VEX records

Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.

Reset

221647 VEX records

API response
Vulnerability Source Title Product status Imported Links
CVE-2026-27137 redhat_vex crypto/x509: Incorrect enforcement of email constraints in crypto/x509 fixed: 329 known affected: 134 known not affected: 1117 2026-07-15T12:07:23+00:00 Vulnerability · Source
CVE-2026-34986 redhat_vex github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object fixed: 1888 known affected: 158 known not affected: 10839 under investigation: 21 2026-07-15T12:05:07+00:00 Vulnerability · Source
CVE-2025-61729 redhat_vex crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate fixed: 7441 known affected: 440 known not affected: 4587 under investigation: 2 2026-07-15T12:04:44+00:00 Vulnerability · Source
CVE-2026-25679 redhat_vex net/url: Incorrect parsing of IPv6 host literals in net/url fixed: 8878 known affected: 165 known not affected: 4229 under investigation: 1 2026-07-15T12:02:18+00:00 Vulnerability · Source
CVE-2026-33810 redhat_vex crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application fixed: 117 known affected: 149 known not affected: 913 2026-07-15T12:01:55+00:00 Vulnerability · Source
CVE-2025-61726 redhat_vex golang: net/url: Memory exhaustion in query parameter parsing in net/url fixed: 10108 known affected: 454 known not affected: 16780 2026-07-15T11:58:18+00:00 Vulnerability · Source
CVE-2026-32280 redhat_vex crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building fixed: 2571 known affected: 187 known not affected: 2663 2026-07-15T11:55:56+00:00 Vulnerability · Source
CVE-2026-33186 redhat_vex google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation fixed: 2457 known affected: 409 known not affected: 27379 under investigation: 1 2026-07-15T11:54:03+00:00 Vulnerability · Source
CVE-2023-39325 redhat_vex golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) fixed: 4761 known affected: 244 known not affected: 30354 2026-07-15T11:51:23+00:00 Vulnerability · Source
CVE-2026-12143 redhat_vex form-data: form-data: Form field override via CRLF injection fixed: 97 known affected: 50 known not affected: 157 under investigation: 108 2026-07-15T11:34:25+00:00 Vulnerability · Source
CVE-2025-66506 redhat_vex github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token fixed: 320 known affected: 66 known not affected: 1247 2026-07-15T11:34:10+00:00 Vulnerability · Source
CVE-2025-66471 redhat_vex urllib3: urllib3 Streaming API improperly handles highly compressed data fixed: 1948 known affected: 359 known not affected: 3318 under investigation: 1 2026-07-15T11:33:56+00:00 Vulnerability · Source
CVE-2025-66418 redhat_vex urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion fixed: 1933 known affected: 421 known not affected: 2586 under investigation: 1 2026-07-15T11:33:37+00:00 Vulnerability · Source
CVE-2025-64756 redhat_vex glob: glob: Command Injection Vulnerability via Malicious Filenames fixed: 171 known affected: 145 known not affected: 1097 2026-07-15T11:33:23+00:00 Vulnerability · Source
CVE-2025-52881 redhat_vex runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects fixed: 2378 known affected: 46 known not affected: 3931 2026-07-15T11:33:12+00:00 Vulnerability · Source
CVE-2025-30204 redhat_vex golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing fixed: 3038 known affected: 78 known not affected: 11728 2026-07-15T11:32:51+00:00 Vulnerability · Source
CVE-2025-22869 redhat_vex golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh fixed: 2719 known affected: 54 known not affected: 6259 under investigation: 1 2026-07-15T11:31:38+00:00 Vulnerability · Source
CVE-2025-22868 redhat_vex golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws fixed: 1876 known affected: 95 known not affected: 8426 2026-07-15T11:31:06+00:00 Vulnerability · Source
CVE-2025-69223 redhat_vex aiohttp: AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb fixed: 219 known affected: 31 known not affected: 6332 2026-07-15T11:05:01+00:00 Vulnerability · Source
CVE-2026-39835 redhat_vex golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate fixed: 653 known affected: 148 known not affected: 316 under investigation: 1 2026-07-15T10:36:19+00:00 Vulnerability · Source
CVE-2026-48125 redhat_vex ua-parser-js: UAParser.js: Denial of Service via crafted Client Hints header known affected: 20 2026-07-15T10:35:56+00:00 Vulnerability · Source
CVE-2026-25681 redhat_vex golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting fixed: 290 known affected: 417 known not affected: 520 under investigation: 2 2026-07-15T10:31:48+00:00 Vulnerability · Source
CVE-2026-42342 redhat_vex react-router: @remix-run/server-runtime: React Router / Remix: Denial of Service via unbounded path expansion in __manifest endpoint known affected: 148 known not affected: 26 2026-07-15T10:31:14+00:00 Vulnerability · Source
CVE-2026-45736 redhat_vex ws: ws: Uninitialized memory disclosure via `websocket.close()` with `TypedArray` fixed: 29 known affected: 58 known not affected: 383 2026-07-15T10:31:05+00:00 Vulnerability · Source
CVE-2026-43514 redhat_vex tomcat-coyote: Apache Tomcat: Information disclosure via AJP secret timing discrepancy fixed: 4 known affected: 28 2026-07-15T10:19:37+00:00 Vulnerability · Source
CVE-2026-47736 redhat_vex puma: Puma: Denial of Service due to unbounded memory growth in PROXY protocol v1 known not affected: 19 2026-07-15T10:17:11+00:00 Vulnerability · Source
CVE-2026-49978 redhat_vex dompurify: DOMPurify: Cross-site scripting vulnerability allows code execution known affected: 13 under investigation: 35 2026-07-15T10:17:07+00:00 Vulnerability · Source
CVE-2026-47737 redhat_vex puma: Puma: Source IP spoofing via PROXY protocol header re-parsing known not affected: 19 2026-07-15T10:16:31+00:00 Vulnerability · Source
CVE-2026-32282 redhat_vex golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root fixed: 1168 known affected: 191 known not affected: 1798 2026-07-15T10:03:11+00:00 Vulnerability · Source
CVE-2026-32281 redhat_vex crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation fixed: 1127 known affected: 260 known not affected: 1104 2026-07-15T10:03:04+00:00 Vulnerability · Source
CVE-2026-33811 redhat_vex net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME fixed: 501 known affected: 261 known not affected: 516 under investigation: 17 2026-07-15T10:00:31+00:00 Vulnerability · Source
CVE-2026-32283 redhat_vex crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages fixed: 2038 known affected: 220 known not affected: 954 under investigation: 1 2026-07-15T10:00:17+00:00 Vulnerability · Source
CVE-2026-39830 redhat_vex golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses fixed: 578 known affected: 191 known not affected: 484 under investigation: 4 2026-07-15T09:56:30+00:00 Vulnerability · Source
CVE-2026-49459 redhat_vex dompurify: DOMPurify: Cross-site scripting bypass allows arbitrary script execution known affected: 4 under investigation: 44 2026-07-15T09:56:27+00:00 Vulnerability · Source
CVE-2026-42997 redhat_vex OpenStack Ironic: OpenStack Ironic: Information disclosure via credential forwarding during mold import fixed: 4 known affected: 9 known not affected: 4 2026-07-15T09:56:18+00:00 Vulnerability · Source
CVE-2026-49458 redhat_vex dompurify: DOMPurify: Cross-site scripting due to improper sanitization of DOM nodes known affected: 7 under investigation: 41 2026-07-15T09:51:16+00:00 Vulnerability · Source
CVE-2026-53486 redhat_vex decompress: @xhmikosr/decompress: Decompress: Arbitrary file read/write via crafted archive extraction known affected: 4 2026-07-15T09:46:13+00:00 Vulnerability · Source
CVE-2026-47423 redhat_vex dompurify: DOMPurify: Cross-site scripting vulnerability allows information disclosure known affected: 1 known not affected: 9 under investigation: 38 2026-07-15T09:46:08+00:00 Vulnerability · Source
CVE-2026-15308 redhat_vex python: Python: CPU Denial of Service in HTML parser via repeated unterminated markup declarations fixed: 178 known affected: 81 known not affected: 34 2026-07-15T09:37:31+00:00 Vulnerability · Source
CVE-2026-35469 redhat_vex Kubelet: CRI-O: kube-apiserver: Kubelet, CRI-O, kube-apiserver: Denial of Service via SPDY streaming code fixed: 404 known affected: 78 known not affected: 15464 2026-07-15T09:31:40+00:00 Vulnerability · Source
CVE-2026-12151 redhat_vex undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames fixed: 255 known affected: 53 known not affected: 110 2026-07-15T09:31:05+00:00 Vulnerability · Source
CVE-2026-15028 redhat_vex libarchive: heap overflow OOB read while parsing a tar archive contains a PAX extended header fixed: 3 known affected: 21 2026-07-15T09:15:14+00:00 Vulnerability · Source
CVE-2026-27136 redhat_vex golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via HTML parsing bypass fixed: 218 known affected: 420 known not affected: 170 under investigation: 2 2026-07-15T09:12:05+00:00 Vulnerability · Source
CVE-2026-46579 redhat_vex openshift/router: openshift/router: mTLS client certificate spoofing via unstripped X-SSL-Client headers on HTTP frontend fixed: 16 known affected: 1 known not affected: 1476 2026-07-15T09:09:53+00:00 Vulnerability · Source
CVE-2026-26996 redhat_vex minimatch: minimatch: Denial of Service via specially crafted glob patterns fixed: 520 known affected: 38 known not affected: 3848 2026-07-15T09:09:37+00:00 Vulnerability · Source
CVE-2026-6523 redhat_vex wireshark: Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark known affected: 4 known not affected: 16 2026-07-15T09:08:31+00:00 Vulnerability · Source
CVE-2026-6525 redhat_vex wireshark: NULL Pointer Dereference in Wireshark known not affected: 20 2026-07-15T09:08:30+00:00 Vulnerability · Source
CVE-2026-9759 redhat_vex wireshark: NULL Pointer Dereference in Wireshark known affected: 4 known not affected: 16 2026-07-15T09:07:15+00:00 Vulnerability · Source
CVE-2026-5299 redhat_vex wireshark: Uncontrolled Recursion in Wireshark known affected: 4 known not affected: 16 2026-07-15T09:07:12+00:00 Vulnerability · Source
CVE-2026-10649 redhat_vex pacemaker: Pacemaker: Denial of Service via integer overflow in remote message decompression fixed: 268 known affected: 30 2026-07-15T09:06:30+00:00 Vulnerability · Source