VulnScope — package-centric CVE lookup

Search

37,298 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

MEDIUM5.4CVE-2026-6269Incorrect Authorization in GitLab6/13/2026
LOW3.1CVE-2026-3553Incorrect Authorization in GitLab6/13/2026
MEDIUM6.5Allocation of Resources Without Limits or Throttling in GitLab6/13/2026
MEDIUM4.3Improper Restriction of Rendered UI Layers or Frames in GitLab6/13/2026
MEDIUM6.8File Browser: Symlink following lets scoped users read, overwrite, and share files outside their filebrowser scope6/12/2026
MEDIUM6.5File Browser has a DoS Vulnerability via Public Login API6/12/2026
MEDIUM6.9Netty is a network application framework for development of protocol servers and clients.6/12/2026
MEDIUM4.8Netty is a network application framework for development of protocol servers and clients.6/12/2026
MEDIUM5.3Netty is a network application framework for development of protocol servers and clients.6/12/2026
MEDIUM6.7A flaw was found in QEMU's virtio-blk device.6/12/2026
MEDIUM5.3OpenTelemetry-cpp is the C++ implementation of OpenTelemetry.6/12/2026
MEDIUM6.5Fleet: Observer-level enrollment secret extraction via ORDER BY oracle on Apple MDM commands endpoint6/12/2026
MEDIUM6.5Fleet has observer-level enrollment secret extraction via ORDER BY oracle on labels host-listing endpoint6/12/2026
MEDIUM5.4Fabric.js improper escaping in fabric.Gradient colorStops leads to XSS in SVG serialization6/12/2026
MEDIUM5.3Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations.6/12/2026
MEDIUM5.9Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks.6/12/2026
LOW3.7Tornado has out-of-bounds memory access via C extension6/12/2026
MEDIUM5.9gorest InMemorySecret2FA race condition allows process crash via concurrent map access (CWE-362)6/12/2026
CRITICAL9.0Budibase: Workspace-scoped builder escalates to global admin via /api/public/v1/roles/assign6/12/2026
MEDIUM6.5Budibase: Unanchored Regex in `matchers.ts` Allows CSRF Bypass via Query String Injection in Budibase Worker6/12/2026
MEDIUM6.5GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolution6/12/2026
MEDIUM6.7LangGraph has NoSQL parameter injection in MongoDBSaver, allowing cross-tenant state access6/12/2026
MEDIUM4.3Improper Neutralization of Substitution Characters in GitLab6/12/2026
MEDIUM6.5Server-Side Request Forgery (SSRF) in GitLab6/12/2026
LOW3.7Authorization Bypass Through User-Controlled Key in GitLab6/12/2026

Page 1 of 1492Next →