Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Category: web-application Group: package-ecosystems Clear
ID Title
CVE-2026-38360 Path Traversal in path-traversal (CVE-2026-38360)
path traversal in path-traversal (CVE-2026-38360). Successful exploitation can lead to full system takeover.
CVE-2026-43944 Vulnerability in electerm (CVE-2026-43944)
vulnerability in electerm (CVE-2026-43944). Successful exploitation can lead to full system takeover. Exploitable via ``opts``. Mitigation: upgrade to `> 3.8.8` or later.
CVE-2026-43941 Vulnerability in electerm (CVE-2026-43941)
vulnerability in electerm (CVE-2026-43941). Successful exploitation can lead to full system takeover. Exploitable via ``shell.openExternal``.
CVE-2025-63703 Vulnerability in npm (CVE-2025-63703)
vulnerability in npm (CVE-2025-63703). Successful exploitation can lead to full system takeover.
CVE-2025-63706 Code Injection in npm (CVE-2025-63706)
code injection in npm (CVE-2025-63706). Successful exploitation can lead to full system takeover.
CVE-2026-34084 Unsafe Deserialization in phpoffice/phpspreadsheet (CVE-2026-34084)
vulnerability in phpoffice/phpspreadsheet (CVE-2026-34084). Successful exploitation can lead to full system takeover. Exploitable via ``is_file``. Mitigation: upgrade to `1.30.3` or later.
CVE-2026-26956 Vulnerability in vm2-project (CVE-2026-26956)
vulnerability in vm2-project (CVE-2026-26956). Successful exploitation can lead to full system takeover. Exploitable via ``catch``.
CVE-2024-27289 pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder for...
pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder for a numeric value must be immediately preceded by a minus; there must be a second placeholder for a s...

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →