Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-30120 |
|
Code Injection in remotion (CVE-2026-30120)
code injection in remotion (CVE-2026-30120). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.0.410` or later.
|
| CVE-2025-70102 |
|
Vulnerability in c (CVE-2025-70102)
vulnerability in c (CVE-2025-70102). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-68713 |
|
Vulnerability in CVE-2025-68713 (CVE-2025-68713)
vulnerability in CVE-2025-68713 (CVE-2025-68713). Successful exploitation can lead to full system takeover.
|
| CVE-2025-56814 |
|
Command Injection in CVE-2025-56814 (CVE-2025-56814)
command injection in CVE-2025-56814 (CVE-2025-56814). Successful exploitation can lead to full system takeover.
|
| CVE-2025-55663 |
|
Vulnerability in c (CVE-2025-55663)
vulnerability in c (CVE-2025-55663). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-55661 |
|
Vulnerability in dos (CVE-2025-55661)
vulnerability in dos (CVE-2025-55661). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-55660 |
|
Vulnerability in c (CVE-2025-55660)
vulnerability in c (CVE-2025-55660). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-55652 |
|
Vulnerability in c (CVE-2025-55652)
vulnerability in c (CVE-2025-55652). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-55650 |
|
Use-After-Free in c (CVE-2025-55650)
vulnerability in c (CVE-2025-55650). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-55649 |
|
Vulnerability in c (CVE-2025-55649)
vulnerability in c (CVE-2025-55649). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-55648 |
|
Vulnerability in c (CVE-2025-55648)
vulnerability in c (CVE-2025-55648). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-55647 |
|
Vulnerability in c (CVE-2025-55647)
vulnerability in c (CVE-2025-55647). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-55645 |
|
Vulnerability in c (CVE-2025-55645)
vulnerability in c (CVE-2025-55645). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-55644 |
|
Use-After-Free in c (CVE-2025-55644)
vulnerability in c (CVE-2025-55644). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-55643 |
|
Vulnerability in c (CVE-2025-55643)
vulnerability in c (CVE-2025-55643). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-55642 |
|
Vulnerability in c (CVE-2025-55642)
vulnerability in c (CVE-2025-55642). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-55641 |
|
Vulnerability in c (CVE-2025-55641)
vulnerability in c (CVE-2025-55641). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48817 |
|
Vulnerability in starlette (CVE-2026-48817)
vulnerability in starlette (CVE-2026-48817). Risk of unauthorized operations or information disclosure. Exploitable via ``HTTPEndpoint``. Mitigation: upgrade to `1.1.0` or later.
|
| CVE-2026-48125 |
|
Vulnerability in ua-parser-js (CVE-2026-48125)
vulnerability in ua-parser-js (CVE-2026-48125). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.0.10` or later.
|
| CVE-2026-54271 |
|
Code Injection in protobufjs-cli (CVE-2026-54271)
code injection in protobufjs-cli (CVE-2026-54271). Confidential information can be exposed externally. Exploitable via ``pbjs``. Mitigation: upgrade to `2.5.0` or later.
|
| CVE-2026-54270 |
|
Vulnerability in protobufjs (CVE-2026-54270)
vulnerability in protobufjs (CVE-2026-54270). Risk of unauthorized operations or information disclosure. Exploitable via ``Reader``. Mitigation: upgrade to `8.5.0` or later.
|
| GHSA-vxr8-fq34-vvx9 |
|
Vulnerability in dompurify (GHSA-vxr8-fq34-vvx9)
vulnerability in dompurify (GHSA-vxr8-fq34-vvx9). Risk of unauthorized operations or information disclosure. Exploitable via ``TRUSTED_TYPES_POLICY``. Mitigation: upgrade to `3.4.9` or later.
|
| GHSA-537c-gmf6-5ccf |
|
Out-of-Bounds Read in cryptography (GHSA-537c-gmf6-5ccf)
vulnerability in cryptography (GHSA-537c-gmf6-5ccf). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `48.0.1` or later.
|
| CVE-2026-54274 |
|
Vulnerability in aiohttp (CVE-2026-54274)
vulnerability in aiohttp (CVE-2026-54274). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.14.1` or later.
|
| CVE-2026-54275 |
|
Vulnerability in aiohttp (CVE-2026-54275)
vulnerability in aiohttp (CVE-2026-54275). Risk of unauthorized operations or information disclosure. Exploitable via ``server_hostname``. Mitigation: upgrade to `3.14.1` or later.
|
| CVE-2026-54280 |
|
Vulnerability in aiohttp (CVE-2026-54280)
vulnerability in aiohttp (CVE-2026-54280). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.14.1` or later.
|
| CVE-2026-54273 |
|
Vulnerability in aiohttp (CVE-2026-54273)
vulnerability in aiohttp (CVE-2026-54273). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.14.1` or later.
|
| CVE-2026-54278 |
|
Vulnerability in aiohttp (CVE-2026-54278)
vulnerability in aiohttp (CVE-2026-54278). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.14.1` or later.
|
| CVE-2026-54277 |
|
Vulnerability in aiohttp (CVE-2026-54277)
vulnerability in aiohttp (CVE-2026-54277). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.14.1` or later.
|
| CVE-2026-54276 |
|
Information Disclosure in aiohttp (CVE-2026-54276)
vulnerability in aiohttp (CVE-2026-54276). Risk of unauthorized operations or information disclosure. Exploitable via ``DigestAuthMiddleware``. Mitigation: upgrade to `3.14.1` or later.
|
| CVE-2026-54279 |
|
Vulnerability in aiohttp (CVE-2026-54279)
vulnerability in aiohttp (CVE-2026-54279). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.14.1` or later.
|
| CVE-2026-50269 |
|
Vulnerability in aiohttp (CVE-2026-50269)
vulnerability in aiohttp (CVE-2026-50269). Risk of unauthorized operations or information disclosure. Exploitable via ``Payload.headers``. Mitigation: upgrade to `3.14.0` or later.
|
| CVE-2026-53663 |
|
Cross-Site Request Forgery (CSRF) in react-router (CVE-2026-53663)
vulnerability in react-router (CVE-2026-53663). Risk of unauthorized operations or information disclosure. Exploitable via ``createBrowserRouter``. Mitigation: upgrade to `7.15.1` or later.
|
| CVE-2026-53633 |
|
Vulnerability in @vitest/browser (CVE-2026-53633)
vulnerability in @vitest/browser (CVE-2026-53633). Risk of unauthorized operations or information disclosure. Exploitable via ``browser.api.allowWrite``. Mitigation: upgrade to `3.2.5` or later.
|
| GHSA-gvmj-g25r-r7wr |
|
Cross-Site Scripting (XSS) in dompurify (GHSA-gvmj-g25r-r7wr)
cross-site scripting in dompurify (GHSA-gvmj-g25r-r7wr). Risk of unauthorized operations or information disclosure. Exploitable via ``SAFE_FOR_TEMPLATES``. Mitigation: upgrade to `3.4.8` or later.
|
| CVE-2026-49978 |
|
Cross-Site Scripting (XSS) in dompurify (CVE-2026-49978)
cross-site scripting in dompurify (CVE-2026-49978). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.4.7` or later.
|
| GHSA-x4vx-rjvf-j5p4 |
|
Cross-Site Scripting (XSS) in dompurify (GHSA-x4vx-rjvf-j5p4)
cross-site scripting in dompurify (GHSA-x4vx-rjvf-j5p4). Risk of unauthorized operations or information disclosure. Exploitable via ``DOMPurify``.
|
| GHSA-76mc-f452-cxcm |
|
Vulnerability in dompurify (GHSA-76mc-f452-cxcm)
vulnerability in dompurify (GHSA-76mc-f452-cxcm). Risk of unauthorized operations or information disclosure. Exploitable via ``data.allowedTags``. Mitigation: upgrade to `3.4.7` or later.
|
| CVE-2026-49458 |
|
Cross-Site Scripting (XSS) in dompurify (CVE-2026-49458)
cross-site scripting in dompurify (CVE-2026-49458). Risk of unauthorized operations or information disclosure. Exploitable via ``instanceof``. Mitigation: upgrade to `3.4.6` or later.
|
| CVE-2026-49459 |
|
Cross-Site Scripting (XSS) in dompurify (CVE-2026-49459)
cross-site scripting in dompurify (CVE-2026-49459). Risk of unauthorized operations or information disclosure. Exploitable via ``_forceRemove``. Mitigation: upgrade to `3.4.6` or later.
|
| CVE-2026-11931 |
|
Vulnerability in Amazon aws (CVE-2026-11931)
vulnerability in Amazon aws (CVE-2026-11931). Confidential information can be exposed externally.
|
| CVE-2026-8358 |
|
Out-of-Bounds Write in CVE-2026-8358 (CVE-2026-8358)
out-of-bounds write in CVE-2026-8358 (CVE-2026-8358). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8357 |
|
Vulnerability in CVE-2026-8357 (CVE-2026-8357)
vulnerability in CVE-2026-8357 (CVE-2026-8357). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8356 |
|
Vulnerability in CVE-2026-8356 (CVE-2026-8356)
vulnerability in CVE-2026-8356 (CVE-2026-8356). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6047 |
|
Out-of-Bounds Write in CVE-2026-6047 (CVE-2026-6047)
out-of-bounds write in CVE-2026-6047 (CVE-2026-6047). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6045 |
|
Vulnerability in CVE-2026-6045 (CVE-2026-6045)
vulnerability in CVE-2026-6045 (CVE-2026-6045). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6040 |
|
Use-After-Free in CVE-2026-6040 (CVE-2026-6040)
vulnerability in CVE-2026-6040 (CVE-2026-6040). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6039 |
|
Vulnerability in CVE-2026-6039 (CVE-2026-6039)
vulnerability in CVE-2026-6039 (CVE-2026-6039). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49294 |
|
Cross-Site Scripting (XSS) in CVE-2026-49294 (CVE-2026-49294)
cross-site scripting in CVE-2026-49294 (CVE-2026-49294). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-47777 |
|
Vulnerability in CVE-2026-47777 (CVE-2026-47777)
vulnerability in CVE-2026-47777 (CVE-2026-47777). Data can be tampered with by attackers.
|