VulnScope
Package-centric vulnerability lookup. Type a package name or CVE ID above, or click a card.
● Data refreshed: oldest source 26.5h ago· ⏳ ingest in progress — this page auto-updates· 2 sources failingview sync jobs
Total CVEs
74,887
Packages tracked
15,892
In CISA KEV
1,611
Critical (any)
6,193
🚨 Recent CISA KEV additions
See all KEV →- CVE-2026-45247Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability
- CVE-2025-48595Android Framework Integer Overflow Vulnerability
- CVE-2022-0492Linux Kernel Improper Authentication Vulnerability
- CVE-2024-21182Oracle WebLogic Server Unspecified Vulnerability
- CVE-2026-0257Palo Alto Networks PAN-OS Authentication Bypass Vulnerability
- CVE-2026-8398Daemon Tools Lite Embedded Malicious Code Vulnerability
- CVE-2026-48027Nx Console Embedded Malicious Code Vulnerability
- CVE-2026-45321Malware in @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
📰 Recently published
Browse all →- HIGH8.8CVE-2026-49143browserstack-runner vulnerable to Remote Code Execution via vm sandbox escape in _log HTTP handler
- MEDIUM6.5CVE-2026-49144browserstack-runner has an unauthenticated arbitrary file read via path traversal in HTTP server
- HIGH7.5CVE-2026-42342React Router vulnerable to DoS via unbounded path expansion in __manifest endpoint
- HIGH8.1CVE-2026-42211React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE
- —CVE-2026-40181React Router's same-origin redirect with path starting // causes open redirect via protocol-relative URL reinterpretation
- HIGH8.0CVE-2026-33245React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets
- MEDIUM5.4CVE-2026-33244React Router has stored XSS via unescaped Location header in prerendered redirect HTML
- —CVE-2024-52011launch-editor vulnerable to command injection via the crafted request on Windows
- —CVE-2026-27145Inefficient candidate hostname parsing in crypto/x509
- —CVE-2026-42507Arbitrary inputs are included in errors without any escaping in net/textproto
- —CVE-2026-42504Quadratic complexity in WordDecoder.DecodeHeader in mime
- MEDIUM6.3CVE-2026-49943CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP AS_PATH mask matching implementation i…
- LOW3.3CVE-2026-10528A security flaw has been discovered in Orthanc DICOM Server up to 1.12.11.
- LOW3.3CVE-2026-10298A security flaw has been discovered in ggml-org whisper.cpp up to 1.8.2.
- MEDIUM4.3CVE-2026-46605Incomplete authorization by Apache ActiveMQ server before versions v6.2.6 and v5.19.7 allows authenticated connections to remove existing d…
Most-vulnerable packages
Browse all packages →Debian
all →- chromium257584🚨
- webkit2gtk67850🚨
- wpewebkit31538🚨
- linux1421733🚨
- firefox-esr95326🚨
- roundcube8722🚨
- thunderbird90118🚨
- exim46811🚨
Maven
all →npm
all →- electron483🚨
- n8n671🚨
- vite201🚨
- systeminformation131🚨
- jquery81🚨
- react-server-dom-turbopack71🚨
- react-server-dom-webpack71🚨
- react-server-dom-parcel71🚨
PyPI
all →- salt696🚨
- langflow235🚨
- apache-airflow1254🚨
- pillow612🚨
- pyspark112🚨
- apache-superset661🚨
- opencv-contrib-python311🚨
- opencv-python311🚨