VulnScope — package-centric CVE lookup

Search

525 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

LOW3.0CVE-2026-44218EPSS 0.01%ciguard: Container image runs as root (no USER directive)5/5/2026
LOW3.7EPSS 0.02%ciguard: SCA HTTP client reads response body without size cap5/5/2026
LOW2.4EPSS 0.03%Geyser Vulnerable to Server-Side Request Forgery (SSRF) via Player Head Texture URL in Geyser5/5/2026
LOW3.7EPSS 0.05%Microdot has HTTP response splitting in Response.set_cookie()5/5/2026
LOW2.6EPSS 0.04%Langchain-Chatchat Uses Insufficiently Random Values5/5/2026
LOW2.6EPSS 0.03%Langchain-Chatchat has a Race Condition in its OpenAI-Compatible File Upload API5/5/2026
LOW2.6EPSS 0.01%Langchain-Chatchat Uses a Broken or Risky Cryptographic Algorithm5/5/2026
LOW3.7EPSS 0.07%xxl-job has a Resource Injection issue4/29/2026
LOW3.7EPSS 0.06%Spring gRPC AuthenticationException messages are reflected to remote client4/28/2026
LOW3.7EPSS 0.07%Spring Security Vulnerable to User Attribute Enumeration when Using DaoAuthenticationProvider4/22/2026
LOW2.7EPSS 0.01%Langflow has an Information Leak through Incomplete API Key Redaction4/20/2026
LOW3.7EPSS 0.11%Apache Airflow: 3.x - Nested Variable Secret Values Bypass Redaction via max_depth=14/18/2026
LOW3.1EPSS 0.03%langchain-openai: Image token counting SSRF protection can be bypassed via DNS rebinding4/16/2026
LOW3.1EPSS 0.01%Weblate: Improper access control for pending tasks in API4/16/2026
LOW3.5EPSS 0.03%OpenStack Keystone: Restricted application credentials can create EC2 credentials4/10/2026
LOW2.7EPSS 0.01%Privilege abuse in ModelAdmin.list_editable4/7/2026
LOW3.7EPSS 0.01%Keycloak vulnerable to information disclosure via CORS header injection due to unvalidated JWT azp claim4/6/2026
LOW2.7EPSS 0.01%Nautobot: Management of users via REST API does not apply configured password validators3/31/2026
LOW3.1EPSS 0.01%Open WebUI's Insecure Direct Object Reference (IDOR) allows access to other users' memories3/27/2026
LOW3.1EPSS 0.01%Keycloak Server-Side Request Forgery via OIDC token endpoint manipulation3/26/2026
LOW3.7EPSS 0.02%Keycloak's identity-first login flow exposes user information3/23/2026
LOW3.3EPSS 0.01%Pygments has Regular Expression Denial of Service (ReDoS) due to Inefficient Regex for GUID Matching3/22/2026
LOW2.6EPSS 0.09%Spring MVC and WebFlux has Server Sent Event stream corruption3/20/2026
LOW3.6EPSS 0.02%Stored XSS in Memray-generated HTML reports via unescaped command-line metadata3/16/2026
LOW3.7EPSS 0.01%Copyparty has unexpected JavaScript execution via crafted URL to folder with `.prologue.html`3/12/2026

← PrevPage 2 of 21Next →