VulnScope — package-centric CVE lookup

Search

23,558 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

MEDIUM4.3CVE-2026-53845OpenClaw: Skill-command dispatch could skip before-tool-call hooks6/18/2026
MEDIUM6.1OpenClaw: Exported session HTML could keep unsafe markdown links6/18/2026
MEDIUM5.3OpenClaw: Slack reaction events could ignore reaction notification settings6/18/2026
MEDIUM4.2OpenClaw: Bootstrap token replay could widen pending pairing scopes6/18/2026
MEDIUM6.5OpenClaw: Hostname checks could treat trailing-dot hosts inconsistently6/18/2026
MEDIUM4.3OpenClaw: Exec allowlist could miss side effects from transparent command wrappers6/18/2026
MEDIUM6.5NL Portal Backend Libraries: Document contents remained downloadable by any logged-in user (incomplete fix of CVE-2026-49463)6/18/2026
MEDIUM6.6OpenClaw: macOS Swift exec allowlist missed combined POSIX inline flags6/18/2026
MEDIUM5.4Strimzi: Unrestricted access to all Secrets within namespace watched by the Topic operator6/18/2026
MEDIUM5.3joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards.6/17/2026
MEDIUM5.9undici vulnerable to HTTP header injection via Set-Cookie percent-decoding6/17/2026
MEDIUM5.9undici vulnerable to cross-user information disclosure via shared cache whitespace bypass6/17/2026
LOW3.7undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse6/17/2026
LOW3.7undici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring matching6/17/2026
MEDIUM5.8Shaarli is a personal bookmarking service.6/17/2026
MEDIUM5.9libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSH_MSG_EXT_INFO hand…6/17/2026
MEDIUM4.8Shaarli is a personal bookmarking service.6/17/2026
MEDIUM5.8Shaarli is a personal bookmarking service.6/17/2026
MEDIUM6.0OpenStack Horizon RC file generation does not escape special characters in project names6/17/2026
MEDIUM6.5Apache DolphinScheduler: An incorrect authorization vulnerability allows authenticated users to access alert instances associated with alert groups they do not have permission to access.6/17/2026
MEDIUM6.5Apache DolphinScheduler: Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access.6/17/2026
MEDIUM4.9Apache DolphinScheduler: Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects6/17/2026
MEDIUM5.3webpack-dev-server vulnerable to HMR WebSocket interception via permissive user proxies6/17/2026
MEDIUM5.3Multer vulnerable to Denial of Service via incomplete cleanup of aborted uploads6/17/2026
MEDIUM5.4A flaw was found in 389 Directory Server in the __aclp__normalize_acltxt() function of aclparse.c.6/17/2026

← PrevPage 2 of 943Next →