VulnScope — package-centric CVE lookup

Search

10,750 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

MEDIUM6.1CVE-2026-55847Allure Report: Stored XSS via unescaped ANSI helper in status message/trace rendering6/19/2026
MEDIUM6.2CVE-2026-55846Allure Report: Path Traversal in HTTP Server Allows Arbitrary File Read6/19/2026
HIGH8.8CedarJava has policy injection vulnerability6/19/2026
HIGH8.8CedarJava has type confusion vulnerability6/19/2026
MEDIUM5.3NL Portal Backend Libraries: Unauthenticated form resolver forwards the privileged Objecten-API token to a caller-supplied URL (SSRF)6/19/2026
—Armeria: External Control of File Name or Path in xDS SDS DataSource6/18/2026
MEDIUM6.5NL Portal Backend Libraries: Document contents remained downloadable by any logged-in user (incomplete fix of CVE-2026-49463)6/18/2026
MEDIUM5.4Strimzi: Unrestricted access to all Secrets within namespace watched by the Topic operator6/18/2026
HIGH8.0Strimzi: Cross-namespace privilege escalation via `Kafka.spec.entityOperator`6/18/2026
—Apache Shiro: LDAP DN Injection in DefaultLdapRealm6/18/2026
—HAPI FHIR: XXE in XsltUtilities.saxonTransform via unhardened Saxon TransformerFactory6/17/2026
HIGH7.5HAPI FHIR: Incomplete fix for CVE-2026-45367: DSTU2 FHIRPathEngine.matches() missing RegexTimeout protection allows ReDoS6/17/2026
HIGH7.5handlebars.java FileTemplateLoader Path Traversal6/17/2026
HIGH7.6LangChain4j: SQL injection via metadata filters in langchain4j-mariadb and langchain4j-pgvector6/17/2026
MEDIUM6.5Apache DolphinScheduler: An incorrect authorization vulnerability allows authenticated users to access alert instances associated with alert groups they do not have permission to access.6/17/2026
MEDIUM6.5Apache DolphinScheduler: Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access.6/17/2026
MEDIUM4.9Apache DolphinScheduler: Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects6/17/2026
CRITICAL9.1Apache DolphinScheduler: The `/v2` experimental interface lacks permission checks6/17/2026
CRITICAL9.8Apache DolphinScheduler: DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure6/17/2026
HIGH8.6Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open() of the -file argument i…6/14/2026
MEDIUM6.9Netty susceptible to HTTP/2 Reset Attack with different on-the-wire signature6/12/2026
HIGH7.5Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion6/12/2026
HIGH7.5Netty: Wrapping plain trust manager silently disables hostname verification6/12/2026
HIGH7.5Netty: Unbounded pre-allocation in RedisArrayAggregator from RESP array length6/12/2026
MEDIUM4.8Netty: QUIC stateless reset token material exposed through header-visible connection IDs6/12/2026

Page 1 of 430Next →