VulnScope — 以套件為主體的 CVE 查詢工具

搜尋

1,202 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

CRITICAL9.8CVE-2026-8711EPSS 0.10%NGINX JavaScript has a vulnerability when the js_fetch_proxy directive is configured with at least one client-controlled NGINX variable (fo…2026/5/19
CRITICAL9.8EPSS 0.43%SGLang: Unauthenticated RCE via --enable-custom-logit-processor2026/5/18
CRITICAL9.1EPSS 0.10%SGLang's multimodal generation runtime has an unauthenticated path traversal vulnerability2026/5/18
CRITICAL9.8EPSS 0.06%SGLanG: Multimodal scheduler deserializes untrusted pickle data on 0.0.0.0 ROUTER socket2026/5/18
CRITICAL10.0EPSS 0.01%utcp-cli Vulnerable to Command Injection via Unsanitized Argument Substitution in CLI Communication Protocol2026/5/14
CRITICAL9.8EPSS 0.05%mamba language model framework vulnerable to insecure deserialization when loading pre-trained models from HuggingFace Hub2026/5/12
CRITICAL9.8EPSS 0.09%Ludwig framework is vulnerable to insecure deserialization in its model serving component2026/5/12
CRITICAL9.8EPSS 0.51%Ludwig framework is vulnerable to insecure deserialization through its predict() method.2026/5/12
CRITICAL9.8EPSS 0.10%llm CLI tool contains a code injection vulnerability via `--functions` command-line argument2026/5/12
CRITICAL9.8EPSS 0.09%imgaug contains an insecure deserialization vulnerability in BackgroundAugmenter class within multicore.py module2026/5/12
CRITICAL9.8EPSS 0.73%Horovod contains an insecure deserialization vulnerability in its KVStore HTTP server component2026/5/12
CRITICAL9.8EPSS 0.38%Guardrails AI contains a code injection vulnerability in its Hub package installation mechanism2026/5/12
CRITICAL9.8EPSS 0.31%PySyft server-side arbitrary Python execution after code approval2026/5/12
CRITICAL9.9EPSS 0.06%pgAdmin 4 server mode has an authorization vulnerability affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules2026/5/11
CRITICAL9.6EPSS 0.14%PraisonAI MCP `tools/call` path-traversal => RCE via Python `.pth` injection2026/5/11
CRITICAL9.1EPSS 0.04%Open WebUI has an LDAP Empty Password Authentication Bypass2026/5/8
CRITICAL9.8dash-uploader has a directory traversal vulnerability2026/5/8
CRITICAL9.8EPSS 0.13%A flaw was found in gnutls.2026/5/7
CRITICAL9.8EPSS 0.06%Compromise of PyTorch Lightning PyPi Package Versions2026/5/7
CRITICAL9.8EPSS 0.05%PraisonAI has an SSRF bypass2026/5/6
CRITICAL9.6EPSS 0.06%jupyterlab: Command linker attributes in HTML enable one-click command execution from untrusted content2026/5/6
CRITICAL9.9EPSS 0.01%wger: cross-tenant password reset and plaintext disclosure via gym=None bypass2026/5/6
CRITICAL9.9EPSS 0.05%Rucio has SQL Injection in FilterEngine PostgreSQL Query Builder via DID Search API2026/5/6
CRITICAL9.9EPSS 0.05%Rucio has SQL Injection in FilterEngine Oracle JSON Path via DID Search API2026/5/6
CRITICAL9.8EPSS 0.02%Apache HTTP Server: buffer overflow in mod_proxy_ajp via ajp_msg_check_header()2026/5/5