VEX records

Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.

Reset

221679 VEX records

API response
Vulnerability Source Title Product status Imported Links
CVE-2026-48935 redhat_vex nodejs: Node.js: Unauthorized file metadata modification fixed: 212 known affected: 14 2026-07-15T20:47:30+00:00 Vulnerability · Source
CVE-2026-11525 redhat_vex undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header fixed: 196 known affected: 47 2026-07-15T20:47:29+00:00 Vulnerability · Source
CVE-2026-6733 redhat_vex undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery. fixed: 196 known affected: 47 2026-07-15T20:47:27+00:00 Vulnerability · Source
CVE-2026-32281 redhat_vex crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation fixed: 1129 known affected: 259 known not affected: 1130 2026-07-15T20:42:13+00:00 Vulnerability · Source
CVE-2025-58183 redhat_vex golang: archive/tar: Unbounded allocation when parsing GNU sparse map fixed: 8840 known affected: 127 known not affected: 8193 2026-07-15T20:42:06+00:00 Vulnerability · Source
CVE-2025-47907 redhat_vex database/sql: Postgres Scan Race Condition fixed: 5222 known affected: 165 known not affected: 2217 2026-07-15T20:42:05+00:00 Vulnerability · Source
CVE-2026-48934 redhat_vex nodejs: Node.js: Certification validation bypass in TLS host verification fixed: 212 known affected: 14 2026-07-15T20:41:17+00:00 Vulnerability · Source
CVE-2026-48930 redhat_vex nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling fixed: 212 known affected: 14 2026-07-15T20:41:12+00:00 Vulnerability · Source
CVE-2026-48928 redhat_vex Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency fixed: 212 known affected: 14 2026-07-15T20:41:09+00:00 Vulnerability · Source
CVE-2026-48619 redhat_vex nodejs: Node.js: Denial of Service via unlimited HTTP/2 ORIGIN frames fixed: 212 known affected: 14 2026-07-15T20:41:06+00:00 Vulnerability · Source
CVE-2026-48615 redhat_vex nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling fixed: 250 known affected: 14 2026-07-15T20:41:04+00:00 Vulnerability · Source
CVE-2026-9678 redhat_vex undici: Undici: Information disclosure due to improper cache-control header parsing fixed: 200 known affected: 38 known not affected: 8 2026-07-15T20:41:03+00:00 Vulnerability · Source
CVE-2025-61728 redhat_vex golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip fixed: 6567 known affected: 110 known not affected: 4103 2026-07-15T20:40:59+00:00 Vulnerability · Source
CVE-2024-24786 redhat_vex golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON fixed: 2012 known affected: 115 known not affected: 11938 under investigation: 58 2026-07-15T20:36:35+00:00 Vulnerability · Source
CVE-2022-41723 redhat_vex golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding fixed: 1546 known affected: 288 known not affected: 11950 2026-07-15T20:36:32+00:00 Vulnerability · Source
CVE-2022-30631 redhat_vex golang: compress/gzip: stack exhaustion in Reader.Read fixed: 4253 known affected: 91 known not affected: 2159 2026-07-15T20:36:31+00:00 Vulnerability · Source
CVE-2026-32282 redhat_vex golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root fixed: 1170 known affected: 190 known not affected: 1824 2026-07-15T20:36:12+00:00 Vulnerability · Source
CVE-2025-68121 redhat_vex crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption fixed: 6920 known affected: 204 known not affected: 3906 under investigation: 42 2026-07-15T20:34:56+00:00 Vulnerability · Source
CVE-2026-33810 redhat_vex crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application fixed: 119 known affected: 149 known not affected: 939 2026-07-15T20:30:25+00:00 Vulnerability · Source
CVE-2026-29063 redhat_vex immutable-js: Immutable.js: Arbitrary code execution via Prototype Pollution fixed: 254 known affected: 38 known not affected: 11825 2026-07-15T20:30:10+00:00 Vulnerability · Source
CVE-2026-27145 redhat_vex crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries fixed: 174 known affected: 110 known not affected: 334 under investigation: 38 2026-07-15T20:29:57+00:00 Vulnerability · Source
CVE-2025-66506 redhat_vex github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token fixed: 320 known affected: 66 known not affected: 1247 2026-07-15T20:29:42+00:00 Vulnerability · Source
CVE-2025-66418 redhat_vex urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion fixed: 1933 known affected: 421 known not affected: 2586 under investigation: 1 2026-07-15T20:29:28+00:00 Vulnerability · Source
CVE-2025-64756 redhat_vex glob: glob: Command Injection Vulnerability via Malicious Filenames fixed: 171 known affected: 145 known not affected: 1097 2026-07-15T20:29:22+00:00 Vulnerability · Source
CVE-2025-61729 redhat_vex crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate fixed: 7443 known affected: 440 known not affected: 4613 under investigation: 2 2026-07-15T20:29:09+00:00 Vulnerability · Source
CVE-2025-61726 redhat_vex golang: net/url: Memory exhaustion in query parameter parsing in net/url fixed: 10108 known affected: 454 known not affected: 16780 2026-07-15T20:28:41+00:00 Vulnerability · Source
CVE-2025-52881 redhat_vex runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects fixed: 2379 known affected: 45 known not affected: 4060 2026-07-15T20:28:37+00:00 Vulnerability · Source
CVE-2025-30204 redhat_vex golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing fixed: 3038 known affected: 78 known not affected: 11728 2026-07-15T20:28:32+00:00 Vulnerability · Source
CVE-2025-22869 redhat_vex golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh fixed: 2719 known affected: 54 known not affected: 6259 under investigation: 1 2026-07-15T20:28:24+00:00 Vulnerability · Source
CVE-2025-22868 redhat_vex golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws fixed: 1876 known affected: 95 known not affected: 8426 2026-07-15T20:28:24+00:00 Vulnerability · Source
CVE-2021-20329 redhat_vex mongo-go-driver: specific cstrings input may not be properly validated fixed: 252 known affected: 69 known not affected: 3782 2026-07-15T20:24:06+00:00 Vulnerability · Source
CVE-2026-34986 redhat_vex github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object fixed: 1888 known affected: 171 known not affected: 10842 under investigation: 1 2026-07-15T20:23:49+00:00 Vulnerability · Source
CVE-2026-15685 redhat_vex Ollama: Ollama: Denial of Service via improper array index validation in downloadBlob function known not affected: 4 2026-07-15T20:23:47+00:00 Vulnerability · Source
CVE-2026-39821 redhat_vex golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing fixed: 637 known affected: 255 known not affected: 1151 under investigation: 5 2026-07-15T20:22:54+00:00 Vulnerability · Source
CVE-2026-33186 redhat_vex google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation fixed: 2477 known affected: 409 known not affected: 27387 under investigation: 1 2026-07-15T20:22:52+00:00 Vulnerability · Source
CVE-2026-25679 redhat_vex net/url: Incorrect parsing of IPv6 host literals in net/url fixed: 8880 known affected: 164 known not affected: 4255 under investigation: 1 2026-07-15T20:22:46+00:00 Vulnerability · Source
CVE-2026-15308 redhat_vex python: Python: CPU Denial of Service in HTML parser via repeated unterminated markup declarations fixed: 302 known affected: 63 known not affected: 34 2026-07-15T20:20:03+00:00 Vulnerability · Source
CVE-2026-14544 redhat_vex HPLIP: Incomplete Fix for CVE-2026-8631 fixed: 5 known affected: 11 known not affected: 41 2026-07-15T20:18:48+00:00 Vulnerability · Source
CVE-2026-48933 redhat_vex nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt() fixed: 250 known affected: 14 2026-07-15T20:18:01+00:00 Vulnerability · Source
CVE-2026-48618 redhat_vex nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch fixed: 250 known affected: 14 2026-07-15T20:17:55+00:00 Vulnerability · Source
CVE-2026-42338 redhat_vex ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input fixed: 284 known affected: 21 known not affected: 220 2026-07-15T20:17:48+00:00 Vulnerability · Source
CVE-2026-12151 redhat_vex undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames fixed: 295 known affected: 39 known not affected: 110 2026-07-15T20:17:41+00:00 Vulnerability · Source
CVE-2026-9697 redhat_vex undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy fixed: 172 known affected: 22 known not affected: 150 2026-07-15T20:17:35+00:00 Vulnerability · Source
CVE-2026-6734 redhat_vex undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing fixed: 172 known affected: 21 known not affected: 151 2026-07-15T20:17:21+00:00 Vulnerability · Source
CVE-2026-32283 redhat_vex crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages fixed: 2038 known affected: 220 known not affected: 954 under investigation: 1 2026-07-15T20:14:04+00:00 Vulnerability · Source
CVE-2026-27137 redhat_vex crypto/x509: Incorrect enforcement of email constraints in crypto/x509 fixed: 329 known affected: 134 known not affected: 1117 2026-07-15T20:13:49+00:00 Vulnerability · Source
CVE-2023-39325 redhat_vex golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) fixed: 4761 known affected: 244 known not affected: 30354 2026-07-15T20:09:59+00:00 Vulnerability · Source
CVE-2026-32280 redhat_vex crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building fixed: 2574 known affected: 186 known not affected: 2818 2026-07-15T20:09:14+00:00 Vulnerability · Source
CVE-2026-42044 redhat_vex axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget fixed: 135 known affected: 49 known not affected: 1455 2026-07-15T20:01:39+00:00 Vulnerability · Source
CVE-2026-42039 redhat_vex axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data fixed: 141 known affected: 38 known not affected: 2478 2026-07-15T20:01:06+00:00 Vulnerability · Source