Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-2jm2-2p35-rp3j
  • Packagist/devcode-it/openstamanager
 OpenSTAManager has Authenticated SQL Injection in API via 'display' parameter 1 hour ago
  • Fix available
  • Severity - 8.8 (High)
GHSA-5hhx-v7f6-x7gv
  • npm/@anthropic-ai/claude-code
 Claude Code vulnerable to command execution prior to startup trust dialog 1 hour ago
  • Fix available
  • Severity - 7.7 (High)
GHSA-hcpf-qv9m-vfgp
  • Go/github.com/esm-dev/esm.sh
 esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript 1 hour ago
  • Fix available
  • Severity - 6.1 (Medium)
GHSA-h3mw-4f23-gwpw
  • Go/github.com/esm-dev/esm.sh
 esm.sh CDN service has arbitrary file write via tarslip 1 hour ago
  • Fix available
  • Severity - 8.2 (High)
CGA-xhjg-h35h-hvxw
  • Chainguard/splunk-otel-collector
  • Wolfi/splunk-otel-collector
  • Chainguard/splunk-otel-collector-compat
  • Wolfi/splunk-otel-collector-compat
  • Chainguard/splunk-otel-collector-doc
  • ... 1 more
 See record for full details 1 hour ago
  • Fix available
GO-2025-4134
  • Go/golang.org/x/crypto
 CVE-2025-58181 in golang.org/x/crypto/ssh 1 hour ago
  • No fix available
GO-2025-4135
  • Go/golang.org/x/crypto
 CVE-2025-47914 in golang.org/x/crypto/ssh/agent 1 hour ago
  • No fix available
GHSA-fvmw-cj7j-j39q
  • npm/astro
 Astro Cloudflare adapter has Stored Cross Site Scripting vulnerability in /_image endpoint 1 hour ago
  • Fix available
  • Severity - 5.4 (Medium)
GHSA-ggxq-hp9w-j794
  • npm/astro
 Astro's middleware authentication checks based on url.pathname can be bypassed via url encoded values 2 hours ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-wrwg-2hg8-v723
  • npm/astro
 Astro vulnerable to reflected XSS via the server islands feature 2 hours ago
  • Fix available
  • Severity - 7.1 (High)
GHSA-x3h8-62x9-952g
  • npm/astro
 Astro Development Server has Arbitrary Local File Read 2 hours ago
  • Fix available
  • Severity - 3.5 (Low)
MAL-2025-190580
  • npm/lululemon-b2b-utils
 Malicious code in lululemon-b2b-utils (npm) 2 hours ago
  • No fix available
MAL-2025-190579
  • npm/hellospa
 Malicious code in hellospa (npm) 2 hours ago
  • No fix available
GHSA-ch7q-53v8-73pc
  • Go/goauthentik.io
 authentik's invitation expiry is delayed by at least 5 minutes 3 hours ago
  • Fix available
  • Severity - 5.8 (Medium)
CVE-2025-64759
  • github.com/homarr-labs/homarr
 Homarr is Vulnerable to Stored Cross-Site Scripting (XSS) and Possible Privilege Escalation via Malicious SVG Upload 3 hours ago
  • Fix available
  • Severity - 8.1 (High)
GHSA-xr73-jq5p-ch8r
  • Go/goauthentik.io
 authentik allows a deactivated Service account to authenticate to OAuth 3 hours ago
  • Fix available
  • Severity - 4.8 (Medium)
Load more...