VulnScope — package-centric CVE lookup

Search

62,579 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

—CVE-2026-546046/20/2026
MEDIUM5.3CVE-2026-49342YARD is a documentation generation tool for the Ruby programming language.6/20/2026
HIGH7.1libde265 is an open source implementation of the h.265 video codec.6/20/2026
MEDIUM4.3libde265 is an open source implementation of the h.265 video codec.6/20/2026
HIGH7.1libde265 is an open source implementation of the h.265 video codec.6/20/2026
—Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8STRING path.6/20/2026
—urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API (`preload_content=False`) when using Brotli support.6/20/2026
MEDIUM6.5A use-after-free vulnerability was found in FFmpeg's RASC video decoder.6/19/2026
MEDIUM4.4Outerbase Studio: Stored XSS in Text Widget Leads to Authentication Token Exposure6/19/2026
CRITICAL9.6Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit6/19/2026
HIGH7.5Langflow: Unauthenticated DoS through multipart form boundary file upload6/19/2026
MEDIUM6.1Langflow: Logout button does not clear session6/19/2026
CRITICAL9.9Langflow: IDOR Vulnerability in `/api/v1/responses` Endpoint Allows Authenticated Attackers to Access Another User's Flow6/19/2026
—py7zr: O(n^2) algorithmic complexity DoS in PackInfo._read()6/19/2026
—py7zr: Decompression bomb (zip bomb) denial of service via unchecked extraction size6/19/2026
MEDIUM6.1Allure Report: Stored XSS via unescaped ANSI helper in status message/trace rendering6/19/2026
MEDIUM6.2Allure Report: Path Traversal in HTTP Server Allows Arbitrary File Read6/19/2026
MEDIUM6.8dbt MCP Server: Unauthenticated OAuth Context Endpoint Leaks dbt Platform Tokens6/19/2026
—TinaCMS: Cross-origin postMessage handlers and rich-text URL-sanitization bypass enable stored XSS and session takeover6/19/2026
HIGH7.8@tinacms/cli: Remote Code Execution in @tinacms/cli via Forestry migration — unsanitised __TINA_INTERNAL__ marker in user-controlled YAML labels6/19/2026
HIGH7.1A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation.6/19/2026
HIGH7.6A heap buffer overflow vulnerability was found in libaom, the reference AV1 codec implementation.6/19/2026
HIGH7.1An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation.6/19/2026
HIGH7.1A heap-buffer-overflow read vulnerability was found in libaom, the reference AV1 codec implementation.6/19/2026
MEDIUM6.5libheif is a HEIF and AVIF file format decoder and encoder.6/19/2026

Page 1 of 2504Next →