| Bug | Description | Note |
|---|
| CVE-2016-1584 | In all versions of Unity8 a running but not active application on a la ... | check proper tracking update |
| CVE-2016-20023 | In CKSource CKFinder before 2.5.0.1 for ASP.NET, authenticated users c ... | check |
| CVE-2018-25193 | Mongoose Web Server 6.9 contains a denial of service vulnerability tha ... | check |
| CVE-2019-25338 | DokuWiki 2018-04-22b contains a username enumeration vulnerability in ... | check upstream status |
| CVE-2019-25355 | gSOAP 2.8 contains a directory traversal vulnerability that allows una ... | check upstream status |
| CVE-2020-36968 | M/Monit 3.7.4 contains an authentication vulnerability that allows aut ... | check, unclear upstream status |
| CVE-2020-36969 | M/Monit 3.7.4 contains a privilege escalation vulnerability that allow ... | check, unclear upstream status |
| CVE-2020-37011 | Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability tha ... | check, unclear upstream status. Doesn't reproduce with the version in trixie |
| CVE-2020-37038 | Code Blocks 20.03 contains a denial of service vulnerability that allo ... | check, possibly just DoS of application and unimportant |
| CVE-2020-37040 | Code Blocks 17.12 contains a local buffer overflow vulnerability that ... | check, might be Windows specific issue |
| CVE-2020-37167 | ClamAV versions prior to 0.103.0-rc contain a vulnerability in functio ... | check upstream status |
| CVE-2020-37182 | Redir 3.3 contains a stack overflow vulnerability in the doproxyconnec ... | check details |
| CVE-2021-26381 | Improper system call parameter validation in the Trusted OS may allow ... | check |
| CVE-2021-26410 | Improper syscall input validation in ASP (AMD Secure Processor) may fo ... | check |
| CVE-2021-47793 | Telegram Desktop 2.9.2 contains a denial of service vulnerability that ... | check |
| CVE-2022-23538 | github.com/sylabs/scs-library-client is the Go client for the Singular ... | check details, might as well affect golang-github-apptainer-container-library-client |
| CVE-2022-50942 | Incinga Web 2.8.2 contains a client-side cross-site scripting vulnerab ... | check status upstream |
| CVE-2023-20514 | Improper handling of parameters in the AMD Secure Processor (ASP) coul ... | check |
| CVE-2023-20548 | A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure ... | check |
| CVE-2023-20601 | Improper input validation within RAS TA Driver can allow a local attac ... | check |
| CVE-2023-26044 | react/http is an event-driven, streaming HTTP client and server implem ... | check, is embedded inicinga-php-thirdparty, icingaweb2-module-reactbundle possibly affected |
| CVE-2023-27573 | netbox-docker before 2.5.0 has a superuser account with default creden ... | check |
| CVE-2023-31313 | An unintended proxy or intermediary in the AMD power management firmwa ... | check |
| CVE-2023-31324 | A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure ... | check |
| CVE-2023-31364 | Improper handling of direct memory writes in the input-output memory m ... | check |
| CVE-2023-49316 | In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively larg ... | check if affecting ldap-account-manager or unused path |
| CVE-2023-50251 | php-svg-lib is an SVG file parsing / rendering library. Prior to versi ... | check, other packages are embedding the library: civicrm, icinga-php-thirdparty and icingaweb2 to be checked |
| CVE-2023-50252 | php-svg-lib is an SVG file parsing / rendering library. Prior to versi ... | check, other packages are embedding the library: civicrm, icinga-php-thirdparty and icingaweb2 to be checked |
| CVE-2023-50262 | Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Do ... | check sources embedding php-dompdf if affected |
| CVE-2024-4027 | A flaw was found in Undertow. Servlets using a method that calls HttpS ... | check details |
| CVE-2024-21953 | Improper input validation in IOMMU could allow a malicious hypervisor ... | check |
| CVE-2024-22420 | JupyterLab is an extensible environment for interactive and reproducib ... | check completeness, src:jupyter-notebook? |
| CVE-2024-22421 | JupyterLab is an extensible environment for interactive and reproducib ... | check completeness, src:jupyter-notebook? |
| CVE-2024-36310 | Improper input validation in the SMM communications buffer could allow ... | check |
| CVE-2024-36311 | A Time-of-check time-of-use (TOCTOU) race condition in the SMM communi ... | check |
| CVE-2024-36316 | The integer overflow vulnerability within AMD Graphics driver could al ... | check |
| CVE-2024-36324 | Improper input validation in AMD Graphics Driver could allow an attack ... | check |
| CVE-2024-54192 | An issue inTcpreplay v4.5.1 allows a local attacker to cause a denial ... | check |
| CVE-2025-0012 | Improper handling of overlap between the segmented reverse map table ( ... | check |
| CVE-2025-0029 | Improper handling of error condition during host-induced faults can al ... | check |
| CVE-2025-0031 | A use after free in the SEV firmware could allow a malicous hypervisor ... | check |
| CVE-2025-4382 | A flaw was found in systems utilizing LUKS-encrypted disks with GRUB c ... | double check if vulnerability only considered present after grub_is_cli_disabled is introduced |
| CVE-2025-6499 | A vulnerability classified as problematic was found in vstakhov libucl ... | check if impacts security wise rspamd, which embeds libucl and uses it a compile time |
| CVE-2025-8671 | A mismatch caused by client-triggered server-sent stream resets betwee ... | check, some projects will assign own CVEs and should then be covered under that specific CVE instead |
| CVE-2025-8941 | A flaw was found in linux-pam. The pam_namespace module may improperly ... | check likely RedHat specific incomplete fix for CVE-2025-6020, but asked to pinpoint incomplete fixes |
| CVE-2025-11010 | A vulnerability has been found in vstakhov libucl up to 0.9.2. Affecte ... | check if impacts security wise rspamd, which embeds libucl and uses it a compile time |
| CVE-2025-11147 | Reflected cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vuln ... | clarifying with reporter and Eduard Bloch on the issue. |
| CVE-2025-14905 | A flaw was found in the 389-ds-base server. A heap buffer overflow vul ... | check details |
| CVE-2025-15569 | A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. The im ... | check |
| CVE-2025-20005 | Improper buffer restrictions in some UEFI firmware for some Intel(R) r ... | check |
| CVE-2025-20027 | Improper input validation in the UEFI WheaERST module for some Intel(R ... | check |
| CVE-2025-20028 | Time-of-check time-of-use race condition in the WheaERST SMM module fo ... | check |
| CVE-2025-20064 | Improper input validation in the UEFI FlashUcAcmSmm module for some In ... | check |
| CVE-2025-20068 | Improper input validation in the UEFI ImcErrorHandler module for some ... | check |
| CVE-2025-20073 | Improper buffer restrictions in the UEFI DXE module for some Intel(R) ... | check |
| CVE-2025-20096 | Improper input validation in the UEFI firmware for some Intel Referenc ... | check |
| CVE-2025-20105 | Improper input validation in some UEFI firmware SMM module for the Int ... | check |
| CVE-2025-22444 | Exposure of resource to wrong sphere in the UEFI PdaSmm module for som ... | check |
| CVE-2025-22850 | Time-of-check time-of-use race condition in the UEFI PdaSmm module for ... | check |
| CVE-2025-29939 | Improper access control in secure encrypted virtualization (SEV) could ... | check |
| CVE-2025-29946 | Insufficient or Incomplete Data Removal in Hardware Component in SEV f ... | check |
| CVE-2025-29948 | Improper access control in AMD Secure Encrypted Virtualization (SEV) f ... | check |
| CVE-2025-29952 | Improper Initialization within the AMD Secure Encrypted Virtualization ... | check |
| CVE-2025-41709 | [PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATF ... | check |
| CVE-2025-41710 | An unauthenticated remote attacker may use hardcodes credentials to ge ... | check |
| CVE-2025-41711 | An unauthenticated remote attacker can use firmware images to extract ... | check |
| CVE-2025-41712 | An unauthenticated remote attacker who tricks a user to upload a manip ... | check |
| CVE-2025-56421 | SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710 allow ... | check |
| CVE-2025-56422 | A deserialization vulnerability in LimeSurvey before v6.15.0+250623 al ... | check |
| CVE-2025-58064 | CKEditor 5 is a modern JavaScript rich-text editor with an MVC archite ... | check |
| CVE-2025-60796 | phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting ( ... | check, possibly not reported upstream |
| CVE-2025-60797 | phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability i ... | check, possibly not reported upstream |
| CVE-2025-60798 | phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability i ... | check, possibly not reported upstream |
| CVE-2025-60799 | phpPgAdmin 7.13.0 and earlier contains an incorrect access control vul ... | check, possibly not reported upstream |
| CVE-2025-61261 | A reflected cross-site scripting (XSS) vulnerability in CKeditor v46.1 ... | check |
| CVE-2025-61982 | An arbitrary code execution vulnerability exists in the Code Stream di ... | check upstream status |
| CVE-2025-65102 | PJSIP is a free and open source multimedia communication library. Prio ... | check, might affect asterisk and ring |
| CVE-2025-65865 | An integer overflow in eProsima Fast-DDS v3.3 allows attackers to caus ... | check https://gist.github.com/lkloliver/7aa48cb9fc7a1dd74cb595212bb69d33, unclear if reported upstream |
| CVE-2025-66413 | Git for Windows is the Windows port of Git. Prior to 2.53.0(2), it is ... | check |
| CVE-2025-66578 | xmlseclibs is a library written in PHP for working with XML Encryption ... | check |
| CVE-2025-67108 | eProsima Fast-DDS v3.3 was discovered to contain improper validation f ... | check https://gist.github.com/lkloliver/81b5d5a8328d712dbfd497bf11dbe913, unclear if reported upstream |
| CVE-2025-69614 | Incorrect Access Control via activation token reuse on the password-re ... | check |
| CVE-2025-69615 | Incorrect Access Control via missing 2FA rate-limiting allowing unlimi ... | check |
| CVE-2025-69969 | A lack of authentication and authorization mechanisms in the Bluetooth ... | check |
| CVE-2025-70025 | An issue pertaining to CWE-79: Improper Neutralization of Input During ... | check |
| CVE-2025-70128 | A Stored Cross-Site Scripting (XSS) vulnerability exists in the PluXml ... | check |
| CVE-2025-70129 | If the anti spam-captcha functionality in PluXml versions 5.8.22 and e ... | check |
| CVE-2026-0708 | | check if impacts security wise rspamd, which embeds libucl and uses it a compile time |
| CVE-2026-0847 | A vulnerability in NLTK versions up to and including 3.9.2 allows arbi ... | check details, report not public so far |
| CVE-2026-1703 | When pip is installing and extracting a maliciously crafted wheel arch ... | check as well pipenv |
| CVE-2026-2339 | Missing Authentication for Critical Function vulnerability in TUBITAK ... | check |
| CVE-2026-3054 | A vulnerability was identified in Alinto SOGo 5.12.3/5.12.4. This impa ... | check, check upstream details |
| CVE-2026-3351 | Improper authorization in the API endpoint GET /1.0/certificates in Ca ... | check |
| CVE-2026-3884 | Versions of the package spin.js before 3.0.0 are vulnerable to Cross-s ... | check |
| CVE-2026-20892 | Code injection vulnerability exists in MR-GM5L-S1 and MR-GM5A-L1, whic ... | check |
| CVE-2026-20967 | Improper input validation in System Center Operations Manager allows a ... | check |
| CVE-2026-21262 | Improper access control in SQL Server allows an authorized attacker to ... | check |
| CVE-2026-22866 | Ethereum Name Service (ENS) is a distributed, open, and extensible nam ... | check |
| CVE-2026-23654 | Dependency on vulnerable third-party component in GitHub Repo: zero-sh ... | check |
| CVE-2026-23656 | Insufficient verification of data authenticity in Windows App Installe ... | check |
| CVE-2026-23660 | Improper access control in Azure Portal Windows Admin Center allows an ... | check |
| CVE-2026-23661 | Cleartext transmission of sensitive information in Azure IoT Explorer ... | check |
| CVE-2026-23662 | Missing authentication for critical function in Azure IoT Explorer all ... | check |
| CVE-2026-23664 | Improper restriction of communication channel to intended endpoints in ... | check |
| CVE-2026-23665 | Heap-based buffer overflow in Azure Linux Virtual Machines allows an a ... | check |
| CVE-2026-23667 | Use after free in Broadcast DVR allows an authorized attacker to eleva ... | check |
| CVE-2026-23668 | Concurrent execution using shared resource with improper synchronizati ... | check |
| CVE-2026-23669 | Use after free in Windows Print Spooler Components allows an authorize ... | check |
| CVE-2026-23671 | Concurrent execution using shared resource with improper synchronizati ... | check |
| CVE-2026-23672 | Windows Universal Disk Format File System Driver (UDFS) Elevation of P ... | check |
| CVE-2026-23673 | Out-of-bounds read in Windows Resilient File System (ReFS) allows an a ... | check |
| CVE-2026-23674 | Improper resolution of path equivalence in Windows MapUrlToZone allows ... | check |
| CVE-2026-23868 | Giflib contains a double-free vulnerability that is the result of a sh ... | check |
| CVE-2026-23907 | This issue affects the ExtractEmbeddedFiles example inApache PDFBox: ... | check |
| CVE-2026-24282 | Out-of-bounds read in Push Message Routing Service allows an authorize ... | check |
| CVE-2026-24283 | Heap-based buffer overflow in Windows File Server allows an authorized ... | check |
| CVE-2026-24285 | Use after free in Windows Win32K allows an authorized attacker to elev ... | check |
| CVE-2026-24287 | External control of file name or path in Windows Kernel allows an auth ... | check |
| CVE-2026-24288 | Heap-based buffer overflow in Windows Mobile Broadband allows an unaut ... | check |
| CVE-2026-24289 | Use after free in Windows Kernel allows an authorized attacker to elev ... | check |
| CVE-2026-24290 | Improper access control in Windows Projected File System allows an aut ... | check |
| CVE-2026-24291 | Incorrect permission assignment for critical resource in Windows Acces ... | check |
| CVE-2026-24292 | Use after free in Connected Devices Platform Service (Cdpsvc) allows a ... | check |
| CVE-2026-24293 | Null pointer dereference in Windows Ancillary Function Driver for WinS ... | check |
| CVE-2026-24294 | Improper authentication in Windows SMB Server allows an authorized att ... | check |
| CVE-2026-24295 | Concurrent execution using shared resource with improper synchronizati ... | check |
| CVE-2026-24296 | Concurrent execution using shared resource with improper synchronizati ... | check |
| CVE-2026-24297 | Concurrent execution using shared resource with improper synchronizati ... | check |
| CVE-2026-24448 | Use of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L ... | check |
| CVE-2026-25165 | Null pointer dereference in Windows Performance Counters allows an aut ... | check |
| CVE-2026-25166 | Deserialization of untrusted data in Windows System Image Manager allo ... | check |
| CVE-2026-25167 | Use after free in Microsoft Brokering File System allows an unauthoriz ... | check |
| CVE-2026-25168 | Null pointer dereference in Microsoft Graphics Component allows an una ... | check |
| CVE-2026-25169 | Divide by zero in Microsoft Graphics Component allows an unauthorized ... | check |
| CVE-2026-25170 | Use after free in Windows Hyper-V allows an authorized attacker to ele ... | check |
| CVE-2026-25171 | Use after free in Windows Authentication Methods allows an authorized ... | check |
| CVE-2026-25172 | Integer overflow or wraparound in Windows Routing and Remote Access Se ... | check |
| CVE-2026-25173 | Integer overflow or wraparound in Windows Routing and Remote Access Se ... | check |
| CVE-2026-25174 | Out-of-bounds read in Windows Extensible File Allocation allows an aut ... | check |
| CVE-2026-25175 | Out-of-bounds read in Windows NTFS allows an authorized attacker to el ... | check |
| CVE-2026-25176 | Improper access control in Windows Ancillary Function Driver for WinSo ... | check |
| CVE-2026-25177 | Improper restriction of names for files and other resources in Active ... | check |
| CVE-2026-25178 | Use after free in Windows Ancillary Function Driver for WinSock allows ... | check |
| CVE-2026-25179 | Improper validation of specified type of input in Windows Ancillary Fu ... | check |
| CVE-2026-25180 | Out-of-bounds read in Microsoft Graphics Component allows an unauthori ... | check |
| CVE-2026-25181 | Out-of-bounds read in Windows GDI+ allows an unauthorized attacker to ... | check |
| CVE-2026-25185 | Exposure of sensitive information to an unauthorized actor in Windows ... | check |
| CVE-2026-25186 | Exposure of sensitive information to an unauthorized actor in Windows ... | check |
| CVE-2026-25187 | Improper link resolution before file access ('link following') in Winl ... | check |
| CVE-2026-25188 | Heap-based buffer overflow in Windows Telephony Service allows an unau ... | check |
| CVE-2026-25189 | Use after free in Windows DWM Core Library allows an authorized attack ... | check |
| CVE-2026-25190 | Untrusted search path in Windows GDI allows an unauthorized attacker t ... | check |
| CVE-2026-25701 | An Insecure Temporary File vulnerability in openSUSE sdbootutil allows ... | check |
| CVE-2026-25702 | A Improper Access Control vulnerability in the kernel of SUSE SUSE Lin ... | check |
| CVE-2026-26200 | HDF5 is software for managing data. Prior to version 1.14.4-2, an atta ... | check details, said to be fixed in 1.14.4-2 upstream |
| CVE-2026-27586 | Caddy is an extensible server platform that uses TLS by default. Prior ... | check, introducing version |
| CVE-2026-27641 | Flask-Reuploaded provides file uploads for Flask. A critical path trav ... | check |
| CVE-2026-27704 | The Dart and Flutter SDKs provide software development kits for the Da ... | check |
| CVE-2026-27738 | The Angular SSR is a server-rise rendering tool for Angular applicatio ... | check |
| CVE-2026-27739 | The Angular SSR is a server-rise rendering tool for Angular applicatio ... | check |
| CVE-2026-27842 | Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which ... | check |
| CVE-2026-27970 | Angular is a development platform for building mobile and desktop web ... | check status for older versions |
| CVE-2026-28207 | Zen C is a systems programming language that compiles to human-readabl ... | check |
| CVE-2026-28343 | CKEditor 5 is a modern JavaScript rich-text editor with an MVC archite ... | check |
| CVE-2026-28410 | The Graph is an indexing protocol for querying networks like Ethereum, ... | check |
| CVE-2026-28687 | ImageMagick is free and open-source software used for editing and mani ... | check, possibly missing followup, as claimed to be fixed in 7.1.2-16 and 6.9.13-41 |
| CVE-2026-28688 | ImageMagick is free and open-source software used for editing and mani ... | check if fixes in 7.1.2-14 are yet incomplte because claimed to be fixed in 7.1.2-16 |
| CVE-2026-28806 | Improper Authorization vulnerability in nerves-hub nerves_hub_web allo ... | check |
| CVE-2026-28807 | Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ... | check |
| CVE-2026-29022 | dr_libs version 0.14.4 and earlier (fixed in commit 8a7258c) contain a ... | qtads, dosbox-x, roc-toolkit, octave-ltfat, faudio bundle a copy, check security impact |
| CVE-2026-30951 | Sequelize is a Node.js ORM tool. Prior to 6.37.8, there is SQL injecti ... | check |
| CVE-2026-30952 | liquidjs is a Shopify / GitHub Pages compatible template engine in pur ... | check |
| CVE-2026-31801 | zot is ancontainer image/artifact registry based on the Open Container ... | check |
| CVE-2026-31808 | file-type detects the file type of a file, stream, or data. Prior to 2 ... | check |
| CVE-2026-31812 | Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC ... | check |
| CVE-2026-31815 | Unicorn adds modern reactive component functionality to your Django te ... | check |
| CVE-2026-31826 | pypdf is a free and open-source pure-python PDF library. Prior to 6.8. ... | check |