Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-7vvp-j573-5584
  • Packagist/shopware/core
  • Packagist/shopware/platform
 Shopware: Unauthenticated data extraction possible through store-api.order endpoint 7 minutes ago
  • Fix available
  • Severity - 8.9 (High)
MAL-2026-1344
  • npm/bignum-ts
 Malicious code in bignum-ts (npm) 2 hours ago
  • No fix available
MAL-2026-1345
  • npm/npm-builders
 Malicious code in npm-builders (npm) 2 hours ago
  • No fix available
MAL-2026-1346
  • npm/ts-lint-builder
 Malicious code in ts-lint-builder (npm) 2 hours ago
  • No fix available
BIT-parse-2026-30863
  • Bitnami/parse
 Parse Server: JWT audience validation bypass in Google, Apple, and Facebook authentication adapters 3 hours ago
  • Fix available
  • Severity - 9.3 (Critical)
BIT-parse-2026-30854
  • Bitnami/parse
 Parse Server: GraphQL `__type` introspection bypass via inline fragments when public introspection is disabled 3 hours ago
  • Fix available
  • Severity - 6.9 (Medium)
BIT-parse-2026-30850
  • Bitnami/parse
 Parse Server: File metadata endpoint bypasses `beforeFind` / `afterFind` trigger authorization 3 hours ago
  • Fix available
  • Severity - 6.3 (Medium)
BIT-parse-2026-30848
  • Bitnami/parse
 Parse Server: `PagesRouter` path traversal allows reading files outside configured pages directory 3 hours ago
  • Fix available
  • Severity - 6.3 (Medium)
BIT-parse-2026-30835
  • Bitnami/parse
 Parse Server: Malformed `$regex` query leaks database error details in API response 3 hours ago
  • Fix available
  • Severity - 6.9 (Medium)
BIT-parse-2026-30229
  • Bitnami/parse
 Parse Server: Endpoint `/loginAs` allows `readOnlyMasterKey` to gain full read and write access as any user 3 hours ago
  • Fix available
  • Severity - 8.5 (High)
BIT-parse-2026-30228
  • Bitnami/parse
 Parse Server: File creation and deletion bypasses `readOnlyMasterKey` write restriction 3 hours ago
  • Fix available
  • Severity - 6.9 (Medium)
BIT-parse-2026-29182
  • Bitnami/parse
 Parse Server: Cloud Hooks and Cloud Jobs bypass `readOnlyMasterKey` write restriction 3 hours ago
  • Fix available
  • Severity - 8.6 (High)
CGA-gj44-x3jw-9jfw
  • Chainguard/argo-workflow-controller-4.0
  • Chainguard/argo-workflow-controller-fips-4.0
  • Chainguard/argo-workflow-executor-4.0
  • Chainguard/argo-workflow-executor-fips-4.0
  • Chainguard/argo-workflows-4.0
  • ... 4 more
 See record for full details 3 hours ago
  • Fix available
CGA-2v78-vg7v-865x
  • Chainguard/giflib
  • Chainguard/giflib-dev
  • Chainguard/giflib-doc
  • Chainguard/giflib-utils
  • Wolfi/giflib
  • ... 3 more
 See record for full details 3 hours ago
  • Fix available
GHSA-vv3h-7qwr-722v
  • Go/github.com/anyproto/anytype-cli
  • Go/github.com/anyproto/anytype-heart
 Anytype Heart's gRPC API client challenge verification can be bypassed on localhost 3 hours ago
  • Fix available
  • Severity - 3.6 (Low)
GHSA-g3hp-vvqf-8vw6
  • Packagist/craftcms/cms
 Craft CMS Vulnerable to Stored XSS via User Group Name in User Permissions Page 4 hours ago
  • Fix available
  • Severity - 1.8 (Low)
Load more...