Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
CVE-2026-23961
  • github.com/mastodon/mastodon
 Mastodon may allow a remote suspension bypass 4 hours ago
  • Fix available
  • Severity - 5.3 (Medium)
CVE-2026-23958
  • github.com/dataease/dataease
 DataEase Vulnerable to Brute-Force Attack on Admin JWT Secret Derived from Password that Enables Full Account Takeover 4 hours ago
  • Fix available
  • Severity - 8.8 (High)
CGA-rw54-w7vj-g9m9
  • Chainguard/openjdk-25-jre
  • Wolfi/openjdk-25-jre
 See record for full details 4 hours ago
  • Fix available
CVE-2026-23952
  • github.com/dlemstra/magick.net
 ImageMagick has a NULL pointer dereference in MSL parser via <comment> tag before image load 5 hours ago
  • Fix available
  • Severity - 6.5 (Medium)
CVE-2026-23951
  • github.com/sumatrapdfreader/sumatrapdf
 SumatraPDF's Integer Underflow in PalmDbReader Leads to Crash 5 hours ago
  • No fix available
  • Severity - 5.5 (Medium)
CVE-2026-23946
  • github.com/tendenci/tendenci
 Tendenci has Authenticated Remote Code Execution via Pickle Deserialization 5 hours ago
  • Fix available
  • Severity - 6.8 (Medium)
CVE-2026-23893
  • github.com/opencryptoki/opencryptoki
 openCryptoki has improper link resolution before file access (link following) 6 hours ago
  • No fix available
  • Severity - 6.8 (Medium)
CVE-2026-23887
  • github.com/intermesh/groupoffice
 Group-Office has stored XSS vulnerability via unsanitized filenames 6 hours ago
  • Fix available
  • Severity - 5.1 (Medium)
CVE-2026-23873
  • github.com/zhblue/hustoj
 HUSTOJ is Vulnerable to Stored CSV Injection (Formula Injection) in Contest Rank Export 6 hours ago
  • No fix available
  • Severity - 5.2 (Medium)
GHSA-pchf-49fh-w34r
  • Go/github.com/charmbracelet/soft-serve
 Soft Serve Affected by an Authentication Bypass 7 hours ago
  • Fix available
  • Severity - 8.1 (High)
GHSA-xxjr-mmjv-4gpg
  • npm/lodash
  • npm/lodash-amd
  • npm/lodash-es
  • npm/lodash.unset
 Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions 7 hours ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-36p8-mvp6-cv38
  • npm/wrangler
 Wrangler affected by OS Command Injection in `wrangler pages deploy` 7 hours ago
  • Fix available
  • Severity - 7.7 (High)
GHSA-r92c-9c7f-3pj8
  • Go/github.com/opentofu/opentofu
 OpenTofu has High CPU usage in "tofu init" with maliciously-crafted module packages in .zip format 7 hours ago
  • Fix available
  • Severity - 3.1 (Low)
CVE-2026-23630
  • github.com/docmost/docmost
 Docmost is vulnerable to stored Cross-Site Scripting (XSS) through Mermaid rendering 7 hours ago
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-q2x5-4xjx-c6p9
  • npm/@backstage/backend-defaults
 Backstage has a Possible SSRF when reading from allowed URL's in `backend.reading.allow` 7 hours ago
  • Fix available
  • Severity - 3.5 (Low)
GHSA-2p49-45hj-7mc9
  • npm/@backstage/cli-common
 @backstage/cli-common has a possible `resolveSafeChildPath` Symlink Chain Bypass 7 hours ago
  • Fix available
  • Severity - 6.3 (Medium)
Load more...