VulnScope — package-centric CVE lookup

Search

739 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

LOW3.7CVE-2026-5419EPSS 0.04%A flaw was found in gnutls.4/30/2026
LOW3.7EPSS 0.07%xxl-job has a Resource Injection issue4/29/2026
LOW3.7EPSS 0.06%Spring gRPC AuthenticationException messages are reflected to remote client4/28/2026
LOW2.2EPSS 0.05%Cloudflare has SSRF via redirect following through its image-binding-transform endpoint (incomplete fix for GHSA-qpr4)4/23/2026
LOW3.7EPSS 0.07%Spring Security Vulnerable to User Attribute Enumeration when Using DaoAuthenticationProvider4/22/2026
LOW2.7EPSS 0.01%Langflow has an Information Leak through Incomplete API Key Redaction4/20/2026
LOW3.7EPSS 0.11%Apache Airflow: 3.x - Nested Variable Secret Values Bypass Redaction via max_depth=14/18/2026
LOW3.1EPSS 0.03%langchain-openai: Image token counting SSRF protection can be bypassed via DNS rebinding4/16/2026
LOW3.7EPSS 0.03%ApostropheCMS: User Enumeration via Timing Side Channel in Password Reset Endpoint4/16/2026
LOW3.1EPSS 0.01%Weblate: Improper access control for pending tasks in API4/16/2026
LOW2.9EPSS 0.01%libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.4/16/2026
LOW3.5EPSS 0.04%DbGate has cross site scripting via the SVG Icon String Handler component4/13/2026
LOW3.5EPSS 0.03%OpenStack Keystone: Restricted application credentials can create EC2 credentials4/10/2026
LOW3.7EPSS 0.08%OpenClaw: Concurrent async auth attempts can bypass the intended shared-secret rate-limit budget on Tailscale-capable paths4/9/2026
LOW3.7EPSS 0.02%LiquidJS Has Memory Limit Bypass via Quadratic Amplification in `replace` Filter4/8/2026
LOW3.7EPSS 0.03%Parse Server has a login timing side-channel reveals user existence4/8/2026
LOW3.7EPSS 0.04%OpenClaw: Shared-secret comparison call sites leaked length information through timing4/7/2026
LOW2.8EPSS 0.01%Electron: Crash in clipboard.readImage() on malformed clipboard image data4/7/2026
LOW2.7EPSS 0.01%Privilege abuse in ModelAdmin.list_editable4/7/2026
LOW3.7EPSS 0.01%Keycloak vulnerable to information disclosure via CORS header injection due to unvalidated JWT azp claim4/6/2026
LOW2.3EPSS 0.02%Electron: Use-after-free in offscreen shared texture release() callback4/3/2026
LOW3.7EPSS 0.08%OpenClaw: Fake DeviceToken Bypasses Shared Auth Rate Limiting4/3/2026
LOW3.9EPSS 0.01%Electron: Unquoted executable path in app.setLoginItemSettings on Windows4/3/2026
LOW3.3EPSS 0.01%Electron: USB device selection not validated against filtered device list4/3/2026
LOW2.7EPSS 0.01%Nautobot: Management of users via REST API does not apply configured password validators3/31/2026

← PrevPage 3 of 30Next →