VulnScope — package-centric CVE lookup

Search

20,281 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

MEDIUM5.3CVE-2026-48937A flaw in Node.js HTTP/2 server API can cause servers to keep accepting data even after sending a `GOAWAY` frame.6/18/2026
MEDIUM6.5BBOT: Arbitrary File Write in postman_download Module6/18/2026
MEDIUM5.3BBOT: Path traversal (Zip-Slip) in unarchive module - incomplete fix for CVE-2025-102846/18/2026
MEDIUM6.1marimo contains a reflected cross-site scripting vulnerability in the notebook page6/18/2026
MEDIUM5.3joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards.6/17/2026
MEDIUM5.9Impact: undici's cookie parser in parseSetCookie percent-decodes cookie values via qsUnescape, turning encoded sequences like %0D%0A, %00,…6/17/2026
MEDIUM5.9undici vulnerable to cross-user information disclosure via shared cache whitespace bypass6/17/2026
MEDIUM5.8Shaarli is a personal bookmarking service.6/17/2026
MEDIUM5.9libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSH_MSG_EXT_INFO hand…6/17/2026
MEDIUM4.8Shaarli is a personal bookmarking service.6/17/2026
MEDIUM5.8Shaarli is a personal bookmarking service.6/17/2026
MEDIUM6.0OpenStack Horizon RC file generation does not escape special characters in project names6/17/2026
MEDIUM5.3Open WebUI: Any authenticated user can read other users' private notes via Socket.IO6/17/2026
MEDIUM6.3Open WebUI: Authenticated users can target arbitrary configured Ollama backends via unguarded url_idx path parameter6/17/2026
MEDIUM6.5Open WebUI: RAG ACL Bypass in Milvus Multitenancy Mode6/17/2026
MEDIUM4.3Open WebUI BOLA: `search_knowledge_files` Allows Unauthorized Knowledge Base File Enumeration6/17/2026
MEDIUM6.4Open WebUI Prompt history IDOR: unbound history_id allows cross-prompt read and deletion6/17/2026
MEDIUM4.3Open WebUI: Sibling-Prefix Path Traversal via /cache/{path}6/17/2026
MEDIUM6.5Open WebUI: Cross-user file disclosure via /api/chat/completions image_url field6/17/2026
MEDIUM4.3Open WebUI IDOR: Calendar event re-parenting allows writing events into another user's calendar6/17/2026
MEDIUM6.5vLLM: OOM Denial of Service via Audio Decompression Bomb6/17/2026
MEDIUM4.8vLLM: image EXIF Rotation & PNG tRNS Transparency Not Normalized, Causing Mismatch Between Model Input and Expectations6/17/2026
MEDIUM4.2Insufficient policy enforcement in File System Access in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromise…6/17/2026
MEDIUM6.5Inappropriate implementation in Media in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to obtain potentially sensitive in…6/17/2026
MEDIUM4.7Inappropriate implementation in Views in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker who had compromised the r…6/17/2026

Page 1 of 812Next →