VulnScope — package-centric CVE lookup

HIGH8.8CVE-2026-42271⚠ KEVEPSS 4.1%LiteLLM: Authenticated command execution via MCP stdio test endpoints4/25/2026

CRITICAL9.8⚠ KEVEPSS 56.9%LiteLLM has SQL Injection in Proxy API key verification4/24/2026

CRITICAL9.8⚠ KEVEPSS 80.7%Marimo: Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass4/8/2026

—⚠ KEVEPSS 23.9%Telnyx has malicious code in PyPI versions 4.87.1 and 4.87.23/30/2026

CRITICAL9.8⚠ KEVEPSS 24.0%Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint3/17/2026

HIGH8.8⚠ KEVEPSS 32.7%Langflow CORS misconfiguration enables Account Takeover and RCE12/6/2025

CRITICAL9.8⚠ KEVEPSS 92.7%Langflow Unauth RCE6/17/2025

HIGH8.8⚠ KEVEPSS 93.3%thunderbird - security update9/12/2023

HIGH8.9⚠ KEVEPSS 84.0%Apache superset missing check for default SECRET_KEY4/24/2023

HIGH8.8⚠ KEVEPSS 93.5%Apache Spark UI can allow impersonation if ACLs enabled7/19/2022

CRITICAL9.8⚠ KEVEPSS 94.4%salt - security update5/24/2022

CRITICAL9.8⚠ KEVEPSS 94.2%salt - security update5/24/2022

MEDIUM6.5⚠ KEVEPSS 93.7%SaltStack Salt is vulnerable Arbitrary Directory Access5/24/2022

CRITICAL9.8⚠ KEVEPSS 94.1%Authentication bypass in Apache Airflow4/30/2021

HIGH8.8⚠ KEVEPSS 94.3%Remote code execution (RCE) in Apache Airflow7/27/2020