VulnScope — package-centric CVE lookup

Search

1,676 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

HIGH8.1CVE-2026-48152Budibase: Basic app users can exfiltrate stored REST datasource auth by rewriting datasource base URL6/12/2026
HIGH7.5CVE-2026-48151Budibase: Webhook schema endpoint authorization bypass allows unauthenticated mutation of webhook and automation schema6/12/2026
HIGH7.7Budibase: SSRF via OAuth2 Config Validation — Missing fetchWithBlacklist Protection6/12/2026
HIGH7.5@grpc/grpc-js: A malformed request can cause a server crash6/11/2026
HIGH7.5@grpc/grpc-js: An incoming malformed compressed message can cause a client or server crash6/11/2026
HIGH8.8OpenZeppelin Contracts Wizard has Code Injection in Generated Hardhat and Foundry Tests via Unsanitized opts.name / opts.uri6/11/2026
HIGH8.2FUXA: Unauthenticated SSRF via Socket.IO DEVICE_WEBAPI_REQUEST and DEVICE_PROPERTY with response reading6/8/2026
HIGH8.7TinyMCE Cross-Site Scripting (XSS) vulnerability using media plugin `data-mce-object` injection6/5/2026
HIGH8.7TinyMCE Cross-Site Scripting (XSS) vulnerability through `mce:protected` comments6/5/2026
HIGH8.7TinyMCE Cross-Site Scripting (XSS) vulnerability using through data-mce- prefixed src, href, style attributes6/5/2026
HIGH8.7TinyMCE Cross-Site Scripting (XSS) vulnerability using sanitization bypass through nested SVGs6/5/2026
HIGH8.8DbGate: Remote Code Execution via functionName injection in loadReader endpoint6/5/2026
HIGH7.7Sync-in Server: SSRF protection bypass via IPv4-mapped IPv6 addresses in regExpPrivateIP6/5/2026
HIGH7.5React Router vulnerable to Denial of Service via reflected user input in single-fetch6/4/2026
HIGH7.6Better Auth: Device authorization approve and deny accept any authenticated session while the user code is pending6/4/2026
HIGH7.5Axios: Regular Expression Denial of Service (ReDoS) via Cookie Name Injection6/4/2026
HIGH7.5Allocation of Resources Without Limits or Throttling in Axios6/4/2026
HIGH7.5Axios: Proxy-Authorization header leaks to redirect target when proxy is re-evaluated to direct connection6/4/2026
HIGH8.8EPSS 0.15%browserstack-runner vulnerable to Remote Code Execution via vm sandbox escape in _log HTTP handler6/3/2026
HIGH7.5EPSS 0.05%React Router vulnerable to DoS via unbounded path expansion in __manifest endpoint6/3/2026
HIGH8.1EPSS 0.25%React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE6/3/2026
HIGH8.0EPSS 0.03%React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets6/3/2026
HIGH8.2DOMPurify XSS via selectedcontent re-clone6/1/2026
HIGH8.6NodeVM network builtin exclusions bypass via internal _http_client and _http_server5/29/2026
HIGH7.5EPSS 0.06%ExifReader is vulnerable to denial of service via crafted ICC `mluc` tag5/29/2026

Page 1 of 68Next →