OSV - Open Source Vulnerabilities

OSV-2026-205

OSS-Fuzz/gpsd
gitlab.com/gpsd/gpsd

UNKNOWN READ in gpsd_poll

yesterday

Fix available

CVE-2026-25804

github.com/antrea-io/antrea

Antrea has invalid enforcement order for network policy rules caused by integer overflow

yesterday

Fix available
Severity - 8.0 (High)

CVE-2026-25793

github.com/slackhq/nebula

Nebula Has Possible Blocklist Bypass via ECDSA Signature Malleability

yesterday

Fix available
Severity - 7.6 (High)

CVE-2026-25803

github.com/denpiligrim/3dp-manager

3DP-MANAGER Uses Hard-coded Credentials

yesterday

Fix available
Severity - 9.8 (Critical)

CVE-2026-25762

github.com/adonisjs/bodyparser

AdonisJS vulnerable to Denial of Service (DoS) via Unrestricted Memory Buffering in PartHandler during File Type Detection

yesterday

Fix available
Severity - 7.5 (High)

CVE-2026-25754

github.com/adonisjs/bodyparser

AdonisJS multipart body parsing has Prototype Pollution issue

yesterday

Fix available
Severity - 7.2 (High)

CVE-2026-25749

github.com/vim/vim

Heap Overflow in Vim

yesterday

Fix available
Severity - 6.6 (Medium)

CVE-2026-25757

github.com/spree/spree

Unauthenticated Spree Commerce users can view completed guest orders by Order ID

yesterday

Fix available
Severity - 7.7 (High)

CVE-2026-25763

github.com/opf/openproject

Command Injection on OpenProject repositories leads to Remote Code Execution

yesterday

Fix available
Severity - 9.4 (Critical)

CVE-2026-25764

github.com/opf/openproject

OpenProject vulnerable to Stored HTML injection

yesterday

Fix available
Severity - 3.5 (Low)

CVE-2026-25760

github.com/bishopfox/sliver

Website Path Traversal / Arbitrary File Read (Authenticated) in Sliver

yesterday

Fix available
Severity - 6.5 (Medium)

CVE-2026-25758

github.com/spree/spree

Spree allows unauthenticated users can access all guest addresses

yesterday

Fix available
Severity - 7.7 (High)

CVE-2025-68621

github.com/triliumnext/trilium

Trilium Notes has a Timing Attack Vulnerability in /api/login/sync

yesterday

Fix available
Severity - 7.4 (High)

CVE-2026-25123

github.com/homarr-labs/homarr

Homarr affected by Unauthenticated SSRF / Port-Scan Primitive via widget.app.ping

yesterday

Fix available
Severity - 5.3 (Medium)

CVE-2026-25533

github.com/agentfront/enclave

Enclave has a sandbox escape via infinite recursion and error objects

yesterday

Fix available
Severity - 6.4 (Medium)

CVE-2026-25516

github.com/zauberzeug/nicegui

NiceGUI's XSS vulnerability in ui.markdown() allows arbitrary JavaScript execution through unsanitized HTML content

yesterday

Fix available
Severity - 6.1 (Medium)