VulnScope — package-centric CVE lookup

Search

1,975 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

CRITICAL9.0CVE-2026-48150Budibase: Workspace-scoped builder escalates to global admin via /api/public/v1/roles/assign6/12/2026
LOW3.5Papra HTTP redirect bypass can lead to SSRF via webhook delivery system6/10/2026
CRITICAL10.0DbGate: Unauthenticated Remote Code Execution via JSON Script Runner6/5/2026
CRITICAL9.6Vitest browser mode serves unsanitized otelCarrier query parameter as inline script6/1/2026
CRITICAL9.8When Vitest UI server is listening, arbitrary file can be read and executed6/1/2026
CRITICAL10.0NodeVM builtin denylist bypass via process and inspector/promises allows host code execution5/29/2026
CRITICAL9.8vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass5/29/2026
CRITICAL10.0vm2 has a CVE-2023-37903 patch bypass: nesting:true without explicit require still allows full RCE5/29/2026
CRITICAL10.0vm2 is Vulnerable to Sandbox Breakout Through Promise Species5/29/2026
CRITICAL10.0vm2 has a Sandbox Escape issue5/29/2026
LOW3.7Axios has a Patch Bypass: Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype Fix5/29/2026
CRITICAL9.1Yamcs Vulnerable to Authenticated Remote Code Execution (RCE) via Jython Algorithm Code Injection5/27/2026
CRITICAL9.8Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm override5/27/2026
CRITICAL10.0LiquidJS is Vulnerable to Remote Code Execution5/27/2026
CRITICAL9.1Yamcs Vulnerable to Server-Side Code Injection (RCE) via Janino Expression Engine in `JavaExprAlgorithmExecutionFactory`5/27/2026
CRITICAL9.6OCI layer symlink escape → arbitrary host write5/21/2026
CRITICAL10.0Read-only volume remount bypass via guest CAP_SYS_ADMIN5/21/2026
LOW2.0NocoDB: OAuth Token Scope Not Enforced at ACL Layer Allows Scope Escalation5/21/2026
CRITICAL10.0Malicious code in @beproduct/nestjs-auth (0.1.2 through 0.1.19) — Mini Shai-Hulud worm5/19/2026
CRITICAL9.8EPSS 0.10%Turbo: Unexpected local code execution during Yarn Berry detection5/19/2026
CRITICAL10.09router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes5/19/2026
CRITICAL9.6GlassFish's gadget handler is vulnerable to RCE5/19/2026
CRITICAL9.1GlassFish's Administration Console is Vulnerable to RCE5/19/2026
CRITICAL9.8Camel-CXF and Camel-Knative Message Header are Vulnerable to Injection via Missing Inbound Filtering5/19/2026
CRITICAL9.8EPSS 0.08%vm2 Has a Sandbox Breakout Using Async Generator5/14/2026

Page 1 of 79Next →