Vulnerabilities

ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-mvvv-v22x-xqwp
  • npm/@nocobase/plugin-workflow-request
NocoBase has SSRF in Workflow HTTP Request and Custom Request Plugins 17 minutes ago
  • Fix available
  • Severity - 6.4 (Medium)
GHSA-xp4f-g2cm-rhg7
  • Packagist/pocketmine/pocketmine-mp
PocketMine-MP has LogDoS by many junk properties in client data JWT in LoginPacket 17 minutes ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-jj6c-8h6c-hppx
  • PyPI/pypdf
pypdf has long runtimes for wrong size values in cross-reference and object streams 17 minutes ago
  • Fix available
  • Severity - 4.8 (Medium)
GHSA-g24f-mgc3-jwwc
  • Maven/io.openremote:openremote-manager
OpenRemote has XXE in Velbus Asset Import 18 minutes ago
  • Fix available
  • Severity - 7.6 (High)
DRUPAL-CORE-2026-003
  • Packagist/drupal/core
See record for full details 33 minutes ago
  • Fix available
JLSEC-2026-117
  • Julia/Bison_jll
See record for full details 34 minutes ago
  • Fix available
DRUPAL-CORE-2026-002
  • Packagist/drupal/core
See record for full details 35 minutes ago
  • Fix available
GHSA-xphw-cqx3-667j
  • crates.io/thin-vec
thin-vec: Use-After-Free and Double Free in IntoIter::drop When Element Drop Panics 36 minutes ago
  • Fix available
  • Severity - 7.3 (High)
GHSA-247c-9743-5963
  • npm/fastify
Fastify has a Body Schema Validation Bypass via Leading Space in Content-Type Header 36 minutes ago
  • Fix available
  • Severity - 7.5 (High)
DRUPAL-CORE-2026-001
  • Packagist/drupal/core
See record for full details 36 minutes ago
  • Fix available
GHSA-pxq7-h93f-9jrg
  • Go/github.com/oauth2-proxy/oauth2-proxy/v7
OAuth2 Proxy has an Authentication Bypass via Fragment Confusion in skip_auth_routes and skip_auth_regex 36 minutes ago
  • Fix available
  • Severity - 8.2 (High)
GHSA-c5c4-8r6x-56w3
  • Go/github.com/oauth2-proxy/oauth2-proxy/v7
OAuth2 Proxy has an Authorization Bypass in Email Domain Validation via Malformed Multi-@ Email Claims 37 minutes ago
  • Fix available
  • Severity - 6.8 (Medium)
GHSA-7x63-xv5r-3p2x
  • Go/github.com/oauth2-proxy/oauth2-proxy/v7
OAuth2 Proxy has an Authentication Bypass via X-Forwarded-Uri Header Spoofing 39 minutes ago
  • Fix available
  • Severity - 9.1 (Critical)
GHSA-xmj9-7625-f634
  • Maven/dev.dsf:dsf-bpe-process-api-v2
  • Maven/dev.dsf:dsf-bpe-server
Data Sharing Framework has an Inverted Time Comparison in OIDC JWKS and Token Cache 41 minutes ago
  • No fix available
  • Severity - 6.3 (Medium)
GHSA-gj7p-595x-qwf5
  • Maven/dev.dsf:dsf-bpe-server
  • Maven/dev.dsf:dsf-common-jetty
  • Maven/dev.dsf:dsf-fhir-server
Data Sharing Framework is Missing Session Timeout for OIDC Sessions 41 minutes ago
  • No fix available
  • Severity - 6.8 (Medium)
GHSA-43fj-qp3h-hrh5
  • npm/@sync-in/server
Sync-in Server has Username Enumeration via Timing Attack 1 hour ago
  • Fix available
  • Severity - 6.9 (Medium)