VulnScope — package-centric CVE lookup

Search

6,026 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

HIGH7.6CVE-2026-54302n8n: Stored XSS in Chat Trigger Node6/16/2026
HIGH7.6n8n: Reflected XSS via Facebook, WhatsApp, and Microsoft Teams Trigger Webhook Verification Endpoints6/16/2026
HIGH8.5n8n: Microsoft SQL Node Prototype Pollution6/16/2026
HIGH7.6n8n: Same-Origin XSS in Respond to Webhook Node6/16/2026
HIGH7.2n8n: Missing Token Validation on Microsoft Agent 365 Trigger and Stripe Nodes6/16/2026
HIGH7.7n8n: NoSQL Injection in MongoDB Node Find And Replace Operation6/16/2026
HIGH7.7n8n: Git Node Clone and Push Operations Bypass File Sandbox6/16/2026
HIGH8.5n8n: Python sandbox escape6/16/2026
HIGH7.5Astro: Host header SSRF in prerendered error page fetch6/16/2026
HIGH7.1hono: CORS Middleware reflects any Origin with credentials when `origin` defaults to the wildcard6/16/2026
HIGH7.1Astro: Reflected XSS via unescaped slot name6/16/2026
HIGH7.3aws-cdk-lib: OS Command Injection in NodejsFunction Bundling6/15/2026
HIGH8.2protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names6/15/2026
LOW3.1React Router: Potential CSRF via PUT/PATCH/DELETE document requests6/15/2026
HIGH7.5protobufjs: Denial of service through unbounded Any expansion during JSON conversion6/15/2026
LOW3.2@babel/core: Arbitrary File Read via sourceMappingURL Comment6/15/2026
HIGH8.2tmp: Type-confusion bypass of _assertPath allows path traversal via non-string prefix/postfix/template6/15/2026
HIGH7.5ws: Memory exhaustion DoS from tiny fragments and data chunks6/15/2026
HIGH8.6Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open() of the -file argument i…6/14/2026
HIGH7.5Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion6/12/2026
HIGH7.5Netty: Wrapping plain trust manager silently disables hostname verification6/12/2026
HIGH7.5Netty: Unbounded pre-allocation in RedisArrayAggregator from RESP array length6/12/2026
HIGH7.5form-data: CRLF injection in form-data via unescaped multipart field names and filenames6/12/2026
HIGH8.1Budibase: Basic app users can exfiltrate stored REST datasource auth by rewriting datasource base URL6/12/2026
HIGH7.5Budibase: Webhook schema endpoint authorization bypass allows unauthenticated mutation of webhook and automation schema6/12/2026

← PrevPage 2 of 242Next →