VulnScope — package-centric CVE lookup

Search

66 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

HIGH8.8CVE-2026-42271⚠ KEVEPSS 4.1%LiteLLM: Authenticated command execution via MCP stdio test endpoints4/25/2026
CRITICAL9.8⚠ KEVEPSS 56.9%LiteLLM has SQL Injection in Proxy API key verification4/24/2026
CRITICAL9.8⚠ KEVEPSS 80.7%Marimo: Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass4/8/2026
HIGH8.8⚠ KEVEPSS 83.5%Authenticated Apache ActiveMQ Broker and Apache ActiveMQ users could perform RCE via Jolokia MBeans4/7/2026
—⚠ KEVEPSS 23.9%Telnyx has malicious code in PyPI versions 4.87.1 and 4.87.23/30/2026
CRITICAL9.8⚠ KEVEPSS 24.0%Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint3/17/2026
HIGH8.8⚠ KEVEPSS 32.7%Langflow CORS misconfiguration enables Account Takeover and RCE12/6/2025
HIGH8.2⚠ KEVEPSS 81.4%GeoServer is vulnerable to Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature11/25/2025
CRITICAL9.8⚠ KEVEPSS 92.7%Langflow Unauth RCE6/17/2025
CRITICAL9.8⚠ KEVEPSS 94.1%tomcat10 - security update3/10/2025
CRITICAL9.8⚠ KEVEPSS 93.7%XWiki Platform allows remote code execution as guest via SolrSearchMacros request2/20/2025
CRITICAL9.8⚠ KEVEPSS 94.4%Remote Code Execution (RCE) vulnerability in geoserver7/1/2024
CRITICAL9.8⚠ KEVEPSS 94.3%Apache HugeGraph-Server: Command execution in gremlin4/22/2024
CRITICAL9.8⚠ KEVEPSS 94.5%Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE1/24/2024
CRITICAL10.0⚠ KEVEPSS 94.4%Apache ActiveMQ is vulnerable to Remote Code Execution10/27/2023
MEDIUM5.3⚠ KEVEPSS 94.4%nghttp2 - security update10/10/2023
CRITICAL9.8⚠ KEVEPSS 94.0%Improper Control of Generation of Code ('Code Injection') in jai-ext9/19/2023
HIGH8.8⚠ KEVEPSS 93.3%thunderbird - security update9/12/2023
CRITICAL9.8⚠ KEVEPSS 94.4%Apache RocketMQ may have remote code execution vulnerability when using update configuration function7/6/2023
HIGH8.6⚠ KEVEPSS 94.4%Administration Console authentication bypass in openfire xmppserver5/23/2023
HIGH8.9⚠ KEVEPSS 84.0%Apache superset missing check for default SECRET_KEY4/24/2023
HIGH7.5⚠ KEVEPSS 93.9%ZK Framework vulnerable to malicious POST8/27/2022
HIGH8.8⚠ KEVEPSS 93.5%Apache Spark UI can allow impersonation if ACLs enabled7/19/2022
CRITICAL9.8⚠ KEVEPSS 94.4%salt - security update5/24/2022
CRITICAL9.8⚠ KEVEPSS 94.2%salt - security update5/24/2022

Page 1 of 3Next →