VulnScope — package-centric CVE lookup

Search

468 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

LOW2.5CVE-2026-32970EPSS 0.02%OpenClaw: Unavailable local auth SecretRefs could fall through to remote credentials in local mode3/13/2026
LOW3.1EPSS 0.01%Keycloak vulnerable to authorization bypass via the Admin API3/12/2026
LOW2.7EPSS 0.01%Keycloak: Information disclosure of disabled user attributes via administrative endpoint3/11/2026
LOW3.7EPSS 0.14%org.eclipse.jetty:jetty-http has different parsing of invalid URIs3/5/2026
LOW2.0EPSS 0.01%@backstage/plugin-scaffolder-backend Vulnerable to Potential Session Token Exfiltration via Log Redaction Bypass3/5/2026
LOW2.7EPSS 0.01%Backstage vulnerable to potential reading of SCM URLs using built in token3/5/2026
LOW3.7EPSS 0.04%OpenClaw has cross-account DM pairing authorization bypass via unscoped pairing store access3/4/2026
LOW3.4EPSS 0.02%Dark Reader gives users the ability to request style sheets from local web servers3/4/2026
LOW3.7EPSS 0.04%OpenClaw: Discord DM reaction ingress missed dmPolicy/allowFrom checks in restricted setups3/3/2026
LOW3.3EPSS 0.02%@tootallnate/once vulnerable to Incorrect Control Flow Scoping3/3/2026
LOW2.6EPSS 0.04%OpenClaw Node system.run approval context-binding weakness in approval-enabled host=node flows3/2/2026
LOW3.3EPSS 0.02%OpenClaw's Control UI Static File Handler Follows Symlinks and Allows Out-of-Root File Read3/2/2026
LOW3.7EPSS 0.04%OpenClaw has Signal group allowlist authorization bypass via DM pairing-store leakage3/2/2026
LOW2.2EPSS 0.01%Vim is an open source, command line text editor.2/27/2026
LOW3.1EPSS 0.01%Keycloak REST Services has a WebAuthn Attestation Statement Verification Bypass2/27/2026
LOW3.3EPSS 0.01%Snowflake JDBC Driver is Vulnerable to Uncontrolled Resource Consumption through SdkProxyRoutePlanner2/27/2026
LOW3.6EPSS 0.02%OpenClaw safeBins stdin-only bypass via sort output and recursive grep flags2/19/2026
LOW3.8EPSS 0.03%Keycloak: Missing Check on Disabled Client for Docker Registry Protocol2/19/2026
LOW3.7EPSS 0.16%Apache Tomcat: Security constraint bypass with HTTP/0.92/17/2026
LOW3.7EPSS 0.04%OpenClaw Affected by Remote Code Execution via System Prompt Injection in Slack Channel Descriptions2/17/2026
LOW3.7EPSS 0.05%qs's arrayLimit bypass in comma parsing allows denial of service2/12/2026
LOW2.9EPSS 0.01%ajv has ReDoS when using `$data` option2/11/2026
LOW2.5EPSS 0.01%Apache Shiro Affected by an Observable Timing Discrepancy Vulnerability2/10/2026
LOW3.7EPSS 0.01%webpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF behavior2/5/2026
LOW3.7EPSS 0.01%webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects → SSRF + cache persistence2/5/2026

← PrevPage 3 of 19Next →