Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
CVE-2026-23842
  • github.com/gunthercox/chatterbot
 ChatterBot has Denial of Service via Database Connection Pool Exhaustion 7 hours ago
  • Fix available
  • Severity - 7.5 (High)
CVE-2026-23841
  • github.com/leepeuker/movary
 Movary vulnerable to Cross-site Scripting with `?categoryCreated=` param 7 hours ago
  • Fix available
  • Severity - 9.3 (Critical)
CVE-2026-23840
  • github.com/leepeuker/movary
 Movary vulnerable to Cross-site Scripting with `?categoryDeleted=` param 7 hours ago
  • Fix available
  • Severity - 9.3 (Critical)
CVE-2026-23839
  • github.com/leepeuker/movary
 Movary vulnerable to Cross-site Scripting with `?categoryUpdated=` param 7 hours ago
  • Fix available
  • Severity - 9.3 (Critical)
CVE-2026-23838
  • github.com/nixos/nixpkgs
 Tandoor Recipes module allows SQLite database to be externally accessible with the default settings 7 hours ago
  • Fix available
  • Severity - 8.7 (High)
CVE-2026-23836
  • github.com/kohler/hotcrp
 HotCRP vulnerable to remote code execution through formulas 8 hours ago
  • No fix available
  • Severity - 9.9 (Critical)
CVE-2026-23833
  • github.com/esphome/esphome
 ESPHome vulnerable to denial-of-service via out-of-bounds check bypass in the API component 8 hours ago
  • Fix available
  • Severity - 1.7 (Low)
CVE-2026-23721
  • github.com/opf/openproject
 OpenProject users with "View Members" permission in any project can view all Group memberships 8 hours ago
  • Fix available
  • Severity - 4.3 (Medium)
CVE-2026-23646
  • github.com/opf/openproject
 OpenProject users can delete other user's session, causing them to be logged out 8 hours ago
  • Fix available
  • Severity - 6.5 (Medium)
CVE-2026-23625
  • github.com/opf/openproject
 OpenProject has stored XSS regression using attachments and script-src self 8 hours ago
  • Fix available
  • Severity - 8.7 (High)
CVE-2026-23522
  • github.com/lobehub/lobe-chat
 Lobe Chat has IDOR in Knowledge Base File Removal that Allows Cross User File Deletion 9 hours ago
  • Fix available
  • Severity - 3.7 (Low)
CVE-2026-22850
  • github.com/ibericode/koko-analytics
 Koko Analytics vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import 9 hours ago
  • Fix available
  • Severity - 8.3 (High)
CVE-2026-22037
  • github.com/fastify/fastify-express
 @fastify/express vulnerable to Improper Handling of URL Encoding (Hex Encoding) 9 hours ago
  • Fix available
  • Severity - 8.4 (High)
CVE-2026-22031
  • github.com/fastify/middie
 Fastify Middie Middleware Path Bypass 10 hours ago
  • Fix available
  • Severity - 8.4 (High)
CVE-2025-68616
  • github.com/kozea/weasyprint
 WeasyPrint Vulnerable to Server-Side Request Forgery (SSRF) Protection Bypass via HTTP Redirect 10 hours ago
  • Fix available
  • Severity - 7.5 (High)
EEF-CVE-2026-21618
  • github.com/hexpm/hexpm.git
 Cross-site scripting (XSS) in OAuth Device Authorization screen 11 hours ago
  • Fix available
  • Severity - 8.5 (High)
Load more...