VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
221679 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2026-48935 | redhat_vex | nodejs: Node.js: Unauthorized file metadata modification | fixed: 212 known affected: 14 | 2026-07-15T20:47:30+00:00 | Vulnerability · Source |
| CVE-2026-11525 | redhat_vex | undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header | fixed: 196 known affected: 47 | 2026-07-15T20:47:29+00:00 | Vulnerability · Source |
| CVE-2026-6733 | redhat_vex | undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery. | fixed: 196 known affected: 47 | 2026-07-15T20:47:27+00:00 | Vulnerability · Source |
| CVE-2026-32281 | redhat_vex | crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation | fixed: 1129 known affected: 259 known not affected: 1130 | 2026-07-15T20:42:13+00:00 | Vulnerability · Source |
| CVE-2025-58183 | redhat_vex | golang: archive/tar: Unbounded allocation when parsing GNU sparse map | fixed: 8840 known affected: 127 known not affected: 8193 | 2026-07-15T20:42:06+00:00 | Vulnerability · Source |
| CVE-2025-47907 | redhat_vex | database/sql: Postgres Scan Race Condition | fixed: 5222 known affected: 165 known not affected: 2217 | 2026-07-15T20:42:05+00:00 | Vulnerability · Source |
| CVE-2026-48934 | redhat_vex | nodejs: Node.js: Certification validation bypass in TLS host verification | fixed: 212 known affected: 14 | 2026-07-15T20:41:17+00:00 | Vulnerability · Source |
| CVE-2026-48930 | redhat_vex | nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling | fixed: 212 known affected: 14 | 2026-07-15T20:41:12+00:00 | Vulnerability · Source |
| CVE-2026-48928 | redhat_vex | Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency | fixed: 212 known affected: 14 | 2026-07-15T20:41:09+00:00 | Vulnerability · Source |
| CVE-2026-48619 | redhat_vex | nodejs: Node.js: Denial of Service via unlimited HTTP/2 ORIGIN frames | fixed: 212 known affected: 14 | 2026-07-15T20:41:06+00:00 | Vulnerability · Source |
| CVE-2026-48615 | redhat_vex | nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling | fixed: 250 known affected: 14 | 2026-07-15T20:41:04+00:00 | Vulnerability · Source |
| CVE-2026-9678 | redhat_vex | undici: Undici: Information disclosure due to improper cache-control header parsing | fixed: 200 known affected: 38 known not affected: 8 | 2026-07-15T20:41:03+00:00 | Vulnerability · Source |
| CVE-2025-61728 | redhat_vex | golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip | fixed: 6567 known affected: 110 known not affected: 4103 | 2026-07-15T20:40:59+00:00 | Vulnerability · Source |
| CVE-2024-24786 | redhat_vex | golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON | fixed: 2012 known affected: 115 known not affected: 11938 under investigation: 58 | 2026-07-15T20:36:35+00:00 | Vulnerability · Source |
| CVE-2022-41723 | redhat_vex | golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding | fixed: 1546 known affected: 288 known not affected: 11950 | 2026-07-15T20:36:32+00:00 | Vulnerability · Source |
| CVE-2022-30631 | redhat_vex | golang: compress/gzip: stack exhaustion in Reader.Read | fixed: 4253 known affected: 91 known not affected: 2159 | 2026-07-15T20:36:31+00:00 | Vulnerability · Source |
| CVE-2026-32282 | redhat_vex | golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root | fixed: 1170 known affected: 190 known not affected: 1824 | 2026-07-15T20:36:12+00:00 | Vulnerability · Source |
| CVE-2025-68121 | redhat_vex | crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption | fixed: 6920 known affected: 204 known not affected: 3906 under investigation: 42 | 2026-07-15T20:34:56+00:00 | Vulnerability · Source |
| CVE-2026-33810 | redhat_vex | crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application | fixed: 119 known affected: 149 known not affected: 939 | 2026-07-15T20:30:25+00:00 | Vulnerability · Source |
| CVE-2026-29063 | redhat_vex | immutable-js: Immutable.js: Arbitrary code execution via Prototype Pollution | fixed: 254 known affected: 38 known not affected: 11825 | 2026-07-15T20:30:10+00:00 | Vulnerability · Source |
| CVE-2026-27145 | redhat_vex | crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries | fixed: 174 known affected: 110 known not affected: 334 under investigation: 38 | 2026-07-15T20:29:57+00:00 | Vulnerability · Source |
| CVE-2025-66506 | redhat_vex | github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token | fixed: 320 known affected: 66 known not affected: 1247 | 2026-07-15T20:29:42+00:00 | Vulnerability · Source |
| CVE-2025-66418 | redhat_vex | urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion | fixed: 1933 known affected: 421 known not affected: 2586 under investigation: 1 | 2026-07-15T20:29:28+00:00 | Vulnerability · Source |
| CVE-2025-64756 | redhat_vex | glob: glob: Command Injection Vulnerability via Malicious Filenames | fixed: 171 known affected: 145 known not affected: 1097 | 2026-07-15T20:29:22+00:00 | Vulnerability · Source |
| CVE-2025-61729 | redhat_vex | crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate | fixed: 7443 known affected: 440 known not affected: 4613 under investigation: 2 | 2026-07-15T20:29:09+00:00 | Vulnerability · Source |
| CVE-2025-61726 | redhat_vex | golang: net/url: Memory exhaustion in query parameter parsing in net/url | fixed: 10108 known affected: 454 known not affected: 16780 | 2026-07-15T20:28:41+00:00 | Vulnerability · Source |
| CVE-2025-52881 | redhat_vex | runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects | fixed: 2379 known affected: 45 known not affected: 4060 | 2026-07-15T20:28:37+00:00 | Vulnerability · Source |
| CVE-2025-30204 | redhat_vex | golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing | fixed: 3038 known affected: 78 known not affected: 11728 | 2026-07-15T20:28:32+00:00 | Vulnerability · Source |
| CVE-2025-22869 | redhat_vex | golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh | fixed: 2719 known affected: 54 known not affected: 6259 under investigation: 1 | 2026-07-15T20:28:24+00:00 | Vulnerability · Source |
| CVE-2025-22868 | redhat_vex | golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws | fixed: 1876 known affected: 95 known not affected: 8426 | 2026-07-15T20:28:24+00:00 | Vulnerability · Source |
| CVE-2021-20329 | redhat_vex | mongo-go-driver: specific cstrings input may not be properly validated | fixed: 252 known affected: 69 known not affected: 3782 | 2026-07-15T20:24:06+00:00 | Vulnerability · Source |
| CVE-2026-34986 | redhat_vex | github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object | fixed: 1888 known affected: 171 known not affected: 10842 under investigation: 1 | 2026-07-15T20:23:49+00:00 | Vulnerability · Source |
| CVE-2026-15685 | redhat_vex | Ollama: Ollama: Denial of Service via improper array index validation in downloadBlob function | known not affected: 4 | 2026-07-15T20:23:47+00:00 | Vulnerability · Source |
| CVE-2026-39821 | redhat_vex | golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing | fixed: 637 known affected: 255 known not affected: 1151 under investigation: 5 | 2026-07-15T20:22:54+00:00 | Vulnerability · Source |
| CVE-2026-33186 | redhat_vex | google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation | fixed: 2477 known affected: 409 known not affected: 27387 under investigation: 1 | 2026-07-15T20:22:52+00:00 | Vulnerability · Source |
| CVE-2026-25679 | redhat_vex | net/url: Incorrect parsing of IPv6 host literals in net/url | fixed: 8880 known affected: 164 known not affected: 4255 under investigation: 1 | 2026-07-15T20:22:46+00:00 | Vulnerability · Source |
| CVE-2026-15308 | redhat_vex | python: Python: CPU Denial of Service in HTML parser via repeated unterminated markup declarations | fixed: 302 known affected: 63 known not affected: 34 | 2026-07-15T20:20:03+00:00 | Vulnerability · Source |
| CVE-2026-14544 | redhat_vex | HPLIP: Incomplete Fix for CVE-2026-8631 | fixed: 5 known affected: 11 known not affected: 41 | 2026-07-15T20:18:48+00:00 | Vulnerability · Source |
| CVE-2026-48933 | redhat_vex | nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt() | fixed: 250 known affected: 14 | 2026-07-15T20:18:01+00:00 | Vulnerability · Source |
| CVE-2026-48618 | redhat_vex | nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch | fixed: 250 known affected: 14 | 2026-07-15T20:17:55+00:00 | Vulnerability · Source |
| CVE-2026-42338 | redhat_vex | ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input | fixed: 284 known affected: 21 known not affected: 220 | 2026-07-15T20:17:48+00:00 | Vulnerability · Source |
| CVE-2026-12151 | redhat_vex | undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames | fixed: 295 known affected: 39 known not affected: 110 | 2026-07-15T20:17:41+00:00 | Vulnerability · Source |
| CVE-2026-9697 | redhat_vex | undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy | fixed: 172 known affected: 22 known not affected: 150 | 2026-07-15T20:17:35+00:00 | Vulnerability · Source |
| CVE-2026-6734 | redhat_vex | undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing | fixed: 172 known affected: 21 known not affected: 151 | 2026-07-15T20:17:21+00:00 | Vulnerability · Source |
| CVE-2026-32283 | redhat_vex | crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages | fixed: 2038 known affected: 220 known not affected: 954 under investigation: 1 | 2026-07-15T20:14:04+00:00 | Vulnerability · Source |
| CVE-2026-27137 | redhat_vex | crypto/x509: Incorrect enforcement of email constraints in crypto/x509 | fixed: 329 known affected: 134 known not affected: 1117 | 2026-07-15T20:13:49+00:00 | Vulnerability · Source |
| CVE-2023-39325 | redhat_vex | golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) | fixed: 4761 known affected: 244 known not affected: 30354 | 2026-07-15T20:09:59+00:00 | Vulnerability · Source |
| CVE-2026-32280 | redhat_vex | crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building | fixed: 2574 known affected: 186 known not affected: 2818 | 2026-07-15T20:09:14+00:00 | Vulnerability · Source |
| CVE-2026-42044 | redhat_vex | axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget | fixed: 135 known affected: 49 known not affected: 1455 | 2026-07-15T20:01:39+00:00 | Vulnerability · Source |
| CVE-2026-42039 | redhat_vex | axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data | fixed: 141 known affected: 38 known not affected: 2478 | 2026-07-15T20:01:06+00:00 | Vulnerability · Source |