Vulnerability Database
Blog
FAQ
Docs
arrow_forward
search
Vulnerabilities
search
All ecosystems
617863
AlmaLinux
4572
Alpaquita
8765
Alpine
4048
Android
2912
Azure Linux
12016
BellSoft Hardened Containers
421
Bitnami
6900
Chainguard
5548
CleanStart
757
CRAN
14
crates.io
2203
Debian
45463
Echo
3129
GHC
3
GIT
82182
GitHub Actions
49
Go
6518
Hackage
30
Hex
57
Julia
448
Linux
18486
Mageia
5865
Maven
6309
MinimOS
23887
npm
217086
NuGet
1649
opam
11
openEuler
6300
openSUSE
12417
OSS-Fuzz
3831
Packagist
6043
Pub
11
PyPI
18594
Red Hat
19146
Rocky Linux
2914
Root
11895
RubyGems
1928
SUSE
20263
SwiftURL
50
Ubuntu
51603
VSCode
18
Wolfi
3522
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-qh43-xrjm-4ggp
Packagist/kimai/kimai
Kimai's User Preferences API allows standard users to modify restricted attributes: hourly_rate, internal_rate
29 minutes ago
Fix available
Severity - 4.3 (Medium)
GHSA-g82g-m9vx-vhjg
Packagist/kimai/kimai
Kimai has Stored XSS via Incomplete HTML Attribute Escaping in Team Member Widget
29 minutes ago
Fix available
Severity - 5.4 (Medium)
GHSA-xjw8-8c5c-9r79
Maven/org.thymeleaf:thymeleaf
Maven/org.thymeleaf:thymeleaf-spring5
Maven/org.thymeleaf:thymeleaf-spring6
Improper neutralization of specific syntax patterns for unauthorized expressions in Thymeleaf
29 minutes ago
Fix available
Severity - 9.0 (Critical)
GHSA-r4v4-5mwr-2fwr
Maven/org.thymeleaf:thymeleaf
Maven/org.thymeleaf:thymeleaf-spring5
Maven/org.thymeleaf:thymeleaf-spring6
Improper restriction of the scope of accessible objects in Thymeleaf expressions
29 minutes ago
Fix available
Severity - 9.0 (Critical)
GHSA-mj87-hwqh-73pj
PyPI/python-multipart
python-multipart affected by Denial of Service via large multipart preamble or epilogue data
30 minutes ago
Fix available
Severity - 5.3 (Medium)
GHSA-mvvv-v22x-xqwp
npm/@nocobase/plugin-workflow-request
NocoBase has SSRF in Workflow HTTP Request and Custom Request Plugins
32 minutes ago
Fix available
Severity - 6.4 (Medium)
GHSA-xp4f-g2cm-rhg7
Packagist/pocketmine/pocketmine-mp
PocketMine-MP has LogDoS by many junk properties in client data JWT in LoginPacket
32 minutes ago
Fix available
Severity - 6.9 (Medium)
GHSA-jj6c-8h6c-hppx
PyPI/pypdf
pypdf has long runtimes for wrong size values in cross-reference and object streams
32 minutes ago
Fix available
Severity - 4.8 (Medium)
GHSA-g24f-mgc3-jwwc
Maven/io.openremote:openremote-manager
OpenRemote has XXE in Velbus Asset Import
33 minutes ago
Fix available
Severity - 7.6 (High)
DRUPAL-CORE-2026-003
Packagist/drupal/core
See record for full details
48 minutes ago
Fix available
JLSEC-2026-117
Julia/Bison_jll
See record for full details
49 minutes ago
Fix available
DRUPAL-CORE-2026-002
Packagist/drupal/core
See record for full details
50 minutes ago
Fix available
GHSA-xphw-cqx3-667j
crates.io/thin-vec
thin-vec: Use-After-Free and Double Free in IntoIter::drop When Element Drop Panics
50 minutes ago
Fix available
Severity - 7.3 (High)
GHSA-247c-9743-5963
npm/fastify
Fastify has a Body Schema Validation Bypass via Leading Space in Content-Type Header
51 minutes ago
Fix available
Severity - 7.5 (High)
DRUPAL-CORE-2026-001
Packagist/drupal/core
See record for full details
51 minutes ago
Fix available
GHSA-pxq7-h93f-9jrg
Go/github.com/oauth2-proxy/oauth2-proxy/v7
OAuth2 Proxy has an Authentication Bypass via Fragment Confusion in skip_auth_routes and skip_auth_regex
51 minutes ago
Fix available
Severity - 8.2 (High)
Load more...
Vulnerability Database - OSV