Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-55430 |
|
Vulnerability in github.com/coder/coder/v2 (CVE-2026-55430)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55430). Confidential information can be exposed externally. Exploitable via ``Host``. Mitigation: upgrade to `2.29.17` or later.
|
| CVE-2026-49086 |
|
Vulnerability in apache (CVE-2026-49086)
vulnerability in apache (CVE-2026-49086). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46592 |
|
Vulnerability in apache (CVE-2026-46592)
vulnerability in apache (CVE-2026-46592). Confidential information can be exposed externally.
|
| CVE-2026-53931 |
|
Vulnerability in nocodb (CVE-2026-53931)
vulnerability in nocodb (CVE-2026-53931). Risk of unauthorized operations or information disclosure. Exploitable via ``axiosRequestMake``.
|
| CVE-2026-50169 |
|
Information Disclosure in @angular/service-worker (CVE-2026-50169)
vulnerability in @angular/service-worker (CVE-2026-50169). Risk of unauthorized operations or information disclosure. Exploitable via ``Request``. Mitigation: upgrade to `21.2.15` or later.
|
| CVE-2026-9595 |
|
Vulnerability in webpack-dev-server (CVE-2026-9595)
vulnerability in webpack-dev-server (CVE-2026-9595). Risk of unauthorized operations or information disclosure. Exploitable via ``Origin``. Mitigation: upgrade to `5.2.5` or later.
|
| CVE-2026-49821 |
|
Vulnerability in github.com/fission/fission (CVE-2026-49821)
vulnerability in github.com/fission/fission (CVE-2026-49821). Confidential information can be exposed externally. Exploitable via ``buildermgr``. Mitigation: upgrade to `1.24.0` or later.
|
| CVE-2026-36608 |
|
Vulnerability in CVE-2026-36608 (CVE-2026-36608)
vulnerability in CVE-2026-36608 (CVE-2026-36608). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0098 |
|
Vulnerability in google (CVE-2026-0098)
vulnerability in google (CVE-2026-0098). Successful exploitation can lead to full system takeover.
|
| CVE-2025-48570 |
|
Vulnerability in google (CVE-2025-48570)
vulnerability in google (CVE-2025-48570). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44494 |
|
Vulnerability in axios (CVE-2026-44494)
vulnerability in axios (CVE-2026-44494). Confidential information can be exposed externally. Exploitable via `Authorization header`. Mitigation: upgrade to `1.15.0` or later.
|
| CVE-2026-48522 |
|
Vulnerability in pyjwt (CVE-2026-48522)
vulnerability in pyjwt (CVE-2026-48522). Risk of unauthorized operations or information disclosure. Exploitable via ``uri``. Mitigation: upgrade to `2.13.0` or later.
|
| CVE-2026-3160 |
|
Vulnerability in gitlab (CVE-2026-3160)
vulnerability in gitlab (CVE-2026-3160). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
|
| CVE-2026-45003 |
|
Vulnerability in openclaw (CVE-2026-45003)
vulnerability in openclaw (CVE-2026-45003). Confidential information can be exposed externally. Mitigation: upgrade to `2026.4.22` or later.
|
| CVE-2026-44992 |
|
Vulnerability in openclaw (CVE-2026-44992)
vulnerability in openclaw (CVE-2026-44992). Confidential information can be exposed externally. Exploitable via ``openclaw``. Mitigation: upgrade to `2026.4.20` or later.
|
| CVE-2026-42313 |
|
Vulnerability in pyload-ng (CVE-2026-42313)
vulnerability in pyload-ng (CVE-2026-42313). Confidential information can be exposed externally. Exploitable via ``ADMIN_ONLY_CORE_OPTIONS``. Mitigation: upgrade to `0.5.0b3.dev100` or later.
|
| CVE-2026-45182 |
|
Vulnerability in CVE-2026-45182 (CVE-2026-45182)
vulnerability in CVE-2026-45182 (CVE-2026-45182). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42043 |
|
Vulnerability in axios (CVE-2026-42043)
vulnerability in axios (CVE-2026-42043). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.15.1` or later.
|
| CVE-2026-39961 |
|
Privilege Escalation in aiven (CVE-2026-39961)
vulnerability in aiven (CVE-2026-39961). Confidential information can be exposed externally. Mitigation: upgrade to `0.37.0` or later.
|
| CVE-2025-62718 |
|
Vulnerability in axios (CVE-2025-62718)
vulnerability in axios (CVE-2025-62718). Confidential information can be exposed externally. Exploitable via ``NO_PROXY``. Mitigation: upgrade to `0.31.0` or later.
|
| CVE-2025-11393 |
|
Vulnerability in CVE-2025-11393 (CVE-2025-11393)
vulnerability in CVE-2025-11393 (CVE-2025-11393). Confidential information can be exposed externally.
|
| CVE-2022-36537 KEV |
|
[KEV] Vulnerability in Zk framework zk-framework (CVE-2022-36537)
vulnerability in Zk framework zk-framework (CVE-2022-36537). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2020-8561 |
|
Vulnerability in k8s.io/kubernetes (CVE-2020-8561)
vulnerability in k8s.io/kubernetes (CVE-2020-8561). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-25740 |
|
Vulnerability in k8s.io/kubernetes (CVE-2021-25740)
vulnerability in k8s.io/kubernetes (CVE-2021-25740). Risk of unauthorized operations or information disclosure.
|
| CVE-2015-2947 |
|
Vulnerability in grabacrnet (CVE-2015-2947)
vulnerability in grabacrnet (CVE-2015-2947). Data can be tampered with by attackers.
|