VulnScope — package-centric CVE lookup

Search

131 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

CRITICAL9.8CVE-2026-9082⚠ KEVEPSS 7.7%Drupal core - Highly critical - SQL injection - SA-CORE-2026-0045/20/2026
CRITICAL9.6⚠ KEVEPSS 17.1%Malware in @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys5/12/2026
CRITICAL9.8⚠ KEVEPSS 56.9%LiteLLM has SQL Injection in Proxy API key verification4/24/2026
CRITICAL9.8⚠ KEVEPSS 80.7%Marimo: Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass4/8/2026
CRITICAL9.8⚠ KEVEPSS 24.0%Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint3/17/2026
CRITICAL9.8⚠ KEVEPSS 91.5%inetutils - security update1/21/2026
CRITICAL9.9⚠ KEVEPSS 65.8%n8n Vulnerable to Remote Code Execution via Expression Injection12/22/2025
MEDIUM6.1⚠ KEVEPSS 6.9%RoundCube Webmail Cross-site Scripting Vulnerability12/18/2025
CRITICAL10.0⚠ KEVEPSS 84.5%React Server Components are Vulnerable to RCE12/3/2025
CRITICAL9.8⚠ KEVEPSS 27.9%@react-native-community/cli has arbitrary OS command injection11/3/2025
CRITICAL9.8⚠ KEVEPSS 1.5%Google Chromium V8 Type Confusion Vulnerability9/24/2025
CRITICAL9.1⚠ KEVEPSS 72.2%Magento Community Edition Improper Input Validation vulnerability9/9/2025
CRITICAL9.8⚠ KEVEPSS 94.4%Argument Injection in PHP-CGI8/11/2025
CRITICAL9.8⚠ KEVEPSS 58.9%Livewire is vulnerable to remote command execution during component property update hydration7/17/2025
CRITICAL9.8⚠ KEVEPSS 92.7%Langflow Unauth RCE6/17/2025
CRITICAL9.9⚠ KEVEPSS 90.5%roundcube - security update6/2/2025
MEDIUM5.3⚠ KEVEPSS 33.1%Craft CMS stores arbitrary content provided by unauthenticated users in session files5/8/2025
CRITICAL10.0⚠ KEVEPSS 93.1%Craft CMS Allows Remote Code Execution4/25/2025
CRITICAL9.9⚠ KEVEPSS 93.5%Remote code execution in Wazuh server in github.com/wazuh/wazuh4/22/2025
CRITICAL10.0⚠ KEVEPSS 62.8%Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability4/16/2025
CRITICAL9.0⚠ KEVEPSS 78.9%yiisoft/yii2 Mishandles the Attaching of Behavior Defined by a `__class` Array Key4/10/2025
MEDIUM5.3⚠ KEVEPSS 94.5%[20230201] - Core - Improper access check in webservice endpoints4/3/2025
MEDIUM5.3⚠ KEVEPSS 83.2%Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query3/31/2025
CRITICAL10.0⚠ KEVEPSS 0.21%Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability3/11/2025
CRITICAL9.8⚠ KEVEPSS 94.1%Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT3/10/2025

Page 1 of 6Next →