VulnScope — 以套件為主體的 CVE 查詢工具

搜尋

62,527 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

HIGH7.3CVE-2026-11417aws-cdk-lib: OS Command Injection in NodejsFunction Bundling2026/6/15
MEDIUM5.3markdown-it: Quadratic complexity DoS in smartquotes rule via replaceAt string operations2026/6/15
HIGH7.5Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS2026/6/15
MEDIUM5.3OpenTelemetry Core: Unbounded memory allocation in W3C Baggage propagation2026/6/15
LOW3.7Starlette: Unvalidated request path concatenated into authority poisons request.url.hostname2026/6/15
—Nest: Middleware Bypass on Fastify via Trailing Slash2026/6/15
HIGH7.5python-multipart: Quadratic-time querystring parsing with semicolon separators causes CPU denial of service2026/6/15
LOW3.7python-multipart: Negative Content-Length in parse_form buffers the entire body in memory2026/6/15
LOW3.7python-multipart: Semicolon treated as querystring field separator enables parameter smuggling2026/6/15
LOW3.7python-multipart: Content-Disposition parameter smuggling via RFC 2231/5987 extended parameters2026/6/15
—Electron: Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow2026/6/15
HIGH7.7Tornado: Authorization header forwarded across cross-origin redirects in SimpleAsyncHTTPClient2026/6/15
HIGH7.5tornado AsyncHTTPClient accumulates decompressed chunks without size limit (gzip bomb)2026/6/15
HIGH7.5Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows2026/6/15
MEDIUM5.3Starlette: Arbitrary HTTP method dispatched to `HTTPEndpoint` attributes via `getattr`2026/6/15
MEDIUM5.3UAParser.js: Unbounded `Sec-CH-UA-Model` parsing can trigger ReDoS in `withClientHints()`2026/6/15
HIGH8.2protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names2026/6/15
MEDIUM5.3protobufjs: Memory amplification from preserved unknown fields in binary decode2026/6/15
—aiohttp: Incomplete websocket frame payloads bypass memory limits2026/6/15
—aiohttp: TLS Server Hostname Override Is Ignored When Reusing HTTPS Connections2026/6/15
—aiohttp: Payload Response Resources Are Not Closed After Mid-Body Disconnect2026/6/15
—aiohttp: HTTP/1 Pipelined Requests Queue Without Limit2026/6/15
—aiohttp: Unread Compressed Request Bodies Bypass client_max_size During Cleanup2026/6/15
—aiohttp: C HTTP Parser Bypasses max_line_size for Fragmented Lines2026/6/15
—aiohttp: DigestAuthMiddleware Applies Credentials to Cross-Origin Redirect Challenges2026/6/15

第 1 / 2502 頁下一頁 →