VulnScope — 以套件為主體的 CVE 查詢工具

搜尋

940 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

CRITICAL9.6CVE-2026-45758Malicious code in guardrails-ai 0.10.1 (supply chain compromise)2026/5/19
CRITICAL9.8CVE-2026-7304EPSS 0.43%SGLang: Unauthenticated RCE via --enable-custom-logit-processor2026/5/18
CRITICAL9.1EPSS 0.10%SGLang's multimodal generation runtime has an unauthenticated path traversal vulnerability2026/5/18
CRITICAL9.8EPSS 0.06%SGLanG: Multimodal scheduler deserializes untrusted pickle data on 0.0.0.0 ROUTER socket2026/5/18
CRITICAL10.0EPSS 0.01%utcp-cli Vulnerable to Command Injection via Unsanitized Argument Substitution in CLI Communication Protocol2026/5/14
LOW3.5EPSS 0.01%Open WebUI: Read-Only Users Can Toggle Note Pin Status via Incorrect Permission Check (Write via Read-Only Access)2026/5/14
LOW3.1dbt MCP Server Transmits All MCP Tool Arguments Including Raw SQL and --vars Credentials to dbt Labs Telemetry by Default Without Redaction2026/5/14
LOW2.5dbt MCP Server Logs Tool Arguments Including SQL Queries and Credentials in Plaintext Without Redaction When File Logging Is Enabled2026/5/14
LOW2.7EPSS 0.09%Synapse pagination Denial of Service2026/5/14
CRITICAL9.8EPSS 0.05%mamba language model framework vulnerable to insecure deserialization when loading pre-trained models from HuggingFace Hub2026/5/12
CRITICAL9.8EPSS 0.09%Ludwig framework is vulnerable to insecure deserialization in its model serving component2026/5/12
CRITICAL9.8EPSS 0.51%Ludwig framework is vulnerable to insecure deserialization through its predict() method.2026/5/12
CRITICAL9.8EPSS 0.10%llm CLI tool contains a code injection vulnerability via `--functions` command-line argument2026/5/12
CRITICAL9.8EPSS 0.09%imgaug contains an insecure deserialization vulnerability in BackgroundAugmenter class within multicore.py module2026/5/12
CRITICAL9.8EPSS 0.73%Horovod contains an insecure deserialization vulnerability in its KVStore HTTP server component2026/5/12
CRITICAL9.8EPSS 0.38%Guardrails AI contains a code injection vulnerability in its Hub package installation mechanism2026/5/12
CRITICAL9.8EPSS 0.31%PySyft server-side arbitrary Python execution after code approval2026/5/12
CRITICAL9.9EPSS 0.06%pgAdmin 4 server mode has an authorization vulnerability affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules2026/5/11
CRITICAL9.6EPSS 0.14%PraisonAI MCP `tools/call` path-traversal => RCE via Python `.pth` injection2026/5/11
CRITICAL9.1EPSS 0.04%Open WebUI has an LDAP Empty Password Authentication Bypass2026/5/8
CRITICAL9.8dash-uploader has a directory traversal vulnerability2026/5/8
LOW3.3EPSS 0.01%OSGeo gdal GDapi.c GDfieldinfo out-of-bounds2026/5/7
CRITICAL9.8EPSS 0.06%Compromise of PyTorch Lightning PyPi Package Versions2026/5/7
CRITICAL9.8EPSS 0.05%PraisonAI has an SSRF bypass2026/5/6
CRITICAL9.6EPSS 0.06%jupyterlab: Command linker attributes in HTML enable one-click command execution from untrusted content2026/5/6