Vulnerability Database
Blog
FAQ
Docs
arrow_forward
search
Vulnerabilities
search
All ecosystems
581024
AlmaLinux
4289
Alpaquita
8035
Alpine
3933
Android
2912
BellSoft Hardened Containers
303
Bitnami
6334
Chainguard
4740
CRAN
12
crates.io
1933
Debian
51893
Echo
2625
GHC
3
GIT
76575
GitHub Actions
37
Go
5293
Hackage
26
Hex
45
Julia
332
Linux
22971
Mageia
5783
Maven
6125
MinimOS
9054
npm
214128
NuGet
1511
openEuler
5734
openSUSE
10307
OSS-Fuzz
3733
Packagist
5577
Pub
10
PyPI
17567
Red Hat
18055
Rocky Linux
2574
Root
16822
RubyGems
1844
SUSE
17092
SwiftURL
45
Ubuntu
49858
VSCode
15
Wolfi
2899
ID
Packages
Summary
Published
arrow_upward
Attributes
CVE-2026-23961
github.com/mastodon/mastodon
Mastodon may allow a remote suspension bypass
4 hours ago
Fix available
Severity - 5.3 (Medium)
CVE-2026-23958
github.com/dataease/dataease
DataEase Vulnerable to Brute-Force Attack on Admin JWT Secret Derived from Password that Enables Full Account Takeover
4 hours ago
Fix available
Severity - 8.8 (High)
CGA-rw54-w7vj-g9m9
Chainguard/openjdk-25-jre
Wolfi/openjdk-25-jre
See record for full details
4 hours ago
Fix available
CVE-2026-23952
github.com/dlemstra/magick.net
ImageMagick has a NULL pointer dereference in MSL parser via <comment> tag before image load
5 hours ago
Fix available
Severity - 6.5 (Medium)
CVE-2026-23951
github.com/sumatrapdfreader/sumatrapdf
SumatraPDF's Integer Underflow in PalmDbReader Leads to Crash
5 hours ago
No fix available
Severity - 5.5 (Medium)
CVE-2026-23946
github.com/tendenci/tendenci
Tendenci has Authenticated Remote Code Execution via Pickle Deserialization
5 hours ago
Fix available
Severity - 6.8 (Medium)
CVE-2026-23893
github.com/opencryptoki/opencryptoki
openCryptoki has improper link resolution before file access (link following)
6 hours ago
No fix available
Severity - 6.8 (Medium)
CVE-2026-23887
github.com/intermesh/groupoffice
Group-Office has stored XSS vulnerability via unsanitized filenames
6 hours ago
Fix available
Severity - 5.1 (Medium)
CVE-2026-23873
github.com/zhblue/hustoj
HUSTOJ is Vulnerable to Stored CSV Injection (Formula Injection) in Contest Rank Export
6 hours ago
No fix available
Severity - 5.2 (Medium)
GHSA-pchf-49fh-w34r
Go/github.com/charmbracelet/soft-serve
Soft Serve Affected by an Authentication Bypass
7 hours ago
Fix available
Severity - 8.1 (High)
GHSA-xxjr-mmjv-4gpg
npm/lodash
npm/lodash-amd
npm/lodash-es
npm/lodash.unset
Lodash has Prototype Pollution Vulnerability in
`
_.unset
`
and
`
_.omit
`
functions
7 hours ago
Fix available
Severity - 6.9 (Medium)
GHSA-36p8-mvp6-cv38
npm/wrangler
Wrangler affected by OS Command Injection in
`
wrangler pages deploy
`
7 hours ago
Fix available
Severity - 7.7 (High)
GHSA-r92c-9c7f-3pj8
Go/github.com/opentofu/opentofu
OpenTofu has High CPU usage in "tofu init" with maliciously-crafted module packages in .zip format
7 hours ago
Fix available
Severity - 3.1 (Low)
CVE-2026-23630
github.com/docmost/docmost
Docmost is vulnerable to stored Cross-Site Scripting (XSS) through Mermaid rendering
7 hours ago
Fix available
Severity - 6.3 (Medium)
GHSA-q2x5-4xjx-c6p9
npm/@backstage/backend-defaults
Backstage has a Possible SSRF when reading from allowed URL's in
`
backend.reading.allow
`
7 hours ago
Fix available
Severity - 3.5 (Low)
GHSA-2p49-45hj-7mc9
npm/@backstage/cli-common
@backstage/cli-common has a possible
`
resolveSafeChildPath
`
Symlink Chain Bypass
7 hours ago
Fix available
Severity - 6.3 (Medium)
Load more...
Vulnerability Database - OSV