VulnScope — package-centric CVE lookup

Search

461 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

LOW3.7CVE-2026-34166EPSS 0.02%LiquidJS Has Memory Limit Bypass via Quadratic Amplification in `replace` Filter4/8/2026
LOW3.7EPSS 0.03%Parse Server has a login timing side-channel reveals user existence4/8/2026
LOW3.7EPSS 0.04%OpenClaw: Shared-secret comparison call sites leaked length information through timing4/7/2026
LOW2.8EPSS 0.01%Electron: Crash in clipboard.readImage() on malformed clipboard image data4/7/2026
LOW3.7EPSS 0.01%Keycloak vulnerable to information disclosure via CORS header injection due to unvalidated JWT azp claim4/6/2026
LOW2.3EPSS 0.02%Electron: Use-after-free in offscreen shared texture release() callback4/3/2026
LOW3.7EPSS 0.08%OpenClaw: Fake DeviceToken Bypasses Shared Auth Rate Limiting4/3/2026
LOW3.9EPSS 0.01%Electron: Unquoted executable path in app.setLoginItemSettings on Windows4/3/2026
LOW3.3EPSS 0.01%Electron: USB device selection not validated against filtered device list4/3/2026
LOW3.3EPSS 0.01%An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the promises API without the required permissi…3/30/2026
LOW3.3EPSS 0.01%A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()` without the required read permission checks, wh…3/30/2026
LOW3.7EPSS 0.03%OpenClaw may have stale policy enforcement for queued node actions3/26/2026
LOW3.1EPSS 0.01%Keycloak Server-Side Request Forgery via OIDC token endpoint manipulation3/26/2026
LOW3.7EPSS 0.03%NGINX ngx_mail_proxy_module vulnerability3/24/2026
LOW3.7EPSS 0.02%Keycloak's identity-first login flow exposes user information3/23/2026
LOW3.7EPSS 0.02%h3: Missing Path Segment Boundary Check in `mount()` Causes Middleware Execution on Unrelated Prefix-Matching Routes3/20/2026
LOW2.6EPSS 0.09%Spring MVC and WebFlux has Server Sent Event stream corruption3/20/2026
LOW2.7EPSS 0.03%StudioCMS REST getUsers Exposes Owner Account Records to Admin Tokens3/16/2026
LOW2.5EPSS 0.02%OpenClaw: Unavailable local auth SecretRefs could fall through to remote credentials in local mode3/13/2026
LOW3.1EPSS 0.01%Keycloak vulnerable to authorization bypass via the Admin API3/12/2026
LOW2.7EPSS 0.01%Keycloak: Information disclosure of disabled user attributes via administrative endpoint3/11/2026
LOW3.7EPSS 0.14%org.eclipse.jetty:jetty-http has different parsing of invalid URIs3/5/2026
LOW2.0EPSS 0.01%@backstage/plugin-scaffolder-backend Vulnerable to Potential Session Token Exfiltration via Log Redaction Bypass3/5/2026
LOW2.7EPSS 0.01%Backstage vulnerable to potential reading of SCM URLs using built in token3/5/2026
LOW3.7EPSS 0.04%OpenClaw has cross-account DM pairing authorization bypass via unscoped pairing store access3/4/2026

← PrevPage 2 of 19Next →