VulnScope — package-centric CVE lookup

Search

62,579 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

HIGH7.5CVE-2026-55091flat-to-nested: Prototype pollution in flat-to-nested convert() via __proto__ parent/id key6/19/2026
—@cyclonedx/cyclonedx-npm: Shell Injection via Unsanitized --workspace Argument6/19/2026
MEDIUM6.5UltraJSON: Malformed/Truncated UTF-8 Accepted and Silently Rewritten in ujson.dumps()6/19/2026
—Python Liquid: Infinite loop when parsing malformed `{% case %}` tags6/19/2026
—parse-server: Stored XSS via non-standard file extension bypassing file upload extension blocklist6/19/2026
HIGH7.1jupyterlab-git excluded_paths Case-Sensitivity Bypass Allows Reading Excluded Directories6/19/2026
—jupyterlab-git extension: Stored XSS leading to RCE6/19/2026
HIGH7.5Stanza: Remote Code Execution via Unsafe Pickle Deserialization in Model Loaders6/19/2026
HIGH7.6Home Assistant: Konnected alarm-panel switch state and zone topology disclosed to unauthenticated actors on the LAN6/19/2026
—containerd CRI checkpoint restore CDI annotation smuggling6/19/2026
—Arbitrary host CRI log file read via symlink following in CRI checkpoint restore6/19/2026
—containerd CRI — image-config `LABEL` flows to restart-monitor `binary://` logger: host-root command execution from an image pull6/19/2026
—containerd: CRI checkpoint import allows local image tag poisoning6/19/2026
—containerd image-triggered runtime DoS via unbounded group parsing6/19/2026
HIGH8.0py7zr: Arbitrary File Write Vulnerability6/19/2026
—In the Linux kernel, the following vulnerability has been resolved: bpf: Free reuseport cBPF prog after RCU grace period.6/19/2026
—In the Linux kernel, the following vulnerability has been resolved: ip6_vti: set netns_immutable on the fallback device.6/19/2026
—In the Linux kernel, the following vulnerability has been resolved: RDMA: During rereg_mr ensure that REREG_ACCESS is compatible If IB_MR_R…6/19/2026
HIGH7.3Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK install_packages()6/19/2026
HIGH8.8CedarJava has policy injection vulnerability6/19/2026
HIGH8.8CedarJava has type confusion vulnerability6/19/2026
MEDIUM5.8guzzlehttp/guzzle: Dot-Only Cookie Domains Match All Hosts6/19/2026
MEDIUM5.9guzzlehttp/guzzle: Silent HTTPS-Proxy Downgrade to Cleartext6/19/2026
MEDIUM5.3NL Portal Backend Libraries: Unauthenticated form resolver forwards the privileged Objecten-API token to a caller-supplied URL (SSRF)6/19/2026
HIGH8.3libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftp_symlink() function in src/sf…6/19/2026

← PrevPage 2 of 2504Next →