-workspace issue linking, reading, and deletion due to missing ownership checks5/29/2026
HIGH8.8PraisonAI Platform: Missing role checks let any workspace member become owner and control workspace membership5/29/2026
HIGH8.8PraisonAI Platform workspace-scoped routes allow cross-workspace object access by global object ID5/29/2026
HIGH8.8PraisonAI has Cross-Workspace IDOR and Privilege Escalation via Platform API5/29/2026
HIGH8.1PraisonAI: Arbitrary code execution via unguarded `spec.loader.exec_module` in `agents_generator.py` - sibling of CVE-2026-443345/29/2026
HIGH8.8Dulwich has an arbitrary file write via NTFS-hostile tree entries on Windows5/28/2026

Page 1 of 72Next →