VulnScope — package-centric CVE lookup

Search

58,928 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

—CVE-2026-546046/20/2026
MEDIUM5.3CVE-2026-49342YARD is a documentation generation tool for the Ruby programming language.6/20/2026
HIGH7.1libde265 is an open source implementation of the h.265 video codec.6/20/2026
MEDIUM4.3libde265 is an open source implementation of the h.265 video codec.6/20/2026
HIGH7.1libde265 is an open source implementation of the h.265 video codec.6/20/2026
—Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8STRING path.6/20/2026
—urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API (`preload_content=False`) when using Brotli support.6/20/2026
MEDIUM6.5A use-after-free vulnerability was found in FFmpeg's RASC video decoder.6/19/2026
MEDIUM4.4Outerbase Studio: Stored XSS in Text Widget Leads to Authentication Token Exposure6/19/2026
MEDIUM6.1Allure Report: Stored XSS via unescaped ANSI helper in status message/trace rendering6/19/2026
MEDIUM6.2Allure Report: Path Traversal in HTTP Server Allows Arbitrary File Read6/19/2026
—TinaCMS: Cross-origin postMessage handlers and rich-text URL-sanitization bypass enable stored XSS and session takeover6/19/2026
HIGH7.8@tinacms/cli: Remote Code Execution in @tinacms/cli via Forestry migration — unsanitised __TINA_INTERNAL__ marker in user-controlled YAML labels6/19/2026
HIGH7.1A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation.6/19/2026
HIGH7.6A heap buffer overflow vulnerability was found in libaom, the reference AV1 codec implementation.6/19/2026
HIGH7.1An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation.6/19/2026
HIGH7.1A heap-buffer-overflow read vulnerability was found in libaom, the reference AV1 codec implementation.6/19/2026
MEDIUM6.5libheif is a HEIF and AVIF file format decoder and encoder.6/19/2026
HIGH7.5flat-to-nested: Prototype pollution in flat-to-nested convert() via __proto__ parent/id key6/19/2026
—@cyclonedx/cyclonedx-npm: Shell Injection via Unsanitized --workspace Argument6/19/2026
—parse-server: Stored XSS via non-standard file extension bypassing file upload extension blocklist6/19/2026
—jupyterlab-git extension: Stored XSS leading to RCE6/19/2026
—containerd CRI checkpoint restore CDI annotation smuggling6/19/2026
—Arbitrary host CRI log file read via symlink following in CRI checkpoint restore6/19/2026
—containerd CRI — image-config `LABEL` flows to restart-monitor `binary://` logger: host-root command execution from an image pull6/19/2026

Page 1 of 2358Next →