VulnScope — package-centric CVE lookup

Search

126 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

LOW3.7CVE-2025-15284EPSS 0.04%qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion12/30/2025
LOW3.3EPSS 0.02%Mattermost Desktop App exposes sensitive information in its application logs12/17/2025
LOW3.7EPSS 0.04%Improper Validation of Query Parameters in Auth0 Next.js SDK12/10/2025
LOW3.5EPSS 0.02%Astro Development Server has Arbitrary Local File Read11/19/2025
LOW2.7EPSS 0.03%Astro development server error page is vulnerable to reflected Cross-site Scripting11/13/2025
LOW3.7EPSS 0.05%EverShop is vulnerable to Unauthorized Order Information Access (IDOR)11/9/2025
LOW3.7EPSS 0.08%Vercel’s AI SDK's filetype whitelists can be bypassed when uploading files11/7/2025
LOW3.0EPSS 0.03%Lobe Chat vulnerable to Server-Side Request Forgery with native web fetch module10/17/2025
LOW3.1EPSS 0.02%Nuxt has Client-Side Path Traversal in Nuxt Island Payload Revival9/17/2025
LOW3.5EPSS 0.02%ExpressGateway Cross-Site Scripting Vulnerability in lib/rest/routes/apps.js8/18/2025
LOW3.5EPSS 0.06%ExpressGateway Cross-Site Scripting Vulnerability in lib/rest/routes/users.js8/18/2025
LOW2.6EPSS 0.05%Template Secret leakage in logs in Scaffolder when using `fetch:template`8/15/2025
LOW2.5EPSS 0.47%node-tmp - security update8/6/2025
LOW3.5EPSS 0.26%Koa Open Redirect via Referrer Header (User-Controlled)7/29/2025
LOW3.4EPSS 0.04%on-headers is vulnerable to http response header manipulation7/17/2025
LOW3.7EPSS 0.43%Next.js has a Cache poisoning vulnerability due to omission of the Vary header7/3/2025
LOW3.7EPSS 0.33%string-math's string-math.js vulnerability can cause Regex Denial of Service (ReDoS)6/30/2025
LOW3.1EPSS 0.09%brace-expansion Regular Expression Denial of Service vulnerability6/9/2025
LOW3.7EPSS 0.73%Meteor Affected By Inefficient Regular Expression Complexity5/16/2025
LOW3.1EPSS 0.05%undici Denial of Service attack via bad certificate data5/15/2025
LOW3.7EPSS 0.75%Next.js Race Condition to Cache Poisoning5/15/2025
LOW3.1EPSS 0.06%Keystone has an unintended `isFilterable` bypass that can be used as an oracle to match hidden fields5/5/2025
LOW3.3EPSS 0.01%NodeJS Driver for Snowflake has race condition when checking access to Easy Logging configuration file4/28/2025
LOW3.1EPSS 0.06%Formidable relies on hexoid to prevent guessing of filenames for untrusted executable content4/26/2025
LOW3.5EPSS 0.40%Suspended Directus user can continue to use session token to access API3/26/2025

← PrevPage 3 of 6Next →