VulnScope — package-centric CVE lookup

Search

2,961 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

MEDIUM6.5CVE-2026-48726Apache Airflow: revoke_token() unreachable in FabAuthManager / KeycloakAuthManager logout path6/5/2026
CRITICAL9.1Apache Airflow: BashOperator Jinja2 injection via dag_run.conf — low-privilege user pattern6/5/2026
MEDIUM4.3Apache Airflow: per-DAG RBAC bypass on /ui/partitioned_dag_runs endpoints6/5/2026
MEDIUM6.5Apache Airflow: Arbitrary File Read via Log Symlink following in FileTaskHandler6/5/2026
MEDIUM5.3Strawberry GraphQL's Bypass of MaxAliasesLimiter via Fragment Spreads leading to GraphQL Alias Amplification6/4/2026
MEDIUM5.3Strawberry GraphQL has a Circular Fragment Reference DOS6/4/2026
MEDIUM6.1WebOb: Location header normalization during redirect leads to open redirect - again6/4/2026
MEDIUM4.7A vulnerability has been found in Streamlit up to 1.53.0.6/4/2026
LOW2.5A security flaw has been discovered in gradio-app gradio 6.14.0.6/4/2026
CRITICAL9.8Jupyter Enterprise Gateway: ContainerProcessProxy._enforce_prohibited_ids Bypass6/3/2026
MEDIUM5.5Docling: Potential Path Traversal via LaTeX \includegraphics and \input Commands6/3/2026
MEDIUM5.5Docling: Unsafe Archive Extraction and XML Parsing in METS-GBS Backend6/3/2026
MEDIUM6.3malla: Stored XSS via Meshtastic node names in multiple frontend pages6/3/2026
MEDIUM6.4AIOHTTP is Vulnerable to Deserialization of Untrusted Data6/3/2026
MEDIUM5.3Potential exposure of private data via case-sensitive Cache-Control directives in UpdateCacheMiddleware6/3/2026
MEDIUM4.3Signed cookie salt namespace collision in django.http.HttpRequest.get_signed_cookie6/3/2026
MEDIUM5.3Potential exposure of private data via whitespace padding in Vary header6/3/2026
LOW3.7daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processi…6/3/2026
MEDIUM5.3daphne before 4.2.2 did not pass maxFramePayloadSize or maxMessagePayloadSize to Autobahn's WebSocketServerFactory.6/3/2026
MEDIUM6.1OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables.6/2/2026
CRITICAL9.6praisonai-platform: Any workspace member can add arbitrary user as owner via POST /workspaces/{id}/members6/1/2026
MEDIUM6.5praisonai-platform: Any workspace member can rewrite workspace name, description, and settings via PATCH /workspaces/{id}6/1/2026
LOW3.1EPSS 0.04%Apache Airflow: Log server JWT authorization bypass via Python lstrip() character stripping allows cross-Dag log access6/1/2026
MEDIUM6.5EPSS 0.05%Apache Airflow: Rendered template truncation bypasses nested sensitive-key masking6/1/2026
MEDIUM5.9EPSS 0.02%Apache Airflow: JWT cookie missing Secure flag in JWTRefreshMiddleware behind HTTPS-terminating proxy6/1/2026

← PrevPage 2 of 119Next →