VulnScope — 以套件為主體的 CVE 查詢工具

搜尋

30,010 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

MEDIUM5.3CVE-2026-48988markdown-it: Quadratic complexity DoS in smartquotes rule via replaceAt string operations2026/6/15
MEDIUM5.3OpenTelemetry Core: Unbounded memory allocation in W3C Baggage propagation2026/6/15
LOW3.7Starlette: Unvalidated request path concatenated into authority poisons request.url.hostname2026/6/15
LOW3.7python-multipart: Negative Content-Length in parse_form buffers the entire body in memory2026/6/15
LOW3.7python-multipart: Semicolon treated as querystring field separator enables parameter smuggling2026/6/15
LOW3.7python-multipart: Content-Disposition parameter smuggling via RFC 2231/5987 extended parameters2026/6/15
MEDIUM5.3Starlette: Arbitrary HTTP method dispatched to `HTTPEndpoint` attributes via `getattr`2026/6/15
MEDIUM5.3UAParser.js: Unbounded `Sec-CH-UA-Model` parsing can trigger ReDoS in `withClientHints()`2026/6/15
MEDIUM5.3protobufjs: Memory amplification from preserved unknown fields in binary decode2026/6/15
LOW3.1React Router: Potential CSRF via PUT/PATCH/DELETE document requests2026/6/15
CRITICAL9.8Vitest Browser: Exposed Browser Mode API Can Proxy CDP and Overwrite Config Files, Leading to RCE2026/6/15
MEDIUM6.1DOMPurify: Cross-realm IN_PLACE sanitization leaves executable markup intact via realm-bound `instanceof` checks2026/6/15
MEDIUM6.1DOMPurify: IN_PLACE mode preserves attributes of a clobbered root element, allowing XSS via attacker-controlled root DOM2026/6/15
MEDIUM5.3protobufjs : Schema-derived names can shadow runtime-significant properties2026/6/15
MEDIUM5.3JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases2026/6/15
LOW3.2@babel/core: Arbitrary File Read via sourceMappingURL Comment2026/6/15
MEDIUM6.8In OpenStack Ironic through 35.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can retu…2026/6/14
MEDIUM6.3Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in ninenines cowlib allows HTTP…2026/6/13
MEDIUM6.9Netty susceptible to HTTP/2 Reset Attack with different on-the-wire signature2026/6/12
MEDIUM4.8Netty: QUIC stateless reset token material exposed through header-visible connection IDs2026/6/12
MEDIUM5.3Netty: HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted2026/6/12
MEDIUM6.7A flaw was found in QEMU's virtio-blk device.2026/6/12
MEDIUM5.3OpenTelemetry-cpp is the C++ implementation of OpenTelemetry.2026/6/12
MEDIUM5.4Fabric.js improper escaping in fabric.Gradient colorStops leads to XSS in SVG serialization2026/6/12
MEDIUM5.3Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations.2026/6/12

第 1 / 1201 頁下一頁 →