Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-54756 |
|
Vulnerability in CVE-2026-54756 (CVE-2026-54756)
vulnerability in CVE-2026-54756 (CVE-2026-54756). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57926 |
|
Vulnerability in jetbrains (CVE-2026-57926)
vulnerability in jetbrains (CVE-2026-57926). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54639 |
|
Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability starting in version 4.3.0 and prior to version 5.4.4. Impact users have: direct usage of `c...
Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability starting in version 4.3.0 and prior to version 5.4.4. Impact users have: direct usage of `convertTokenData(tokens, { output: 'object' });`; indirect usage, via using Expand API; and/or indire...
|
| CVE-2026-49252 |
|
Vulnerability in @deepstream/server (CVE-2026-49252)
vulnerability in @deepstream/server (CVE-2026-49252). Confidential information can be exposed externally. Exploitable via ``__proto__``. Mitigation: upgrade to `10.0.5` or later.
|
| CVE-2026-55388 |
|
Code Injection in piscina (CVE-2026-55388)
code injection in piscina (CVE-2026-55388). Successful exploitation can lead to full system takeover. Exploitable via `POST /upload`. Mitigation: upgrade to `6.0.0-rc.2` or later.
|
| CVE-2026-55886 |
|
Vulnerability in jodit (CVE-2026-55886)
vulnerability in jodit (CVE-2026-55886). Risk of unauthorized operations or information disclosure. Exploitable via ``chain``. Mitigation: upgrade to `4.12.26` or later.
|
| CVE-2026-53676 |
|
Vulnerability in CVE-2026-53676 (CVE-2026-53676)
vulnerability in CVE-2026-53676 (CVE-2026-53676). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54312 |
|
Vulnerability in n8n (CVE-2026-54312)
vulnerability in n8n (CVE-2026-54312). Risk of unauthorized operations or information disclosure. Exploitable via ``Object.prototype``. Mitigation: upgrade to `2.24.0` or later.
|
| CVE-2026-54306 |
|
Vulnerability in n8n (CVE-2026-54306)
vulnerability in n8n (CVE-2026-54306). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.25.7` or later.
|
| CVE-2026-48714 |
|
Vulnerability in i18next-http-middleware (CVE-2026-48714)
vulnerability in i18next-http-middleware (CVE-2026-48714). Data can be tampered with by attackers. Exploitable via ``missingKeyHandler``. Mitigation: upgrade to `3.9.7` or later.
|
| CVE-2026-48713 |
|
Vulnerability in i18next-fs-backend (CVE-2026-48713)
vulnerability in i18next-fs-backend (CVE-2026-48713). Data can be tampered with by attackers. Exploitable via ``missingKeyHandler``. Mitigation: upgrade to `2.6.4` or later.
|
| CVE-2026-12209 |
|
Code Injection in CVE-2026-12209 (CVE-2026-12209)
code injection in CVE-2026-12209 (CVE-2026-12209). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12208 |
|
Code Injection in CVE-2026-12208 (CVE-2026-12208)
code injection in CVE-2026-12208 (CVE-2026-12208). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53609 |
|
Vulnerability in CVE-2026-53609 (CVE-2026-53609)
vulnerability in CVE-2026-53609 (CVE-2026-53609). Confidential information can be exposed externally. Exploitable via ``__proto__``.
|
| CVE-2026-44495 |
|
Code Injection in axios (CVE-2026-44495)
code injection in axios (CVE-2026-44495). Confidential information can be exposed externally. Exploitable via ``Object.prototype.transformResponse``. Mitigation: upgrade to `1.15.0` or later.
|
| CVE-2026-44494 |
|
Vulnerability in axios (CVE-2026-44494)
vulnerability in axios (CVE-2026-44494). Confidential information can be exposed externally. Exploitable via `Authorization header`. Mitigation: upgrade to `1.15.0` or later.
|
| CVE-2026-44490 |
|
Vulnerability in axios (CVE-2026-44490)
vulnerability in axios (CVE-2026-44490). Risk of unauthorized operations or information disclosure. Exploitable via ``Object.prototype``. Mitigation: upgrade to `0.32.0` or later.
|
| CVE-2026-44489 |
|
Vulnerability in axios (CVE-2026-44489)
vulnerability in axios (CVE-2026-44489). Risk of unauthorized operations or information disclosure. Exploitable via `Authorization header`. Mitigation: upgrade to `1.16.0` or later.
|
| CVE-2026-46625 |
|
Vulnerability in js-cookie (CVE-2026-46625)
vulnerability in js-cookie (CVE-2026-46625). Data can be tampered with by attackers. Exploitable via ``for...in``. Mitigation: upgrade to `3.0.7` or later.
|
| CVE-2026-9101 |
|
Vulnerability in CVE-2026-9101 (CVE-2026-9101)
vulnerability in CVE-2026-9101 (CVE-2026-9101). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45302 |
|
Vulnerability in parse-nested-form-data (CVE-2026-45302)
vulnerability in parse-nested-form-data (CVE-2026-45302). Data can be tampered with by attackers. Exploitable via ``__proto__``. Mitigation: upgrade to `1.0.1` or later.
|
| CVE-2026-46510 |
|
Vulnerability in form-data-objectizer (CVE-2026-46510)
vulnerability in form-data-objectizer (CVE-2026-46510). Data can be tampered with by attackers. Exploitable via ``__proto__``. Mitigation: upgrade to `1.0.1` or later.
|
| CVE-2026-8657 |
|
Vulnerability in CVE-2026-8657 (CVE-2026-8657)
vulnerability in CVE-2026-8657 (CVE-2026-8657). Data can be tampered with by attackers.
|
| CVE-2026-46509 |
|
Vulnerability in @ranfdev/deepobj (CVE-2026-46509)
vulnerability in @ranfdev/deepobj (CVE-2026-46509). Data can be tampered with by attackers. Exploitable via ``__proto__``. Mitigation: upgrade to `1.0.3` or later.
|
| CVE-2026-44791 |
|
Vulnerability in n8n (CVE-2026-44791)
vulnerability in n8n (CVE-2026-44791). Successful exploitation can lead to full system takeover. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.20.7` or later.
|
| CVE-2026-44789 |
|
Vulnerability in n8n (CVE-2026-44789)
vulnerability in n8n (CVE-2026-44789). Successful exploitation can lead to full system takeover. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.20.7` or later.
|
| CVE-2026-44005 |
|
Code Injection in vm2 (CVE-2026-44005)
code injection in vm2 (CVE-2026-44005). Data can be tampered with by attackers. Mitigation: upgrade to `3.11.0` or later.
|
| CVE-2026-44292 |
|
Vulnerability in protobufjs (CVE-2026-44292)
vulnerability in protobufjs (CVE-2026-44292). Risk of unauthorized operations or information disclosure. Exploitable via ``__proto__``. Mitigation: upgrade to `8.0.2` or later.
|
| CVE-2026-44290 |
|
Vulnerability in protobufjs (CVE-2026-44290)
vulnerability in protobufjs (CVE-2026-44290). Risk of unauthorized operations or information disclosure. Exploitable via ``parse``. Mitigation: upgrade to `8.0.2` or later.
|
| CVE-2026-8161 |
|
Vulnerability in multiparty (CVE-2026-8161)
vulnerability in multiparty (CVE-2026-8161). Risk of unauthorized operations or information disclosure. Exploitable via ``Object.prototype``. Mitigation: upgrade to `4.3.0` or later.
|
| CVE-2026-44483 |
|
Vulnerability in @rvf/set-get (CVE-2026-44483)
vulnerability in @rvf/set-get (CVE-2026-44483). Data can be tampered with by attackers. Exploitable via ``setPath``. Mitigation: upgrade to `6.0.4` or later.
|
| CVE-2026-44966 |
|
Vulnerability in velocityjs (CVE-2026-44966)
vulnerability in velocityjs (CVE-2026-44966). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41690 |
|
Vulnerability in i18next-http-middleware (CVE-2026-41690)
vulnerability in i18next-http-middleware (CVE-2026-41690). Data can be tampered with by attackers. Exploitable via `GET /locales/resources.json`. Mitigation: upgrade to `3.9.3` or later.
|
| CVE-2026-42264 |
|
Vulnerability in axios (CVE-2026-42264)
vulnerability in axios (CVE-2026-42264). Confidential information can be exposed externally. Exploitable via ``hasOwnProperty``. Mitigation: upgrade to `1.15.2` or later.
|
| CVE-2025-63704 |
|
Vulnerability in prototype-pollution (CVE-2025-63704)
vulnerability in prototype-pollution (CVE-2025-63704). Successful exploitation can lead to full system takeover.
|
| CVE-2025-63703 |
|
Vulnerability in npm (CVE-2025-63703)
vulnerability in npm (CVE-2025-63703). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42044 |
|
Vulnerability in privilege-escalation (CVE-2026-42044)
vulnerability in privilege-escalation (CVE-2026-42044). Data can be tampered with by attackers. Mitigation: upgrade to `1.15.2` or later.
|
| CVE-2026-42041 |
|
Authentication Bypass in axios (CVE-2026-42041)
authentication bypass in axios (CVE-2026-42041). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.15.1` or later.
|
| CVE-2026-42033 |
|
Vulnerability in axios (CVE-2026-42033)
vulnerability in axios (CVE-2026-42033). Confidential information can be exposed externally. Mitigation: upgrade to `1.15.1` or later.
|
| CVE-2026-34621 KEV |
|
[KEV] Vulnerability in Adobe acrobat-and-reader (CVE-2026-34621)
vulnerability in Adobe acrobat-and-reader (CVE-2026-34621). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-40190 |
|
Vulnerability in langchain (CVE-2026-40190)
vulnerability in langchain (CVE-2026-40190). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.5.18` or later.
|
| CVE-2026-33228 |
|
Vulnerability in webreflection (CVE-2026-33228)
vulnerability in webreflection (CVE-2026-33228). Successful exploitation can lead to full system takeover.
|
| CVE-2026-29063 |
|
Vulnerability in immutable-js (CVE-2026-29063)
vulnerability in immutable-js (CVE-2026-29063). Successful exploitation can lead to full system takeover.
|
| CVE-2026-25639 |
|
Vulnerability in axios (CVE-2026-25639)
vulnerability in axios (CVE-2026-25639). Risk of unauthorized operations or information disclosure. Exploitable via ``mergeConfig``. Mitigation: upgrade to `0.30.3` or later.
|
| CVE-2026-25521 |
|
Vulnerability in locutus (CVE-2026-25521)
vulnerability in locutus (CVE-2026-25521). Successful exploitation can lead to full system takeover.
|
| CVE-2025-61140 |
|
The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.
The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.
|
| CVE-2025-13465 |
|
Vulnerability in lodash (CVE-2025-13465)
vulnerability in lodash (CVE-2025-13465). Risk of unauthorized operations or information disclosure. Exploitable via ``_.unset``. Mitigation: upgrade to `4.17.23` or later.
|
| CVE-2024-39011 |
|
Vulnerability in dos (CVE-2024-39011)
vulnerability in dos (CVE-2024-39011). Successful exploitation can lead to full system takeover.
|
| CVE-2023-38894 |
|
Vulnerability in tree-kit-project (CVE-2023-38894)
vulnerability in tree-kit-project (CVE-2023-38894). Successful exploitation can lead to full system takeover.
|
| CVE-2022-37257 |
|
Vulnerability in stealjs (CVE-2022-37257)
vulnerability in stealjs (CVE-2022-37257). Successful exploitation can lead to full system takeover.
|