VulnScope — package-centric CVE lookup

Search

739 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

LOW3.7CVE-2026-45232EPSS 0.04%Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in s…5/20/2026
LOW3.1Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs5/19/2026
LOW3.5EPSS 0.01%Open WebUI: Read-Only Users Can Toggle Note Pin Status via Incorrect Permission Check (Write via Read-Only Access)5/14/2026
LOW3.1dbt MCP Server Transmits All MCP Tool Arguments Including Raw SQL and --vars Credentials to dbt Labs Telemetry by Default Without Redaction5/14/2026
LOW2.5dbt MCP Server Logs Tool Arguments Including SQL Queries and Credentials in Plaintext Without Redaction When File Logging Is Enabled5/14/2026
LOW2.7EPSS 0.09%Synapse pagination Denial of Service5/14/2026
LOW3.7EPSS 0.10%Apache Tomcat: AJP secret compared in non-constant time5/12/2026
LOW3.7EPSS 0.01%Next.js's Middleware / Proxy redirects can be cache-poisoned5/11/2026
LOW3.7EPSS 0.01%Next.js vulnerable to cache poisoning via collisions in React Server Component cache-busting5/11/2026
LOW3.8EPSS 0.02%Hono has improper validation of NumericDate claims (exp, nbf, iat) in JWT verify()5/9/2026
LOW3.3EPSS 0.01%OSGeo gdal GDapi.c GDfieldinfo out-of-bounds5/7/2026
LOW3.7EPSS 0.04%nuxt-og-image SSRF — bypass of GHSA-pqhr-mp3f-hrpp / v6.2.5 fix (IPv6 + redirect)5/7/2026
LOW3.5EPSS 0.04%Magic Wormhole: receive, with --output pointing at an existing directory can be path-traversed5/6/2026
LOW3.7EPSS 0.05%Micronaut has Unbounded `bundleCache` in `ResourceBundleMessageSource` that Allows Memory Exhaustion via `Accept-Language` Header5/6/2026
LOW3.7EPSS 0.02%Flowise: Bcrypt Password Hash Exposure5/6/2026
LOW3.4EPSS 0.00%Paramiko rsakey.py allows the SHA-1 algorithm5/6/2026
LOW3.0EPSS 0.01%ciguard: Container image runs as root (no USER directive)5/5/2026
LOW3.7EPSS 0.02%ciguard: SCA HTTP client reads response body without size cap5/5/2026
LOW2.4EPSS 0.03%Geyser Vulnerable to Server-Side Request Forgery (SSRF) via Player Head Texture URL in Geyser5/5/2026
LOW3.7EPSS 0.05%Microdot has HTTP response splitting in Response.set_cookie()5/5/2026
LOW2.6EPSS 0.04%Langchain-Chatchat Uses Insufficiently Random Values5/5/2026
LOW2.6EPSS 0.03%Langchain-Chatchat has a Race Condition in its OpenAI-Compatible File Upload API5/5/2026
LOW2.6EPSS 0.01%Langchain-Chatchat Uses a Broken or Risky Cryptographic Algorithm5/5/2026
LOW3.7EPSS 0.06%Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams5/5/2026
LOW3.7EPSS 0.02%A flaw was found in gnutls.4/30/2026

← PrevPage 2 of 30Next →