VulnScope — package-centric CVE lookup- CRITICAL9.6CVE-2026-45321⚠ KEVEPSS 17.1%Malware in @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
- CRITICAL9.9⚠ KEVEPSS 65.8%n8n Vulnerable to Remote Code Execution via Expression Injection
- CRITICAL10.0⚠ KEVEPSS 84.5%React Server Components are Vulnerable to RCE
- CRITICAL9.8⚠ KEVEPSS 27.9%@react-native-community/cli has arbitrary OS command injection
- HIGH7.5⚠ KEVEPSS 14.7%eslint-config-prettier, eslint-plugin-prettier, synckit, @pkgr/core, napi-postinstall have embedded malicious code
- HIGH8.0⚠ KEVEPSS 0.60%Git allows arbitrary code execution through broken config quoting
- MEDIUM5.3⚠ KEVEPSS 83.2%Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query
- HIGH8.1⚠ KEVEPSS 70.8%freetype - security update
- CRITICAL9.1⚠ KEVEPSS 93.9%Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path.
- MEDIUM5.3⚠ KEVEPSS 94.4%nghttp2 - security update
- HIGH8.8⚠ KEVEPSS 5.0%libvpx - security update
- HIGH8.8⚠ KEVEPSS 93.3%thunderbird - security update
- CRITICAL9.6⚠ KEVEPSS 0.08%chromium - security update
- CRITICAL9.8⚠ KEVEPSS 94.4%Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
- CRITICAL9.8⚠ KEVEPSS 94.4%Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
- CRITICAL9.0⚠ KEVEPSS 94.4%mod_proxy SSRF
- HIGH7.8⚠ KEVEPSS 94.0%Command Injection Vulnerability
- HIGH8.8⚠ KEVEPSS 22.3%chromium - security update
- HIGH7.8⚠ KEVEPSS 92.6%sudo - security update
- MEDIUM6.5⚠ KEVEPSS 93.0%freetype - security update
- MEDIUM6.5⚠ KEVEPSS 89.9%chromium - security update
- MEDIUM5.5⚠ KEVEPSS 94.4%Microsoft Netlogon Privilege Escalation Vulnerability
- MEDIUM6.9⚠ KEVEPSS 34.7%Potential XSS vulnerability in jQuery
- CRITICAL9.8⚠ KEVEPSS 94.4%libphp-phpmailer - security update
- CRITICAL9.8⚠ KEVEPSS 94.1%opensmtpd - security update