Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-qh43-xrjm-4ggp
  • Packagist/kimai/kimai
 Kimai's User Preferences API allows standard users to modify restricted attributes: hourly_rate, internal_rate 29 minutes ago
  • Fix available
  • Severity - 4.3 (Medium)
GHSA-g82g-m9vx-vhjg
  • Packagist/kimai/kimai
 Kimai has Stored XSS via Incomplete HTML Attribute Escaping in Team Member Widget 29 minutes ago
  • Fix available
  • Severity - 5.4 (Medium)
GHSA-xjw8-8c5c-9r79
  • Maven/org.thymeleaf:thymeleaf
  • Maven/org.thymeleaf:thymeleaf-spring5
  • Maven/org.thymeleaf:thymeleaf-spring6
 Improper neutralization of specific syntax patterns for unauthorized expressions in Thymeleaf 29 minutes ago
  • Fix available
  • Severity - 9.0 (Critical)
GHSA-r4v4-5mwr-2fwr
  • Maven/org.thymeleaf:thymeleaf
  • Maven/org.thymeleaf:thymeleaf-spring5
  • Maven/org.thymeleaf:thymeleaf-spring6
 Improper restriction of the scope of accessible objects in Thymeleaf expressions 29 minutes ago
  • Fix available
  • Severity - 9.0 (Critical)
GHSA-mj87-hwqh-73pj
  • PyPI/python-multipart
 python-multipart affected by Denial of Service via large multipart preamble or epilogue data 30 minutes ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-mvvv-v22x-xqwp
  • npm/@nocobase/plugin-workflow-request
 NocoBase has SSRF in Workflow HTTP Request and Custom Request Plugins 32 minutes ago
  • Fix available
  • Severity - 6.4 (Medium)
GHSA-xp4f-g2cm-rhg7
  • Packagist/pocketmine/pocketmine-mp
 PocketMine-MP has LogDoS by many junk properties in client data JWT in LoginPacket 32 minutes ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-jj6c-8h6c-hppx
  • PyPI/pypdf
 pypdf has long runtimes for wrong size values in cross-reference and object streams 32 minutes ago
  • Fix available
  • Severity - 4.8 (Medium)
GHSA-g24f-mgc3-jwwc
  • Maven/io.openremote:openremote-manager
 OpenRemote has XXE in Velbus Asset Import 33 minutes ago
  • Fix available
  • Severity - 7.6 (High)
DRUPAL-CORE-2026-003
  • Packagist/drupal/core
 See record for full details 48 minutes ago
  • Fix available
JLSEC-2026-117
  • Julia/Bison_jll
 See record for full details 49 minutes ago
  • Fix available
DRUPAL-CORE-2026-002
  • Packagist/drupal/core
 See record for full details 50 minutes ago
  • Fix available
GHSA-xphw-cqx3-667j
  • crates.io/thin-vec
 thin-vec: Use-After-Free and Double Free in IntoIter::drop When Element Drop Panics 50 minutes ago
  • Fix available
  • Severity - 7.3 (High)
GHSA-247c-9743-5963
  • npm/fastify
 Fastify has a Body Schema Validation Bypass via Leading Space in Content-Type Header 51 minutes ago
  • Fix available
  • Severity - 7.5 (High)
DRUPAL-CORE-2026-001
  • Packagist/drupal/core
 See record for full details 51 minutes ago
  • Fix available
GHSA-pxq7-h93f-9jrg
  • Go/github.com/oauth2-proxy/oauth2-proxy/v7
 OAuth2 Proxy has an Authentication Bypass via Fragment Confusion in skip_auth_routes and skip_auth_regex 51 minutes ago
  • Fix available
  • Severity - 8.2 (High)
Load more...