VulnScope — package-centric CVE lookup

Search

4,092 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

HIGH8.1CVE-2026-48060Litestar has HTML Injection Through its CSRF Token6/10/2026
MEDIUM6.5vLLM's Artifact Pin Decay allows pinned deployments to load unpinned code, weights, and processors6/10/2026
MEDIUM6.5The Apache Airflow Samba provider's `GCSToSambaOperator` joined GCS object names to the SMB destination path without a containment check, s…6/9/2026
MEDIUM5.4Authlib OAuth 2.0 has Open Redirect in Authorization API that allows attacker-controlled redirect_uri through unsupported response_type6/8/2026
MEDIUM4.3Bugsink: DOS using large numbers of event tags6/5/2026
MEDIUM4.3Bugsink: Project scoping missing in sourcemap and debug-file lookup6/5/2026
LOW3.1Bugsink: Issue bulk actions can affect another project’s issue if its UUID is known6/5/2026
LOW3.1Bugsink: Issue event views can show an event from another project if its UUID is known6/5/2026
HIGH8.3praisonai-platform: Agent endpoints accept any agent_id without workspace ownership check, cross-workspace read/update/delete IDOR6/5/2026
MEDIUM6.5MLflow authenticated users can enumerate any registered model versions due to lack of per-model permissions checks6/5/2026
MEDIUM6.5Apache Airflow: revoke_token() unreachable in FabAuthManager / KeycloakAuthManager logout path6/5/2026
HIGH7.3Apache Airflow: Arbitrary import in custom deadline-reference deserialization6/5/2026
HIGH8.8Apache Airflow: Authenticated RCE via XCom PATCH endpoint — XComUpdateBody missing FORBIDDEN_XCOM_KEYS validator6/5/2026
HIGH7.5Apache Airflow: API authorization bypass: bulk TaskInstances allows cross-DAG mutation6/5/2026
MEDIUM4.3Apache Airflow: per-DAG RBAC bypass on /ui/partitioned_dag_runs endpoints6/5/2026
MEDIUM6.5Apache Airflow: Arbitrary File Read via Log Symlink following in FileTaskHandler6/5/2026
MEDIUM5.3Strawberry GraphQL's Bypass of MaxAliasesLimiter via Fragment Spreads leading to GraphQL Alias Amplification6/4/2026
MEDIUM5.3Strawberry GraphQL has a Circular Fragment Reference DOS6/4/2026
MEDIUM6.1WebOb: Location header normalization during redirect leads to open redirect - again6/4/2026
MEDIUM4.7A vulnerability has been found in Streamlit up to 1.53.0.6/4/2026
LOW2.5A security flaw has been discovered in gradio-app gradio 6.14.0.6/4/2026
HIGH8.6Docling Core: Unsafe remote filename resolution6/3/2026
HIGH8.1Docling Core: Insufficient validation of image reference URIs6/3/2026
HIGH7.1Docling: Unsafe URI and Path Handling in HTML Backend6/3/2026
MEDIUM5.5Docling: Potential Path Traversal via LaTeX \includegraphics and \input Commands6/3/2026

← PrevPage 2 of 164Next →