Search

262 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

LOW3.7CVE-2026-32109EPSS 0.01%Copyparty has unexpected JavaScript execution via crafted URL to folder with `.prologue.html`3/12/2026
LOW3.7CVE-2026-25674EPSS 0.01%Potential incorrect permissions on newly created file system objects3/3/2026
LOW3.1CVE-2026-27838EPSS 0.04%wger: IDOR via user-unscoped cache keys on routine API actions exposes workout data2/26/2026
LOW3.7CVE-2026-26013EPSS 0.02%LangChain affected by SSRF via image_url token counting in ChatOpenAI.get_num_tokens_from_messages2/11/2026
LOW3.2CVE-2026-25211EPSS 0.01%Llama Stack exposes secret in initialization log1/30/2026
LOW3.7CVE-2026-23996EPSS 0.07%FastAPI Api Key has a timing side-channel in verify_key that allows statistical key validity detection1/21/2026
LOW2.5CVE-2026-22250EPSS 0.01%Weblate command-line client susceptible to SSL verification skip1/12/2026
LOW3.3CVE-2025-15506EPSS 0.01%AcademySoftwareFoundation OpenColorIO has an out-of-bounds vulnerability1/11/2026
LOW3.3CVE-2025-15504EPSS 0.01%LIEF is vulnerable to segmentation fault1/10/2026
LOW3.6CVE-2025-66040EPSS 0.02%Spotipy has a XSS vulnerability in its OAuth callback server12/1/2025
LOW3.3CVE-2025-65681EPSS 0.01%Overhang Tutor Discloses Sensitive Information due to Improper Cache-Control11/26/2025
LOW3.5CVE-2025-62780EPSS 0.08%changedetection.io: Stored XSS in Watch update via API11/12/2025
LOW3.3CVE-2025-63396EPSS 0.03%An issue was discovered in PyTorch v2.5 and v2.7.1.11/12/2025
LOW2.6CVE-2025-64326EPSS 0.03%Weblate leaks the IP of project member inviting user to be reviewer in Audit log11/5/2025
LOW3.1CVE-2025-62379EPSS 0.06%reflex-dev/reflex has an Open Redirect vulnerability10/15/2025
LOW2.5CVE-2025-61677EPSS 0.12%DataChain Vulnerable to Deserialization of Untrusted Data from Environment Variables10/2/2025
LOW3.1CVE-2025-59682EPSS 0.02%Django vulnerable to partial directory traversal via archives10/1/2025
LOW3.5CVE-2025-3777EPSS 0.06%Transformers's Improper Input Validation vulnerability can be exploited through username injection7/7/2025
LOW3.7CVE-2025-5320EPSS 0.11%Gradio CORS Origin Validation Bypass Vulnerability5/29/2025
LOW2.6CVE-2025-46570EPSS 0.18%Potential Timing Side-Channel Vulnerability in vLLM’s Chunk-Based Prefix Caching5/28/2025
LOW2.8CVE-2025-44021EPSS 0.06%OpenStack Ironic fails to restrict paths used for file:// image URLs5/8/2025
LOW2.9CVE-2025-46656EPSS 0.06%markdownify allows large headline prefixes such as <h9999999>, which causes memory consumption4/27/2025
LOW3.3CVE-2025-3730EPSS 0.02%PyTorch Improper Resource Shutdown or Release vulnerability4/16/2025
LOW2.2CVE-2025-32021EPSS 0.26%VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext4/15/2025
LOW3.3CVE-2025-3549EPSS 0.08%A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3.4/14/2025

← PrevPage 2 of 11Next →