VulnScope — package-centric CVE lookup

Search

26,318 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

CRITICAL9.0HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgi_conn structure's drl field that allo…6/18/2026
LOW1.8A flaw in Node.js Permission Model enforcement allows Bypass via `process.report.writeReport()` Path Misvalidation.6/18/2026
HIGH8.8An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in…6/18/2026
CRITICAL9.8gemini-mcp-tool vulnerable to OS command injection and @file exfiltration via prompt quoting (CVE-2026-0755)6/18/2026
HIGH7.1OpenClaw: Workspace-derived service PATH could influence trash command selection6/18/2026
HIGH7.1OpenClaw: Workspace .env STATE_DIRECTORY could influence bundled runtime dependency roots6/18/2026
HIGH8.1OpenClaw: Discord allowFrom could bind to mutable display names6/18/2026
HIGH7.1OpenClaw: Workspace .env npm_execpath could influence bundled runtime dependency install6/18/2026
HIGH7.1OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns6/18/2026
HIGH8.1OpenClaw: Zalo allowFrom could bind to mutable display names6/18/2026
HIGH8.1OpenClaw: Shell positional parameters could weaken strict inline-eval checks6/18/2026
HIGH7.5Pipecat: Telephony WebSocket `/ws` Unauthenticated Call-Control Abuse via Attacker-Supplied Call SID6/18/2026
LOW2.2BBOT: Symlink-Following Arbitrary Write via github_workflows Module6/18/2026
LOW3.1BBOT: Server-Side Request Forgery (SSRF) in docker_pull module via WWW-Authenticate realm parsing6/18/2026
HIGH7.5undici WebSocket client vulnerable to denial of service via cumulative fragment bypass6/18/2026
CRITICAL9.8python-statemachine SCXML <data expr> Eval Injection6/18/2026
HIGH7.5http-proxy-middleware: multipart/form-data field injection via unescaped CRLF in `fixRequestBody`6/18/2026
HIGH8.1piscina: Prototype Pollution Gadget → RCE via inherited options.filename6/18/2026
HIGH8.0Strimzi: Cross-namespace privilege escalation via `Kafka.spec.entityOperator`6/18/2026
HIGH7.1OpenClaw: Workspace .env CLOUDSDK_PYTHON could influence Gmail setup gcloud execution6/18/2026
HIGH8.1OpenClaw: Shell inline-command parsing could miss an allowlist check6/18/2026
HIGH8.8OpenClaw: Pairing-scoped device session could restore revoked node token authority6/18/2026
HIGH8.1OpenClaw: Host environment sanitizer missed two Node.js control variables6/18/2026
HIGH7.5Impact: The undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a l…6/17/2026
HIGH7.4undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent6/17/2026

Page 1 of 1053Next →