VulnScope — package-centric CVE lookup

Search

58,931 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

HIGH7.8CVE-2026-45490.NET SDK Elevation of Privilege Vulnerability6/18/2026
MEDIUM6.1CVE-2026-54386marimo contains a reflected cross-site scripting vulnerability in the notebook page6/18/2026
MEDIUM5.3joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards.6/17/2026
MEDIUM5.9Impact: undici's cookie parser in parseSetCookie percent-decodes cookie values via qsUnescape, turning encoded sequences like %0D%0A, %00,…6/17/2026
HIGH7.5Impact: The undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a l…6/17/2026
HIGH7.4undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent6/17/2026
MEDIUM5.9undici vulnerable to cross-user information disclosure via shared cache whitespace bypass6/17/2026
HIGH7.5Impact: When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's orig…6/17/2026
MEDIUM5.8Shaarli is a personal bookmarking service.6/17/2026
HIGH8.2Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header during stathost detection, allowing unauthent…6/17/2026
MEDIUM5.9libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSH_MSG_EXT_INFO hand…6/17/2026
CRITICAL9.1Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to reject requests containing multiple Content-Length headers with differing value…6/17/2026
CRITICAL9.1Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, fo…6/17/2026
MEDIUM4.8Shaarli is a personal bookmarking service.6/17/2026
MEDIUM5.8Shaarli is a personal bookmarking service.6/17/2026
MEDIUM6.0OpenStack Horizon RC file generation does not escape special characters in project names6/17/2026
CRITICAL9.6Avo: Missing Authorization in Avo Association Attach Endpoint Allows Unauthorized Relationship Manipulation and Privilege Escalation6/17/2026
MEDIUM4.3Deno: Denial of service via non-ASCII bytes in WebSocket response headers6/17/2026
HIGH7.5HAPI FHIR: Incomplete fix for CVE-2026-45367: DSTU2 FHIRPathEngine.matches() missing RegexTimeout protection allows ReDoS6/17/2026
CRITICAL9.3Langflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leak6/17/2026
HIGH7.5handlebars.java FileTemplateLoader Path Traversal6/17/2026
HIGH7.6Filament: Disabled RichEditor field state can be used for XSS6/17/2026
HIGH7.6LangChain4j: SQL injection via metadata filters in langchain4j-mariadb and langchain4j-pgvector6/17/2026
MEDIUM4.3katello: missing repository authorization in content_uploads exposes cross-product content existence6/17/2026
HIGH8.4pdfkit: Path traversal in from_string6/17/2026

← PrevPage 3 of 2358Next →