Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-xgxp-f695-6vrp
  • Go/github.com/charmbracelet/soft-serve
 In Soft Serve, an authenticated repo import can clone server-local private repositories 6 minutes ago
  • Fix available
  • Severity - 7.1 (High)
GHSA-5f7v-4f6g-74rj
  • Packagist/wwbn/avideo
 AVideo has Unauthenticated SSRF via `webSiteRootURL` Parameter in saveDVR.json.php, Chaining to Verification Bypass 20 minutes ago
  • No fix available
  • Severity - 9.1 (Critical)
GHSA-jp2q-39xq-3w4g
  • npm/fast-xml-parser
 Entity Expansion Limits Bypassed When Set to Zero Due to JavaScript Falsy Evaluation in fast-xml-parser 20 minutes ago
  • Fix available
  • Severity - 5.9 (Medium)
GHSA-hh8v-hgvp-g3f5
  • Packagist/league/commonmark
 league/commonmark has an embed extension allowed_domains bypass 29 minutes ago
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-w5g8-5849-vj76
  • PyPI/nicegui
 NiceGUI's unvalidated chunk size parameter in media routes can cause memory exhaustion 45 minutes ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-cgcg-q9jh-5pr2
  • npm/@keystone-6/core
 @keystone-6/core: `isFilterable` bypass via `cursor` parameter in findMany (CVE-2025-46720 incomplete fix) 56 minutes ago
  • Fix available
  • Severity - 4.3 (Medium)
GHSA-h29g-q5c2-9h4f
  • npm/parse-server
 Parse Server email verification resend page leaks user existence 1 hour ago
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-2mhw-8qcg-gr96
  • PyPI/skia-python
 skia-python vendors vulnerable libfreetype because of pinned cibuildwheel version 1 hour ago
  • Fix available
  • Severity - 8.1 (High)
MGASA-2026-0058
  • Mageia:9/perl-YAML-Syck
 Updated perl-YAML-Syck packages fix security vulnerabilities 1 hour ago
  • Fix available
MGASA-2026-0059
  • Mageia:9/openssh
 Updated openssh packages fix security vulnerabilities 1 hour ago
  • Fix available
MGASA-2026-0060
  • Mageia:9/graphicsmagick
  • Mageia:9/imagemagick
 Updated graphicsmagick & imagemagick packages fix security vulnerabilities 1 hour ago
  • Fix available
RLSA-2026:5113
  • Rocky Linux:8/gimp
  • Rocky Linux:8/pygobject2
  • Rocky Linux:8/pygtk2
  • Rocky Linux:8/python2-pycairo
 Important: gimp:2.8 security update 1 hour ago
  • Fix available
  • Severity - 8.8 (High)
GHSA-5cx5-wh4m-82fh
  • Go/github.com/minio/minio
 MinIO has JWT Algorithm Confusion in OIDC Authentication 1 hour ago
  • Fix available
  • Severity - 9.2 (Critical)
GHSA-q485-cg9q-xq2r
  • PyPI/pyload-ng
 Improper Authentication and Origin Validation Error in pyload-ng 1 hour ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-f27w-vcwj-c954
  • RubyGems/bcrypt
 bcrypt-ruby has an Integer Overflow that Causes Zero Key-Strengthening Iterations at Cost=31 on JRuby 1 hour ago
  • Fix available
  • Severity - 4.5 (Medium)
GHSA-mr9r-mww3-v6gv
  • npm/@dicebear/core
  • npm/@dicebear/initials
 SVG Injection via Unsanitized Options in @dicebear/core and @dicebear/initials 1 hour ago
  • Fix available
  • Severity - 4.7 (Medium)
Load more...