VulnScope — package-centric CVE lookup

Search

23,538 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

MEDIUM5.3CVE-2026-48937A flaw in Node.js HTTP/2 server API can cause servers to keep accepting data even after sending a `GOAWAY` frame.6/18/2026
LOW1.8A flaw in Node.js Permission Model enforcement allows Bypass via `process.report.writeReport()` Path Misvalidation.6/18/2026
MEDIUM5.8Signal K Server: Server-Side Request Forgery via Remote Connection Endpoints6/18/2026
MEDIUM5.4OpenClaw: Empty-scope device re-pairing could confuse caller scope containment6/18/2026
MEDIUM4.2OpenClaw: BlueBubbles sender policy could match mutable conversation identifiers6/18/2026
MEDIUM6.5OpenClaw: memory-wiki shared search could miss session visibility checks6/18/2026
MEDIUM5.5OpenClaw: Config recovery could restore openclaw.json with broad file permissions6/18/2026
MEDIUM4.3OpenClaw: Skill-command dispatch could skip before-tool-call hooks6/18/2026
MEDIUM6.1OpenClaw: Exported session HTML could keep unsafe markdown links6/18/2026
MEDIUM5.3OpenClaw: Slack reaction events could ignore reaction notification settings6/18/2026
MEDIUM4.2OpenClaw: Bootstrap token replay could widen pending pairing scopes6/18/2026
MEDIUM6.5OpenClaw: Hostname checks could treat trailing-dot hosts inconsistently6/18/2026
MEDIUM4.3OpenClaw: Exec allowlist could miss side effects from transparent command wrappers6/18/2026
MEDIUM6.5NL Portal Backend Libraries: Document contents remained downloadable by any logged-in user (incomplete fix of CVE-2026-49463)6/18/2026
MEDIUM6.6OpenClaw: macOS Swift exec allowlist missed combined POSIX inline flags6/18/2026
MEDIUM5.4Strimzi: Unrestricted access to all Secrets within namespace watched by the Topic operator6/18/2026
MEDIUM5.3joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards.6/17/2026
MEDIUM5.9Impact: undici's cookie parser in parseSetCookie percent-decodes cookie values via qsUnescape, turning encoded sequences like %0D%0A, %00,…6/17/2026
MEDIUM5.9undici vulnerable to cross-user information disclosure via shared cache whitespace bypass6/17/2026
LOW3.7Impact: Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets.6/17/2026
LOW3.7Impact: When undici parses a Set-Cookie header, it accepts any SameSite attribute value that contains Strict, Lax, or None as a substring,…6/17/2026
MEDIUM5.8Shaarli is a personal bookmarking service.6/17/2026
MEDIUM5.9libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSH_MSG_EXT_INFO hand…6/17/2026
MEDIUM4.8Shaarli is a personal bookmarking service.6/17/2026
MEDIUM5.8Shaarli is a personal bookmarking service.6/17/2026

Page 1 of 942Next →