VulnScope — package-centric CVE lookup
LOW3.7 CVE-2026-39321 EPSS 0.03% Parse Server has a login timing side-channel reveals user existence 4/8/2026 LOW3.7 EPSS 0.04% OpenClaw: Shared-secret comparison call sites leaked length information through timing 4/7/2026 LOW2.8 EPSS 0.01% Electron: Crash in clipboard.readImage() on malformed clipboard image data 4/7/2026 LOW2.3 EPSS 0.02% Electron: Use-after-free in offscreen shared texture release() callback 4/3/2026 LOW3.7 EPSS 0.08% OpenClaw: Fake DeviceToken Bypasses Shared Auth Rate Limiting 4/3/2026 LOW3.9 EPSS 0.01% Electron: Unquoted executable path in app.setLoginItemSettings on Windows 4/3/2026 LOW3.3 EPSS 0.01% Electron: USB device selection not validated against filtered device list 4/3/2026 LOW3.3 EPSS 0.01% An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the promises API without the required permissi… 3/30/2026 LOW3.3 EPSS 0.01% A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()` without the required read permission checks, wh… 3/30/2026 LOW3.7 EPSS 0.03% OpenClaw may have stale policy enforcement for queued node actions 3/26/2026 LOW3.7 EPSS 0.03% NGINX ngx_mail_proxy_module vulnerability 3/24/2026 LOW3.7 EPSS 0.02% h3: Missing Path Segment Boundary Check in `mount()` Causes Middleware Execution on Unrelated Prefix-Matching Routes 3/20/2026 LOW2.7 EPSS 0.03% StudioCMS REST getUsers Exposes Owner Account Records to Admin Tokens 3/16/2026 LOW2.5 EPSS 0.02% OpenClaw: Unavailable local auth SecretRefs could fall through to remote credentials in local mode 3/13/2026 LOW3.1 EPSS 0.01% Keycloak vulnerable to authorization bypass via the Admin API 3/12/2026 LOW2.0 EPSS 0.01% @backstage/plugin-scaffolder-backend Vulnerable to Potential Session Token Exfiltration via Log Redaction Bypass 3/5/2026 LOW2.7 EPSS 0.01% Backstage vulnerable to potential reading of SCM URLs using built in token 3/5/2026 LOW3.7 EPSS 0.04% OpenClaw has cross-account DM pairing authorization bypass via unscoped pairing store access 3/4/2026 LOW3.4 EPSS 0.02% Dark Reader gives users the ability to request style sheets from local web servers 3/4/2026 LOW3.7 EPSS 0.04% OpenClaw: Discord DM reaction ingress missed dmPolicy/allowFrom checks in restricted setups 3/3/2026 LOW3.3 EPSS 0.02% @tootallnate/once vulnerable to Incorrect Control Flow Scoping 3/3/2026 LOW2.6 EPSS 0.04% OpenClaw Node system.run approval context-binding weakness in approval-enabled host=node flows 3/2/2026 LOW3.3 EPSS 0.02% OpenClaw's Control UI Static File Handler Follows Symlinks and Allows Out-of-Root File Read 3/2/2026 LOW3.7 EPSS 0.04% OpenClaw has Signal group allowlist authorization bypass via DM pairing-store leakage 3/2/2026 LOW2.2 EPSS 0.01% Vim is an open source, command line text editor. 2/27/2026