Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-30120 Code Injection in remotion (CVE-2026-30120)
code injection in remotion (CVE-2026-30120). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.0.410` or later.
CVE-2025-70102 Vulnerability in c (CVE-2025-70102)
vulnerability in c (CVE-2025-70102). Risk of unauthorized operations or information disclosure.
CVE-2025-68713 Vulnerability in CVE-2025-68713 (CVE-2025-68713)
vulnerability in CVE-2025-68713 (CVE-2025-68713). Successful exploitation can lead to full system takeover.
CVE-2025-56814 Command Injection in CVE-2025-56814 (CVE-2025-56814)
command injection in CVE-2025-56814 (CVE-2025-56814). Successful exploitation can lead to full system takeover.
CVE-2025-55663 Vulnerability in c (CVE-2025-55663)
vulnerability in c (CVE-2025-55663). Risk of unauthorized operations or information disclosure.
CVE-2025-55661 Vulnerability in dos (CVE-2025-55661)
vulnerability in dos (CVE-2025-55661). Risk of unauthorized operations or information disclosure.
CVE-2025-55660 Vulnerability in c (CVE-2025-55660)
vulnerability in c (CVE-2025-55660). Risk of unauthorized operations or information disclosure.
CVE-2025-55652 Vulnerability in c (CVE-2025-55652)
vulnerability in c (CVE-2025-55652). Risk of unauthorized operations or information disclosure.
CVE-2025-55650 Use-After-Free in c (CVE-2025-55650)
vulnerability in c (CVE-2025-55650). Risk of unauthorized operations or information disclosure.
CVE-2025-55649 Vulnerability in c (CVE-2025-55649)
vulnerability in c (CVE-2025-55649). Risk of unauthorized operations or information disclosure.
CVE-2025-55648 Vulnerability in c (CVE-2025-55648)
vulnerability in c (CVE-2025-55648). Risk of unauthorized operations or information disclosure.
CVE-2025-55647 Vulnerability in c (CVE-2025-55647)
vulnerability in c (CVE-2025-55647). Risk of unauthorized operations or information disclosure.
CVE-2025-55645 Vulnerability in c (CVE-2025-55645)
vulnerability in c (CVE-2025-55645). Risk of unauthorized operations or information disclosure.
CVE-2025-55644 Use-After-Free in c (CVE-2025-55644)
vulnerability in c (CVE-2025-55644). Risk of unauthorized operations or information disclosure.
CVE-2025-55643 Vulnerability in c (CVE-2025-55643)
vulnerability in c (CVE-2025-55643). Risk of unauthorized operations or information disclosure.
CVE-2025-55642 Vulnerability in c (CVE-2025-55642)
vulnerability in c (CVE-2025-55642). Risk of unauthorized operations or information disclosure.
CVE-2025-55641 Vulnerability in c (CVE-2025-55641)
vulnerability in c (CVE-2025-55641). Risk of unauthorized operations or information disclosure.
CVE-2026-48817 Vulnerability in starlette (CVE-2026-48817)
vulnerability in starlette (CVE-2026-48817). Risk of unauthorized operations or information disclosure. Exploitable via ``HTTPEndpoint``. Mitigation: upgrade to `1.1.0` or later.
CVE-2026-48125 Vulnerability in ua-parser-js (CVE-2026-48125)
vulnerability in ua-parser-js (CVE-2026-48125). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.0.10` or later.
CVE-2026-54271 Code Injection in protobufjs-cli (CVE-2026-54271)
code injection in protobufjs-cli (CVE-2026-54271). Confidential information can be exposed externally. Exploitable via ``pbjs``. Mitigation: upgrade to `2.5.0` or later.
CVE-2026-54270 Vulnerability in protobufjs (CVE-2026-54270)
vulnerability in protobufjs (CVE-2026-54270). Risk of unauthorized operations or information disclosure. Exploitable via ``Reader``. Mitigation: upgrade to `8.5.0` or later.
GHSA-vxr8-fq34-vvx9 Vulnerability in dompurify (GHSA-vxr8-fq34-vvx9)
vulnerability in dompurify (GHSA-vxr8-fq34-vvx9). Risk of unauthorized operations or information disclosure. Exploitable via ``TRUSTED_TYPES_POLICY``. Mitigation: upgrade to `3.4.9` or later.
GHSA-537c-gmf6-5ccf Out-of-Bounds Read in cryptography (GHSA-537c-gmf6-5ccf)
vulnerability in cryptography (GHSA-537c-gmf6-5ccf). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `48.0.1` or later.
CVE-2026-54274 Vulnerability in aiohttp (CVE-2026-54274)
vulnerability in aiohttp (CVE-2026-54274). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.14.1` or later.
CVE-2026-54275 Vulnerability in aiohttp (CVE-2026-54275)
vulnerability in aiohttp (CVE-2026-54275). Risk of unauthorized operations or information disclosure. Exploitable via ``server_hostname``. Mitigation: upgrade to `3.14.1` or later.
CVE-2026-54280 Vulnerability in aiohttp (CVE-2026-54280)
vulnerability in aiohttp (CVE-2026-54280). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.14.1` or later.
CVE-2026-54273 Vulnerability in aiohttp (CVE-2026-54273)
vulnerability in aiohttp (CVE-2026-54273). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.14.1` or later.
CVE-2026-54278 Vulnerability in aiohttp (CVE-2026-54278)
vulnerability in aiohttp (CVE-2026-54278). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.14.1` or later.
CVE-2026-54277 Vulnerability in aiohttp (CVE-2026-54277)
vulnerability in aiohttp (CVE-2026-54277). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.14.1` or later.
CVE-2026-54276 Information Disclosure in aiohttp (CVE-2026-54276)
vulnerability in aiohttp (CVE-2026-54276). Risk of unauthorized operations or information disclosure. Exploitable via ``DigestAuthMiddleware``. Mitigation: upgrade to `3.14.1` or later.
CVE-2026-54279 Vulnerability in aiohttp (CVE-2026-54279)
vulnerability in aiohttp (CVE-2026-54279). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.14.1` or later.
CVE-2026-50269 Vulnerability in aiohttp (CVE-2026-50269)
vulnerability in aiohttp (CVE-2026-50269). Risk of unauthorized operations or information disclosure. Exploitable via ``Payload.headers``. Mitigation: upgrade to `3.14.0` or later.
CVE-2026-53663 Cross-Site Request Forgery (CSRF) in react-router (CVE-2026-53663)
vulnerability in react-router (CVE-2026-53663). Risk of unauthorized operations or information disclosure. Exploitable via ``createBrowserRouter``. Mitigation: upgrade to `7.15.1` or later.
CVE-2026-53633 Vulnerability in @vitest/browser (CVE-2026-53633)
vulnerability in @vitest/browser (CVE-2026-53633). Risk of unauthorized operations or information disclosure. Exploitable via ``browser.api.allowWrite``. Mitigation: upgrade to `3.2.5` or later.
GHSA-gvmj-g25r-r7wr Cross-Site Scripting (XSS) in dompurify (GHSA-gvmj-g25r-r7wr)
cross-site scripting in dompurify (GHSA-gvmj-g25r-r7wr). Risk of unauthorized operations or information disclosure. Exploitable via ``SAFE_FOR_TEMPLATES``. Mitigation: upgrade to `3.4.8` or later.
CVE-2026-49978 Cross-Site Scripting (XSS) in dompurify (CVE-2026-49978)
cross-site scripting in dompurify (CVE-2026-49978). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.4.7` or later.
GHSA-x4vx-rjvf-j5p4 Cross-Site Scripting (XSS) in dompurify (GHSA-x4vx-rjvf-j5p4)
cross-site scripting in dompurify (GHSA-x4vx-rjvf-j5p4). Risk of unauthorized operations or information disclosure. Exploitable via ``DOMPurify``.
GHSA-76mc-f452-cxcm Vulnerability in dompurify (GHSA-76mc-f452-cxcm)
vulnerability in dompurify (GHSA-76mc-f452-cxcm). Risk of unauthorized operations or information disclosure. Exploitable via ``data.allowedTags``. Mitigation: upgrade to `3.4.7` or later.
CVE-2026-49458 Cross-Site Scripting (XSS) in dompurify (CVE-2026-49458)
cross-site scripting in dompurify (CVE-2026-49458). Risk of unauthorized operations or information disclosure. Exploitable via ``instanceof``. Mitigation: upgrade to `3.4.6` or later.
CVE-2026-49459 Cross-Site Scripting (XSS) in dompurify (CVE-2026-49459)
cross-site scripting in dompurify (CVE-2026-49459). Risk of unauthorized operations or information disclosure. Exploitable via ``_forceRemove``. Mitigation: upgrade to `3.4.6` or later.
CVE-2026-11931 Vulnerability in Amazon aws (CVE-2026-11931)
vulnerability in Amazon aws (CVE-2026-11931). Confidential information can be exposed externally.
CVE-2026-8358 Out-of-Bounds Write in CVE-2026-8358 (CVE-2026-8358)
out-of-bounds write in CVE-2026-8358 (CVE-2026-8358). Risk of unauthorized operations or information disclosure.
CVE-2026-8357 Vulnerability in CVE-2026-8357 (CVE-2026-8357)
vulnerability in CVE-2026-8357 (CVE-2026-8357). Successful exploitation can lead to full system takeover.
CVE-2026-8356 Vulnerability in CVE-2026-8356 (CVE-2026-8356)
vulnerability in CVE-2026-8356 (CVE-2026-8356). Risk of unauthorized operations or information disclosure.
CVE-2026-6047 Out-of-Bounds Write in CVE-2026-6047 (CVE-2026-6047)
out-of-bounds write in CVE-2026-6047 (CVE-2026-6047). Risk of unauthorized operations or information disclosure.
CVE-2026-6045 Vulnerability in CVE-2026-6045 (CVE-2026-6045)
vulnerability in CVE-2026-6045 (CVE-2026-6045). Risk of unauthorized operations or information disclosure.
CVE-2026-6040 Use-After-Free in CVE-2026-6040 (CVE-2026-6040)
vulnerability in CVE-2026-6040 (CVE-2026-6040). Successful exploitation can lead to full system takeover.
CVE-2026-6039 Vulnerability in CVE-2026-6039 (CVE-2026-6039)
vulnerability in CVE-2026-6039 (CVE-2026-6039). Risk of unauthorized operations or information disclosure.
CVE-2026-49294 Cross-Site Scripting (XSS) in CVE-2026-49294 (CVE-2026-49294)
cross-site scripting in CVE-2026-49294 (CVE-2026-49294). Risk of unauthorized operations or information disclosure.
CVE-2026-47777 Vulnerability in CVE-2026-47777 (CVE-2026-47777)
vulnerability in CVE-2026-47777 (CVE-2026-47777). Data can be tampered with by attackers.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →