VulnScope — package-centric CVE lookup

Search

307 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

HIGH8.8CVE-2026-11645⚠ KEVGoogle Chromium V8 Out-of-Bounds Read and Write Vulnerability6/9/2026
CRITICAL9.8⚠ KEVEPSS 7.7%Drupal core - Highly critical - SQL injection - SA-CORE-2026-0045/20/2026
CRITICAL9.6⚠ KEVEPSS 17.1%Malware in @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys5/12/2026
HIGH8.8⚠ KEVEPSS 4.1%LiteLLM: Authenticated command execution via MCP stdio test endpoints4/25/2026
CRITICAL9.8⚠ KEVEPSS 56.9%LiteLLM has SQL Injection in Proxy API key verification4/24/2026
HIGH7.8⚠ KEVEPSS 2.2%Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability4/22/2026
CRITICAL9.8⚠ KEVEPSS 80.7%Marimo: Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass4/8/2026
HIGH8.8⚠ KEVEPSS 83.5%Authenticated Apache ActiveMQ Broker and Apache ActiveMQ users could perform RCE via Jolokia MBeans4/7/2026
HIGH8.8⚠ KEVEPSS 0.65%Google Dawn Use-After-Free Vulnerability4/1/2026
CRITICAL9.8⚠ KEVEPSS 24.0%Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint3/17/2026
HIGH8.8⚠ KEVEPSS 3.2%Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability3/13/2026
HIGH8.8⚠ KEVEPSS 0.45%chromium - security update3/13/2026
HIGH8.8⚠ KEVEPSS 23.1%Google Chromium CSS Use-After-Free Vulnerability2/13/2026
CRITICAL9.8⚠ KEVEPSS 91.5%inetutils - security update1/21/2026
CRITICAL9.9⚠ KEVEPSS 65.8%n8n Vulnerable to Remote Code Execution via Expression Injection12/22/2025
HIGH7.5⚠ KEVEPSS 62.8%Zlib compressed protocol header length confusion may allow memory read12/19/2025
MEDIUM6.1⚠ KEVEPSS 6.9%RoundCube Webmail Cross-site Scripting Vulnerability12/18/2025
HIGH8.8⚠ KEVEPSS 0.16%Apple Multiple Products Use-After-Free WebKit Vulnerability12/17/2025
HIGH8.8⚠ KEVEPSS 0.30%webkit2gtk - security update12/12/2025
HIGH8.8⚠ KEVEPSS 32.7%Langflow CORS misconfiguration enables Account Takeover and RCE12/6/2025
CRITICAL10.0⚠ KEVEPSS 84.5%React Server Components are Vulnerable to RCE12/3/2025
HIGH8.2⚠ KEVEPSS 81.4%GeoServer is vulnerable to Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature11/25/2025
HIGH8.8⚠ KEVEPSS 2.8%chromium - security update11/17/2025
HIGH8.8⚠ KEVEPSS 0.05%Apple Multiple products Use-After-Free Vulnerability11/5/2025
CRITICAL9.8⚠ KEVEPSS 27.9%@react-native-community/cli has arbitrary OS command injection11/3/2025

Page 1 of 13Next →