| Bug | Description | Note |
|---|
| CVE-2016-1584 | In all versions of Unity8 a running but not active application on a la ... | check proper tracking update |
| CVE-2016-20023 | In CKSource CKFinder before 2.5.0.1 for ASP.NET, authenticated users c ... | check |
| CVE-2018-25193 | Mongoose Web Server 6.9 contains a denial of service vulnerability tha ... | check |
| CVE-2019-25338 | DokuWiki 2018-04-22b contains a username enumeration vulnerability in ... | check upstream status |
| CVE-2019-25355 | gSOAP 2.8 contains a directory traversal vulnerability that allows una ... | check upstream status |
| CVE-2019-25485 | R 3.4.4 on Windows x64 contains a buffer overflow vulnerability in the ... | check |
| CVE-2019-25544 | Pidgin 2.13.0 contains a denial of service vulnerability that allows l ... | check |
| CVE-2019-25585 | Deluge 1.3.15 contains a denial of service vulnerability that allows l ... | check |
| CVE-2019-25586 | Deluge 1.3.15 contains a denial of service vulnerability that allows l ... | check |
| CVE-2019-25620 | Tree Studio 2.17 contains a denial of service vulnerability that allow ... | check |
| CVE-2019-25621 | Pixel Studio 2.17 contains a denial of service vulnerability that allo ... | check |
| CVE-2019-25622 | Paint Studio 2.17 contains a denial of service vulnerability that allo ... | check |
| CVE-2019-25623 | Luminance Studio 2.17 contains a denial of service vulnerability that ... | check |
| CVE-2019-25624 | Liquid Studio 2.17 contains a denial of service vulnerability that all ... | check |
| CVE-2019-25625 | Blob Studio 2.17 contains a denial of service vulnerability that allow ... | check |
| CVE-2019-25626 | River Past Cam Do 3.7.6 contains a local buffer overflow vulnerability ... | check |
| CVE-2019-25627 | FlexHEX 2.71 contains a local buffer overflow vulnerability in the Str ... | check |
| CVE-2019-25628 | Download Accelerator Plus DAP 10.0.6.0 contains a structured exception ... | check |
| CVE-2019-25629 | AIDA64 Extreme 5.99.4900 contains a structured exception handler buffe ... | check |
| CVE-2019-25630 | PhreeBooks ERP 5.2.3 contains an arbitrary file upload vulnerability i ... | check |
| CVE-2019-25631 | AIDA64 Business 5.99.4900 contains a structured exception handling buf ... | check |
| CVE-2019-25632 | phpFileManager 1.7.8 contains a local file inclusion vulnerability tha ... | check |
| CVE-2019-25633 | AIDA64 Extreme 5.99.4900 contains a structured exception handling buff ... | check |
| CVE-2019-25634 | Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerabil ... | check |
| CVE-2019-25635 | Zeeways Matrimony CMS contains multiple SQL injection vulnerabilities ... | check |
| CVE-2019-25636 | Zeeways Jobsite CMS contains an SQL injection vulnerability that allow ... | check |
| CVE-2019-25637 | X-NetStat Pro 5.63 contains a local buffer overflow vulnerability that ... | check |
| CVE-2019-25638 | Meeplace Business Review Script contains an SQL injection vulnerabilit ... | check |
| CVE-2019-25639 | Matrimony Website Script M-Plus contains multiple SQL injection vulner ... | check |
| CVE-2019-25640 | Inout Article Base CMS contains SQL injection vulnerabilities that all ... | check |
| CVE-2019-25641 | Netartmedia Vlog System contains an SQL injection vulnerability that a ... | check |
| CVE-2019-25642 | Bootstrapy CMS contains multiple SQL injection vulnerabilities that al ... | check |
| CVE-2019-25643 | eNdonesia Portal v8.7 contains multiple SQL injection vulnerabilities ... | check |
| CVE-2019-25644 | WinMPG Video Convert 9.3.5 and older versions contain a buffer overflo ... | check |
| CVE-2019-25645 | WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 contains a denial of service v ... | check |
| CVE-2019-25646 | Tabs Mail Carrier 2.5.1 contains a buffer overflow vulnerability in th ... | check |
| CVE-2019-25647 | PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in ... | check |
| CVE-2020-36968 | M/Monit 3.7.4 contains an authentication vulnerability that allows aut ... | check, unclear upstream status |
| CVE-2020-36969 | M/Monit 3.7.4 contains a privilege escalation vulnerability that allow ... | check, unclear upstream status |
| CVE-2020-37011 | Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability tha ... | check, unclear upstream status. Doesn't reproduce with the version in trixie |
| CVE-2020-37038 | Code Blocks 20.03 contains a denial of service vulnerability that allo ... | check, possibly just DoS of application and unimportant |
| CVE-2020-37040 | Code Blocks 17.12 contains a local buffer overflow vulnerability that ... | check, might be Windows specific issue |
| CVE-2020-37167 | ClamAV versions prior to 0.103.0-rc contain a vulnerability in functio ... | check upstream status |
| CVE-2020-37182 | Redir 3.3 contains a stack overflow vulnerability in the doproxyconnec ... | check details |
| CVE-2021-26381 | Improper system call parameter validation in the Trusted OS may allow ... | check |
| CVE-2021-26410 | Improper syscall input validation in ASP (AMD Secure Processor) may fo ... | check |
| CVE-2021-47793 | Telegram Desktop 2.9.2 contains a denial of service vulnerability that ... | check |
| CVE-2022-23538 | github.com/sylabs/scs-library-client is the Go client for the Singular ... | check details, might as well affect golang-github-apptainer-container-library-client |
| CVE-2022-50942 | Incinga Web 2.8.2 contains a client-side cross-site scripting vulnerab ... | check status upstream |
| CVE-2023-20514 | Improper handling of parameters in the AMD Secure Processor (ASP) coul ... | check |
| CVE-2023-20548 | A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure ... | check |
| CVE-2023-20601 | Improper input validation within RAS TA Driver can allow a local attac ... | check |
| CVE-2023-26044 | react/http is an event-driven, streaming HTTP client and server implem ... | check, is embedded inicinga-php-thirdparty, icingaweb2-module-reactbundle possibly affected |
| CVE-2023-31313 | An unintended proxy or intermediary in the AMD power management firmwa ... | check |
| CVE-2023-31324 | A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure ... | check |
| CVE-2023-31364 | Improper handling of direct memory writes in the input-output memory m ... | check |
| CVE-2023-49316 | In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively larg ... | check if affecting ldap-account-manager or unused path |
| CVE-2023-50251 | php-svg-lib is an SVG file parsing / rendering library. Prior to versi ... | check, other packages are embedding the library: civicrm, icinga-php-thirdparty and icingaweb2 to be checked |
| CVE-2023-50252 | php-svg-lib is an SVG file parsing / rendering library. Prior to versi ... | check, other packages are embedding the library: civicrm, icinga-php-thirdparty and icingaweb2 to be checked |
| CVE-2023-50262 | Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Do ... | check sources embedding php-dompdf if affected |
| CVE-2024-4027 | A flaw was found in Undertow. Servlets using a method that calls HttpS ... | check details |
| CVE-2024-21953 | Improper input validation in IOMMU could allow a malicious hypervisor ... | check |
| CVE-2024-22420 | JupyterLab is an extensible environment for interactive and reproducib ... | check completeness, src:jupyter-notebook? |
| CVE-2024-22421 | JupyterLab is an extensible environment for interactive and reproducib ... | check completeness, src:jupyter-notebook? |
| CVE-2024-36310 | Improper input validation in the SMM communications buffer could allow ... | check |
| CVE-2024-36311 | A Time-of-check time-of-use (TOCTOU) race condition in the SMM communi ... | check |
| CVE-2024-36316 | The integer overflow vulnerability within AMD Graphics driver could al ... | check |
| CVE-2024-36324 | Improper input validation in AMD Graphics Driver could allow an attack ... | check |
| CVE-2024-46878 | A Cross-Site Scripting (XSS) vulnerability exists in the page paramete ... | check |
| CVE-2024-46879 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in the POS ... | check |
| CVE-2024-54192 | An issue inTcpreplay v4.5.1 allows a local attacker to cause a denial ... | check |
| CVE-2025-0012 | Improper handling of overlap between the segmented reverse map table ( ... | check |
| CVE-2025-0029 | Improper handling of error condition during host-induced faults can al ... | check |
| CVE-2025-0031 | A use after free in the SEV firmware could allow a malicous hypervisor ... | check |
| CVE-2025-4382 | A flaw was found in systems utilizing LUKS-encrypted disks with GRUB c ... | double check if vulnerability only considered present after grub_is_cli_disabled is introduced |
| CVE-2025-6499 | A vulnerability classified as problematic was found in vstakhov libucl ... | check if impacts security wise rspamd, which embeds libucl and uses it a compile time |
| CVE-2025-8671 | A mismatch caused by client-triggered server-sent stream resets betwee ... | check, some projects will assign own CVEs and should then be covered under that specific CVE instead |
| CVE-2025-8941 | A flaw was found in linux-pam. The pam_namespace module may improperly ... | check likely RedHat specific incomplete fix for CVE-2025-6020, but asked to pinpoint incomplete fixes |
| CVE-2025-11010 | A vulnerability has been found in vstakhov libucl up to 0.9.2. Affecte ... | check if impacts security wise rspamd, which embeds libucl and uses it a compile time |
| CVE-2025-11147 | Reflected cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vuln ... | clarifying with reporter and Eduard Bloch on the issue. |
| CVE-2025-15569 | A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. The im ... | check |
| CVE-2025-29939 | Improper access control in secure encrypted virtualization (SEV) could ... | check |
| CVE-2025-29946 | Insufficient or Incomplete Data Removal in Hardware Component in SEV f ... | check |
| CVE-2025-29948 | Improper access control in AMD Secure Encrypted Virtualization (SEV) f ... | check |
| CVE-2025-29952 | Improper Initialization within the AMD Secure Encrypted Virtualization ... | check |
| CVE-2025-41007 | SQL Injection in Cuantis. This vulnerability allows an attacker to ret ... | check |
| CVE-2025-41008 | SQL injection vulnerability in Sinturno. This vulnerability allows an ... | check |
| CVE-2025-52204 | A Cross-Site Scripting (XSS) vulnerability exists in Znuny::ITSM 6.5.x ... | check |
| CVE-2025-58064 | CKEditor 5 is a modern JavaScript rich-text editor with an MVC archite ... | check |
| CVE-2025-60796 | phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting ( ... | check, possibly not reported upstream |
| CVE-2025-60797 | phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability i ... | check, possibly not reported upstream |
| CVE-2025-60798 | phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability i ... | check, possibly not reported upstream |
| CVE-2025-60799 | phpPgAdmin 7.13.0 and earlier contains an incorrect access control vul ... | check, possibly not reported upstream |
| CVE-2025-60946 | Census CSWeb 8.0.1 allows arbitrary file path input. A remote, authent ... | check |
| CVE-2025-60947 | Census CSWeb 8.0.1 allows arbitrary file upload. A remote, authenticat ... | check |
| CVE-2025-60948 | Census CSWeb 8.0.1 allows stored cross-site scripting in user supplied ... | check |
| CVE-2025-60949 | Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in som ... | check |
| CVE-2025-61261 | A reflected cross-site scripting (XSS) vulnerability in CKeditor v46.1 ... | check |
| CVE-2025-61982 | An arbitrary code execution vulnerability exists in the Code Stream di ... | check upstream status |
| CVE-2025-64998 | Exposure of session signing secret in Checkmk <2.4.0p23, <2.3.0p45 and ... | check |
| CVE-2025-65102 | PJSIP is a free and open source multimedia communication library. Prio ... | check, might affect asterisk and ring |
| CVE-2025-65865 | An integer overflow in eProsima Fast-DDS v3.3 allows attackers to caus ... | check https://gist.github.com/lkloliver/7aa48cb9fc7a1dd74cb595212bb69d33, unclear if reported upstream |
| CVE-2025-66413 | Git for Windows is the Windows port of Git. Prior to 2.53.0(2), it is ... | check |
| CVE-2025-66578 | xmlseclibs is a library written in PHP for working with XML Encryption ... | check |
| CVE-2025-67108 | eProsima Fast-DDS v3.3 was discovered to contain improper validation f ... | check https://gist.github.com/lkloliver/81b5d5a8328d712dbfd497bf11dbe913, unclear if reported upstream |
| CVE-2025-69720 | ncurses v6.5 and v6.4 are vulnerable to Buffer Overflow in progs/infoc ... | check upstream status |
| CVE-2025-69969 | A lack of authentication and authorization mechanisms in the Bluetooth ... | check |
| CVE-2026-0708 | A flaw was found in libucl. A remote attacker could exploit this by pr ... | check if impacts security wise rspamd, which embeds libucl and uses it a compile time |
| CVE-2026-0898 | An arbitrary file-write vulnerability in Pega Browser Extension (PBE) ... | check |
| CVE-2026-1703 | When pip is installing and extracting a maliciously crafted wheel arch ... | check as well pipenv |
| CVE-2026-1958 | Use of hard-coded credentials in Klinika XP and KlinikaXP Insertino al ... | check |
| CVE-2026-1995 | IDrive\u2019s id_service.exe process runs with elevated privileges and ... | check |
| CVE-2026-2417 | A Missing Authentication for Critical Function vulnerability in Pharos ... | check |
| CVE-2026-3260 | A flaw was found in Undertow. A remote attacker could exploit this vul ... | check |
| CVE-2026-3635 | Summary When trustProxy is configured with a restrictive trust functio ... | check |
| CVE-2026-4538 | A vulnerability was identified in PyTorch 2.10.0. The affected element ... | check |
| CVE-2026-4649 | Apache Artemis before version 2.52.0 is affected by an authentication ... | check |
| CVE-2026-4738 | Improper Restriction of Operations within the Bounds of a Memory Buffe ... | check |
| CVE-2026-4739 | Integer Overflow or Wraparound vulnerability in InsightSoftwareConsort ... | check |
| CVE-2026-4775 | A flaw was found in the libtiff library. A remote attacker could explo ... | check details |
| CVE-2026-22559 | An Improper Input Validation vulnerability in UniFi Network Server may ... | check |
| CVE-2026-22732 | When applications specify HTTP response headers for servlet applicatio ... | check |
| CVE-2026-22733 | Spring Boot applications with Actuator can be vulnerable to an "Authen ... | check |
| CVE-2026-22735 | Spring MVC and WebFlux applications are vulnerable to stream corruptio ... | check |
| CVE-2026-22737 | Use of Java scripting engine enabled (e.g. JRuby, Jython) template vie ... | check |
| CVE-2026-22739 | Vulnerability in Spring Cloud when substituting the profile parameter ... | check |
| CVE-2026-22866 | Ethereum Name Service (ENS) is a distributed, open, and extensible nam ... | check |
| CVE-2026-23480 | Blinko is an AI-powered card note-taking project. Prior to version 1.8 ... | check |
| CVE-2026-23481 | Blinko is an AI-powered card note-taking project. Prior to version 1.8 ... | check |
| CVE-2026-23482 | Blinko is an AI-powered card note-taking project. Prior to version 1.8 ... | check |
| CVE-2026-23483 | Blinko is an AI-powered card note-taking project. In versions from 1.8 ... | check |
| CVE-2026-23484 | Blinko is an AI-powered card note-taking project. In versions from 1.8 ... | check |
| CVE-2026-23485 | Blinko is an AI-powered card note-taking project. Prior to version 1.8 ... | check |
| CVE-2026-23486 | Blinko is an AI-powered card note-taking project. Prior to version 1.8 ... | check |
| CVE-2026-23487 | Blinko is an AI-powered card note-taking project. Prior to version 1.8 ... | check |
| CVE-2026-23488 | Blinko is an AI-powered card note-taking project. Prior to version 1.8 ... | check |
| CVE-2026-23536 | A security issue was discovered in the Feast Feature Server's `/read-d ... | check |
| CVE-2026-23882 | Blinko is an AI-powered card note-taking project. Prior to version 1.8 ... | check |
| CVE-2026-23919 | For performance reasons Zabbix Server/Proxy reuses JavaScript (Duktape ... | check |
| CVE-2026-23920 | Host and event action script input is validated with a regex (set by t ... | check |
| CVE-2026-23921 | A low privilege Zabbix user with API access can exploit a blind SQL in ... | check |
| CVE-2026-23923 | An unauthenticated attacker can exploit the Frontend 'validate' action ... | check |
| CVE-2026-23924 | Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.co ... | check |
| CVE-2026-23940 | Uncontrolled Resource Consumption vulnerability in hexpm hexpm/hexpm a ... | check |
| CVE-2026-24516 | A command injection vulnerability exists in DigitalOcean Droplet Agent ... | check |
| CVE-2026-25667 | ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 ... | check |
| CVE-2026-25701 | An Insecure Temporary File vulnerability in openSUSE sdbootutil allows ... | check |
| CVE-2026-25702 | A Improper Access Control vulnerability in the kernel of SUSE SUSE Lin ... | check |
| CVE-2026-26200 | HDF5 is software for managing data. Prior to version 1.14.4-2, an atta ... | check details, said to be fixed in 1.14.4-2 upstream |
| CVE-2026-26209 | cbor2 provides encoding and decoding for the Concise Binary Object Rep ... | check |
| CVE-2026-26740 | Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attack ... | check report upstream |
| CVE-2026-26828 | A NULL pointer dereference in the daap_reply_playlists function (src/h ... | check |
| CVE-2026-26829 | A NULL pointer dereference in the safe_atou64 function (src/misc.c) of ... | check |
| CVE-2026-27131 | The Sprig Plugin for Craft CMS is a reactive Twig component framework ... | check |
| CVE-2026-27586 | Caddy is an extensible server platform that uses TLS by default. Prior ... | check, introducing version |
| CVE-2026-27641 | Flask-Reuploaded provides file uploads for Flask. A critical path trav ... | check |
| CVE-2026-27651 | When the ngx_mail_auth_http_modulemodule is enabled on NGINX Plus or N ... | check |
| CVE-2026-27654 | NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_ ... | check |
| CVE-2026-27704 | The Dart and Flutter SDKs provide software development kits for the Da ... | check |
| CVE-2026-27738 | The Angular SSR is a server-rise rendering tool for Angular applicatio ... | check |
| CVE-2026-27739 | The Angular SSR is a server-rise rendering tool for Angular applicatio ... | check |
| CVE-2026-27784 | The 32-bit implementation of NGINX Open Source has a vulnerability in ... | check |
| CVE-2026-27940 | llama.cpp is an inference of several LLM models in C/C++. Prior to b81 ... | check relation to/bypass of CVE-2025-53630 |
| CVE-2026-27970 | Angular is a development platform for building mobile and desktop web ... | check status for older versions |
| CVE-2026-28343 | CKEditor 5 is a modern JavaScript rich-text editor with an MVC archite ... | check |
| CVE-2026-28687 | ImageMagick is free and open-source software used for editing and mani ... | For imagemagick6 superseded by fix inside jumbo patch for CVE-2026-28686, first patch was incomplete |
| CVE-2026-28687 | ImageMagick is free and open-source software used for editing and mani ... | Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/6a602fb36f181a0089848344a3b0d79fc6155a2b (6.9.13-41) |
| CVE-2026-28688 | ImageMagick is free and open-source software used for editing and mani ... | For imagemagick6 by fix inside jumbo patch for CVE-2026-28686, first patch was incomplete |
| CVE-2026-28688 | ImageMagick is free and open-source software used for editing and mani ... | Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/6a602fb36f181a0089848344a3b0d79fc6155a2b (6.9.13-41) |
| CVE-2026-28753 | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_ ... | check |
| CVE-2026-28755 | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_strea ... | check |
| CVE-2026-28809 | XML External Entity (XXE) vulnerability in esaml (and its forks) allow ... | check |
| CVE-2026-29022 | dr_libs dr_wav.h version 0.14.4 and earlier (fixed in commit 8a7258c) ... | qtads, dosbox-x, roc-toolkit, octave-ltfat, faudio bundle a copy, check security impact |
| CVE-2026-30006 | XnSoft NConvert 7.230 is vulnerable to Stack Buffer Overrun via a craf ... | check |
| CVE-2026-30007 | XnSoft NConvert 7.230 is vulnerable to Use-After-Free via a crafted .t ... | check |
| CVE-2026-30655 | SQL injection in Solicitante::resetaSenha() in esiclivre/esiclivre v0. ... | check |
| CVE-2026-32313 | xmlseclibs is a library written in PHP for working with XML Encryption ... | check |
| CVE-2026-32600 | xml-security is a library that implements XML signatures and encryptio ... | check |
| CVE-2026-32635 | Angular is a development platform for building mobile and desktop web ... | check status for older versions |
| CVE-2026-32642 | Incorrect Authorization (CWE-863)vulnerability in Apache Artemis, Apac ... | check |
| CVE-2026-32647 | NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_ ... | check |
| CVE-2026-32836 | dr_libsdr_flac.h version 0.13.3 and earlier contain an uncontrolled me ... | check |
| CVE-2026-32853 | LibVNCServer versions 0.9.15 and prior (fixed incommit 009008e) contai ... | check |
| CVE-2026-32854 | LibVNCServer versions 0.9.15 and prior (fixed incommit dc78dee) contai ... | check |
| CVE-2026-32948 | sbt is a build tool for Scala, Java, and others. From version 0.9.5 to ... | check |
| CVE-2026-33167 | Action Pack is a Rubygem for building web applications on the Rails fr ... | check |
| CVE-2026-33168 | Action View provides conventions and helpers for building web pages wi ... | check |
| CVE-2026-33169 | Active Support is a toolkit of support libraries and Ruby core extensi ... | check |
| CVE-2026-33170 | Active Support is a toolkit of support libraries and Ruby core extensi ... | check |
| CVE-2026-33173 | Active Storage allows users to attach cloud and local files in Rails a ... | check |
| CVE-2026-33174 | Active Storage allows users to attach cloud and local files in Rails a ... | check |
| CVE-2026-33176 | Active Support is a toolkit of support libraries and Ruby core extensi ... | check |
| CVE-2026-33186 | gRPC-Go is the Go language implementation of gRPC. Versions prior to 1 ... | check |
| CVE-2026-33195 | Active Storage allows users to attach cloud and local files in Rails a ... | check |
| CVE-2026-33202 | Active Storage allows users to attach cloud and local files in Rails a ... | check |
| CVE-2026-33252 | The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4. ... | check |
| CVE-2026-33307 | Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. In versio ... | check |
| CVE-2026-33308 | Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. Prior to ... | check |
| CVE-2026-33349 | fast-xml-parser allows users to process XML from JS object without C/C ... | check |