Recent vulnerabilities
Recent vulnerabilities from
Select from 70 available sources using the dropdown above.
| ID | Severity | Description | Published | Updated |
|---|---|---|---|---|
| ghsa-hvv7-hfrh-7gxj |
6.5 (3.1)
|
Nezha Monitoring: Nezha WebSocket server stream discloses cross-tenant server telemetry to authenti… | 2026-05-23T00:18:33Z | 2026-05-23T00:18:34Z |
| ghsa-99gv-2m7h-3hh9 |
9.9 (3.1)
|
Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron | 2026-05-23T00:17:58Z | 2026-05-23T00:17:58Z |
| ghsa-jpjh-jm2p-39hh |
8.8 (3.1)
|
Arcane: Missing admin authorization on global variables endpoint | 2026-05-23T00:16:56Z | 2026-05-23T00:16:56Z |
| ghsa-ggxf-37hm-9wqf |
6.5 (3.1)
|
instagrapi: Unsafe signup challenge path handling in instagrapi | 2026-05-23T00:12:34Z | 2026-05-23T00:12:34Z |
| ghsa-jh37-x3fv-4x72 |
6.5 (3.1)
|
aiograpi: Unsafe signup challenge path handling | 2026-05-23T00:11:53Z | 2026-05-23T00:11:53Z |
| ghsa-38m6-82c8-4xfm |
8.7 (4.0)
|
Parse Server: Pre-authentication denial of service via client version header regex backtracking | 2026-05-23T00:11:25Z | 2026-05-23T00:11:25Z |
| ghsa-f63h-wc26-pmvc |
6.3 (3.1)
2.1 (4.0)
|
AstrBot: File upload vulnerability in the function post_file of the file astrbot/dashboard/routes/chat.py | 2026-05-17T15:31:42Z | 2026-05-23T00:10:04Z |
| ghsa-fmmw-44rp-jcfp |
7.3 (3.1)
5.5 (4.0)
|
Beetl's SpELFunction extension function has an expression injection risk | 2026-05-17T15:31:42Z | 2026-05-23T00:09:54Z |
| ghsa-rxf6-wjh4-jfj6 |
5.4 (3.1)
|
Nezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ow… | 2026-05-23T00:08:45Z | 2026-05-23T00:08:45Z |
| ghsa-w4g9-mxgg-j532 |
8.5 (3.1)
|
Nezha Monitoring: RoleMember-reachable SSRF with full response-body reflection via POST /api/v1/not… | 2026-05-23T00:08:04Z | 2026-05-23T00:08:04Z |
| ghsa-97r5-pg8x-p63p |
|
Flask-Security-Too OAuth reauthentication freshness bypass via cross- user OAuth identity acceptance | 2026-05-22T17:48:54Z | 2026-05-22T17:48:54Z |
| ghsa-7m8f-hgjq-8gc9 |
7.5 (3.1)
|
aiosend: Deserialization of request body before signature verification (Pre-auth DoS) in webhook handler | 2026-05-22T17:27:56Z | 2026-05-22T17:27:56Z |
| ghsa-q8mj-m7cp-5q26 |
5.3 (3.1)
6.3 (4.0)
|
qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in… | 2026-05-22T17:27:19Z | 2026-05-22T17:27:19Z |
| ghsa-qqqm-5547-774x |
9.3 (4.0)
|
FileBrowser Quantum: Path traversal in public share PATCH allows file ops outside shared directory | 2026-05-22T17:26:25Z | 2026-05-22T17:26:25Z |
| ghsa-rmx9-2pp3-xhcr |
6.5 (3.1)
|
Tekton Pipelines has VerificationPolicy regex pattern bypass via substring matching | 2026-04-21T16:25:19Z | 2026-05-22T16:05:24Z |
| ghsa-2f54-v4hm-fx73 |
8.1 (3.1)
|
Apache Flink: Remote code execution via SQL injection in code generation | 2026-05-15T18:30:34Z | 2026-05-22T15:49:47Z |
| ghsa-m2cx-gpqf-qf74 |
6.5 (3.1)
|
Tekton Pipelines: HTTP Resolver Unbounded Response Body Read Enables Denial of Service via Memory E… | 2026-04-21T20:27:33Z | 2026-05-22T15:45:15Z |
| ghsa-rx35-6rhx-7858 |
5.4 (3.1)
|
Tekton Pipelines: VolumeMount path restriction bypass via missing filepath.Clean in /tekton/ check | 2026-04-21T20:26:41Z | 2026-05-22T15:40:40Z |
| ghsa-jwvv-qr7q-cv8j |
9.8 (3.1)
|
YesWiki: Unauthenticated SQL Injection | 2026-05-22T15:39:07Z | 2026-05-22T15:39:07Z |
| ghsa-6gxq-f64p-5w6f |
5.7 (3.1)
|
ImageMagick: Heap Buffer Over-Read in distributed pixel cache server | 2026-05-22T13:14:38Z | 2026-05-22T13:14:38Z |
| ghsa-2rgj-gx5x-f62w |
4.1 (3.1)
|
ImageMagick: Information Disclosure in distributed pixel cache server because it is not using a cha… | 2026-05-22T13:14:02Z | 2026-05-22T13:14:02Z |
| ghsa-4g75-9r48-jf92 |
4.1 (3.1)
|
ImageMagick: Race Condition in distributed pixel cache server can result in file descriptor hijacking | 2026-05-22T13:11:29Z | 2026-05-22T13:11:29Z |
| ghsa-p93h-f2jc-477j |
4.1 (3.1)
|
ImageMagick: Heap Buffer Over-Write in distributed pixel cache server | 2026-05-22T13:10:55Z | 2026-05-22T13:10:55Z |
| ghsa-jg2m-9x48-3gvj |
9.9 (3.1)
|
Apache Camel has an incomplete fix for CVE-2025-27636 | 2026-04-27T09:34:39Z | 2026-05-22T13:10:44Z |
| ghsa-6rcx-55r6-jx65 |
6.3 (3.1)
2.1 (4.0)
|
Prefect Git Argument Injection in GitRepository Pull Steps | 2026-05-04T06:32:02Z | 2026-05-22T13:09:34Z |
| ghsa-p3pq-hxmr-vqqr |
5.0 (3.1)
1.3 (4.0)
|
Prefect SSRF Bypass via DNS Rebinding in validate_restricted_url | 2026-05-04T03:31:28Z | 2026-05-22T13:08:02Z |
| ghsa-hvph-5985-r63v |
7.3 (3.1)
5.5 (4.0)
|
Prefect Unauthenticated Event Injection via /api/events/in WebSocket | 2026-05-04T03:31:28Z | 2026-05-22T13:06:48Z |
| ghsa-6rr6-v7cj-mxpg |
5.3 (3.1)
5.5 (4.0)
|
Prefect Auth Bypass via endswith() Health Check Exemption | 2026-05-04T03:31:28Z | 2026-05-22T13:05:45Z |
| ghsa-x8mh-94wc-33gv |
5.9 (3.1)
|
apache-airflow-providers-smtp: No certificate validation on SMTP STARTTLS connections in SMTP provider | 2026-04-30T12:33:11Z | 2026-05-22T13:04:58Z |
| ghsa-x7jf-v64x-878j |
5.3 (3.1)
|
The MotoPress Hotel Booking plugin for WordPress is vulnerable to authorization bypass in all versi… | 2026-05-22T09:31:28Z | 2026-05-22T09:31:28Z |