VulnScope — 以套件為主體的 CVE 查詢工具

搜尋

4,057 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

HIGH7.8CVE-2026-54074@tinacms/cli: Remote Code Execution in @tinacms/cli via Forestry migration — unsanitised __TINA_INTERNAL__ marker in user-controlled YAML labels2026/6/19
HIGH7.5flat-to-nested: Prototype pollution in flat-to-nested convert() via __proto__ parent/id key2026/6/19
HIGH8.8CedarJava has policy injection vulnerability2026/6/19
HIGH8.8CedarJava has type confusion vulnerability2026/6/19
HIGH7.1OpenClaw: Workspace-derived service PATH could influence trash command selection2026/6/18
HIGH7.1OpenClaw: Workspace .env STATE_DIRECTORY could influence bundled runtime dependency roots2026/6/18
HIGH8.1OpenClaw: Discord allowFrom could bind to mutable display names2026/6/18
HIGH7.1OpenClaw: Workspace .env npm_execpath could influence bundled runtime dependency install2026/6/18
HIGH7.1OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns2026/6/18
HIGH8.1OpenClaw: Zalo allowFrom could bind to mutable display names2026/6/18
HIGH8.1OpenClaw: Shell positional parameters could weaken strict inline-eval checks2026/6/18
HIGH7.5undici WebSocket client vulnerable to denial of service via cumulative fragment bypass2026/6/18
HIGH7.5http-proxy-middleware: multipart/form-data field injection via unescaped CRLF in `fixRequestBody`2026/6/18
HIGH8.1piscina: Prototype Pollution Gadget → RCE via inherited options.filename2026/6/18
HIGH8.0Strimzi: Cross-namespace privilege escalation via `Kafka.spec.entityOperator`2026/6/18
HIGH7.1OpenClaw: Workspace .env CLOUDSDK_PYTHON could influence Gmail setup gcloud execution2026/6/18
HIGH8.1OpenClaw: Shell inline-command parsing could miss an allowlist check2026/6/18
HIGH8.8OpenClaw: Pairing-scoped device session could restore revoked node token authority2026/6/18
HIGH8.1OpenClaw: Host environment sanitizer missed two Node.js control variables2026/6/18
HIGH7.5undici WebSocket client vulnerable to denial of service via fragment count bypass2026/6/17
HIGH7.4undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent2026/6/17
LOW3.7undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse2026/6/17
LOW3.7undici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring matching2026/6/17
HIGH7.5undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse2026/6/17
HIGH7.5HAPI FHIR: Incomplete fix for CVE-2026-45367: DSTU2 FHIRPathEngine.matches() missing RegexTimeout protection allows ReDoS2026/6/17

第 1 / 163 頁下一頁 →