VulnScope — package-centric CVE lookup

Search

217 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

LOW3.6CVE-2026-31996EPSS 0.02%OpenClaw safeBins stdin-only bypass via sort output and recursive grep flags2/19/2026
LOW3.7EPSS 0.04%OpenClaw Affected by Remote Code Execution via System Prompt Injection in Slack Channel Descriptions2/17/2026
LOW3.7EPSS 0.05%qs's arrayLimit bypass in comma parsing allows denial of service2/12/2026
LOW2.9EPSS 0.01%ajv has ReDoS when using `$data` option2/11/2026
LOW3.7EPSS 0.01%webpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF behavior2/5/2026
LOW3.7EPSS 0.01%webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects → SSRF + cache persistence2/5/2026
LOW3.7EPSS 0.02%Fastify Vulnerable to DoS via Unbounded Memory Allocation in sendWebStream2/2/2026
LOW2.9EPSS 0.03%In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the previous vCPU to run.1/28/2026
LOW2.5EPSS 0.01%In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.1/23/2026
LOW3.5EPSS 0.04%Backstage has a Possible SSRF when reading from allowed URL's in `backend.reading.allow`1/21/2026
LOW3.7EPSS 0.07%Lobe Chat has IDOR in Knowledge Base File Removal that Allows Cross User File Deletion1/20/2026
LOW3.7EPSS 0.06%Outray cli is vulnerable to race conditions in tunnels creation1/13/2026
LOW3.5EPSS 0.08%QuestDB UI's Web Console is Vulnerable to Cross-Site Scripting1/10/2026
LOW3.1EPSS 0.10%When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authen…1/8/2026
LOW3.7EPSS 0.04%qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion12/30/2025
LOW3.3EPSS 0.02%Mattermost Desktop App exposes sensitive information in its application logs12/17/2025
LOW3.7EPSS 0.04%Improper Validation of Query Parameters in Auth0 Next.js SDK12/10/2025
LOW3.5EPSS 0.02%Astro Development Server has Arbitrary Local File Read11/19/2025
LOW2.7EPSS 0.03%Astro development server error page is vulnerable to reflected Cross-site Scripting11/13/2025
LOW3.1EPSS 0.06%PostgreSQL CREATE STATISTICS does not check for schema CREATE privilege11/13/2025
LOW3.7EPSS 0.05%EverShop is vulnerable to Unauthorized Order Information Access (IDOR)11/9/2025
LOW3.7EPSS 0.08%Vercel’s AI SDK's filetype whitelists can be bypassed when uploading files11/7/2025
LOW3.0EPSS 0.03%Lobe Chat vulnerable to Server-Side Request Forgery with native web fetch module10/17/2025
LOW3.6EPSS 0.06%ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.10/6/2025
LOW3.6EPSS 0.01%ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leadi…10/6/2025

← PrevPage 3 of 9Next →