Vulnerability Database
Blog
FAQ
Docs
arrow_forward
search
light_mode
dark_mode
Vulnerabilities
search
All ecosystems
776402
AlmaLinux
5306
Alpaquita
11501
Alpine
4284
Android
3403
Azure Linux
12016
BellSoft Hardened Containers
579
Bitnami
8375
Chainguard
9424
CleanStart
1780
CRAN
14
crates.io
2574
Debian
59933
Echo
6737
GHC
3
GIT
94257
GitHub Actions
54
Go
8193
Hackage
32
Hex
191
Julia
1099
Linux
25421
Mageia
6031
Maven
6707
MinimOS
90238
npm
222709
NuGet
1774
opam
19
openEuler
7237
openSUSE
13544
OSS-Fuzz
3960
Packagist
6712
Pub
11
PyPI
23856
Red Hat
21341
Rocky Linux
3684
Root
17566
RubyGems
4565
SUSE
21565
SwiftURL
58
TuxCare
5651
Ubuntu
57418
VSCode
20
Wolfi
6560
ID
Packages
Summary
Published
arrow_upward
Attributes
MAL-2026-10778
npm/relativity-pdfjs-dist
Malicious code in relativity-pdfjs-dist (npm)
7 hours ago
No fix available
MAL-2026-10772
npm/axios-native
Malicious code in axios-native (npm)
17 hours ago
No fix available
MAL-2026-10773
npm/telemetry-axios
Malicious code in telemetry-axios (npm)
17 hours ago
No fix available
GHSA-r95q-fp26-h3hc
npm/@tak-ps/cloudtak
CloudTAK: Authenticated full-read SSRF in the /api/esri* routes — user-controlled URL fetched with no IP-classification guard
18 hours ago
Fix available
Severity - 7.6 (High)
GHSA-g77h-45rf-hcx4
npm/exifreader
ExifReader HEIC/AVIF ISO-BMFF parser throws uncaught RangeError on truncated boxes
20 hours ago
Fix available
Severity - 5.3 (Medium)
GHSA-c4gh-rv8h-q9vw
npm/@prompty/core
Prompty: Arbitrary code execution via JavaScript frontmatter in TypeScript loader
20 hours ago
Fix available
Severity - 8.7 (High)
GHSA-wxhm-2mq7-7697
NuGet/Prompty.Core
PyPI/prompty
crates.io/prompty
npm/@prompty/core
Prompty: Arbitrary file read via file reference expansion
20 hours ago
Fix available
Severity - 7.5 (High)
GHSA-f7wf-v2vw-mpcx
npm/mcp-memory-keeper
mcp-memory-keeper: Arbitrary local file read in context_import via unvalidated filePath
21 hours ago
Fix available
Severity - 6.2 (Medium)
GHSA-vqrw-qphh-p34v
npm/@tak-ps/cloudtak
TAK-PS-Stats Web UI: Authenticated full-read SSRF in CloudTAK basemap import (PUT /api/basemap) — no IP-classification guard
21 hours ago
No fix available
Severity - 5.0 (Medium)
MAL-2026-10776
npm/n8n-nodes-final-mile
Malicious code in n8n-nodes-final-mile (npm)
yesterday
No fix available
MAL-2026-10775
npm/n8n-nodes-devops-utils
Malicious code in n8n-nodes-devops-utils (npm)
yesterday
No fix available
MAL-2026-10777
npm/n8n-nodes-probe
Malicious code in n8n-nodes-probe (npm)
yesterday
No fix available
MAL-2026-10769
npm/easyway2
Malicious code in easyway2 (npm)
yesterday
No fix available
MAL-2026-10774
npm/n8n-nodes-api-finder
Malicious code in n8n-nodes-api-finder (npm)
yesterday
No fix available
MAL-2026-10761
npm/my-tailwind-gutenberg-block
Malicious code in my-tailwind-gutenberg-block (npm)
yesterday
No fix available
MAL-2026-10707
npm/@ai-support-agent/cli
Malicious code in @ai-support-agent/cli (npm)
yesterday
No fix available
Load more...
npm - OSV