Search

26 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

CRITICAL9.6CVE-2026-45321⚠ KEVEPSS 17.1%Malware in @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys5/12/2026
CRITICAL9.8CVE-2026-42208⚠ KEVEPSS 56.9%LiteLLM has SQL Injection in Proxy API key verification4/24/2026
CRITICAL9.8CVE-2026-39987⚠ KEVEPSS 82.2%Marimo: Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass4/8/2026
—CVE-2026-33634⚠ KEVEPSS 29.4%Trivy ecosystem supply chain was briefly compromised3/30/2026
CRITICAL9.8CVE-2026-33017⚠ KEVEPSS 24.0%Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint3/17/2026
CRITICAL9.9CVE-2025-68613⚠ KEVEPSS 65.8%n8n Vulnerable to Remote Code Execution via Expression Injection12/22/2025
HIGH8.8CVE-2025-34291⚠ KEVEPSS 32.7%Langflow CORS misconfiguration enables Account Takeover and RCE12/6/2025
CRITICAL10.0CVE-2025-55182⚠ KEVEPSS 82.0%React Server Components are Vulnerable to RCE12/3/2025
CRITICAL9.8CVE-2025-11953⚠ KEVEPSS 20.1%@react-native-community/cli has arbitrary OS command injection11/3/2025
HIGH7.5CVE-2025-54313⚠ KEVEPSS 14.7%eslint-config-prettier, eslint-plugin-prettier, synckit, @pkgr/core, napi-postinstall have embedded malicious code7/19/2025
CRITICAL9.8CVE-2025-3248⚠ KEVEPSS 92.7%Langflow Unauth RCE6/17/2025
MEDIUM5.3CVE-2025-31125⚠ KEVEPSS 83.2%Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query3/31/2025
HIGH8.8CVE-2023-5217⚠ KEVEPSS 5.0%Electron affected by libvpx's heap buffer overflow in vp8 encoding9/28/2023
HIGH8.8CVE-2023-4863⚠ KEVEPSS 93.3%libwebp: OOB write in BuildHuffmanTable9/12/2023
HIGH8.9CVE-2023-27524⚠ KEVEPSS 84.0%Apache superset missing check for default SECRET_KEY4/24/2023
CRITICAL9.6CVE-2022-4135⚠ KEVEPSS 0.08%Heap buffer overflow in GPU11/25/2022
HIGH8.8CVE-2022-33891⚠ KEVEPSS 93.5%Apache Spark UI can allow impersonation if ACLs enabled7/19/2022
CRITICAL9.8CVE-2020-16846⚠ KEVEPSS 94.4%salt - security update5/24/2022
CRITICAL9.8CVE-2020-11651⚠ KEVEPSS 94.2%salt - security update5/24/2022
MEDIUM6.5CVE-2020-11652⚠ KEVEPSS 93.7%SaltStack Salt is vulnerable Arbitrary Directory Access5/24/2022
CRITICAL9.8CVE-2020-13927⚠ KEVEPSS 94.1%Authentication bypass in Apache Airflow4/30/2021
HIGH7.8CVE-2021-21315⚠ KEVEPSS 94.0%Command Injection Vulnerability2/16/2021
MEDIUM6.5CVE-2019-5786⚠ KEVEPSS 89.9%Use-After-Free in puppeteer9/2/2020
HIGH8.8CVE-2020-11978⚠ KEVEPSS 94.3%Remote code execution (RCE) in Apache Airflow7/27/2020
MEDIUM6.9CVE-2020-11023⚠ KEVEPSS 34.7%Potential XSS vulnerability in jQuery4/29/2020

Page 1 of 2Next →