VulnScope — package-centric CVE lookup

Search

18,064 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

CRITICAL9.0CVE-2026-55203HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgi_conn structure's drl field that allo…6/18/2026
HIGH8.8An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in…6/18/2026
HIGH7.1OpenClaw: Workspace-derived service PATH could influence trash command selection6/18/2026
HIGH7.1OpenClaw: Workspace .env STATE_DIRECTORY could influence bundled runtime dependency roots6/18/2026
HIGH8.1OpenClaw: Discord allowFrom could bind to mutable display names6/18/2026
HIGH7.1OpenClaw: Workspace .env npm_execpath could influence bundled runtime dependency install6/18/2026
HIGH7.1OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns6/18/2026
HIGH8.1OpenClaw: Zalo allowFrom could bind to mutable display names6/18/2026
HIGH8.1OpenClaw: Shell positional parameters could weaken strict inline-eval checks6/18/2026
HIGH7.5Pipecat: Telephony WebSocket `/ws` Unauthenticated Call-Control Abuse via Attacker-Supplied Call SID6/18/2026
HIGH7.5undici WebSocket client vulnerable to denial of service via cumulative fragment bypass6/18/2026
HIGH7.5http-proxy-middleware: multipart/form-data field injection via unescaped CRLF in `fixRequestBody`6/18/2026
HIGH8.1piscina: Prototype Pollution Gadget → RCE via inherited options.filename6/18/2026
HIGH7.1OpenClaw: Workspace .env CLOUDSDK_PYTHON could influence Gmail setup gcloud execution6/18/2026
HIGH8.1OpenClaw: Shell inline-command parsing could miss an allowlist check6/18/2026
HIGH8.8OpenClaw: Pairing-scoped device session could restore revoked node token authority6/18/2026
HIGH8.1OpenClaw: Host environment sanitizer missed two Node.js control variables6/18/2026
HIGH7.5Impact: The undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a l…6/17/2026
HIGH7.4undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent6/17/2026
HIGH7.5Impact: When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's orig…6/17/2026
HIGH8.2Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header during stathost detection, allowing unauthent…6/17/2026
HIGH8.4pdfkit: Path traversal in from_string6/17/2026
HIGH7.5Multer vulnerable to Denial of Service via deeply nested field names6/17/2026
HIGH7.7Open WebUI: SSRF Protection Bypass in Playwright Web Loader via HTTP Redirects6/17/2026
HIGH7.7Open WebUI: Path traversal / SSRF in terminal server proxy via encoded path traversal6/17/2026

Page 1 of 723Next →