| Bug | Description | Note |
|---|
| CVE-2016-1584 | In all versions of Unity8 a running but not active application on a la ... | check proper tracking update |
| CVE-2018-25246 | Wikipedia 12.0 contains a denial of service vulnerability that allows ... | check |
| CVE-2018-25305 | librsvg2-bin 2.40.13 contains a buffer overflow vulnerability that all ... | check |
| CVE-2018-25306 | PDFunite 0.41.0 contains a buffer overflow vulnerability that allows l ... | check |
| CVE-2019-25485 | R 3.4.4 on Windows x64 contains a buffer overflow vulnerability in the ... | check |
| CVE-2019-25683 | FileZilla 3.40.0 contains a denial of service vulnerability in the loc ... | check |
| CVE-2020-37182 | Redir 3.3 contains a stack overflow vulnerability in the doproxyconnec ... | check details |
| CVE-2021-47793 | Telegram Desktop 2.9.2 contains a denial of service vulnerability that ... | check |
| CVE-2022-23538 | github.com/sylabs/scs-library-client is the Go client for the Singular ... | check details, might as well affect golang-github-apptainer-container-library-client |
| CVE-2022-50942 | Incinga Web 2.8.2 contains a client-side cross-site scripting vulnerab ... | check status upstream |
| CVE-2023-26044 | react/http is an event-driven, streaming HTTP client and server implem ... | check, is embedded inicinga-php-thirdparty, icingaweb2-module-reactbundle possibly affected |
| CVE-2023-47268 | In libslic3r/GCode/PostProcessor.cpp in Prusa PrusaSlicer through 2.6. ... | check |
| CVE-2023-49316 | In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively larg ... | check if affecting ldap-account-manager or unused path |
| CVE-2023-50251 | php-svg-lib is an SVG file parsing / rendering library. Prior to versi ... | check, other packages are embedding the library: civicrm, icinga-php-thirdparty and icingaweb2 to be checked |
| CVE-2023-50252 | php-svg-lib is an SVG file parsing / rendering library. Prior to versi ... | check, other packages are embedding the library: civicrm, icinga-php-thirdparty and icingaweb2 to be checked |
| CVE-2023-50262 | Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Do ... | check sources embedding php-dompdf if affected |
| CVE-2024-22420 | JupyterLab is an extensible environment for interactive and reproducib ... | check completeness, src:jupyter-notebook? |
| CVE-2024-22421 | JupyterLab is an extensible environment for interactive and reproducib ... | check completeness, src:jupyter-notebook? |
| CVE-2024-47091 | Privilege escalation in the mk_mysql agent plugin on Windows in Checkm ... | check |
| CVE-2024-54192 | An issue inTcpreplay v4.5.1 allows a local attacker to cause a denial ... | check |
| CVE-2025-4382 | A flaw was found in systems utilizing LUKS-encrypted disks with GRUB c ... | double check if vulnerability only considered present after grub_is_cli_disabled is introduced |
| CVE-2025-6499 | A vulnerability classified as problematic was found in vstakhov libucl ... | check if impacts security wise rspamd, which embeds libucl and uses it a compile time |
| CVE-2025-8671 | A mismatch caused by client-triggered server-sent stream resets betwee ... | check, some projects will assign own CVEs and should then be covered under that specific CVE instead |
| CVE-2025-8941 | A flaw was found in linux-pam. The pam_namespace module may improperly ... | check likely RedHat specific incomplete fix for CVE-2025-6020, but asked to pinpoint incomplete fixes |
| CVE-2025-11010 | A vulnerability has been found in vstakhov libucl up to 0.9.2. Affecte ... | check if impacts security wise rspamd, which embeds libucl and uses it a compile time |
| CVE-2025-11147 | Reflected cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vuln ... | clarifying with reporter and Eduard Bloch on the issue. |
| CVE-2025-14575 | An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS b ... | check |
| CVE-2025-15569 | A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. The im ... | check |
| CVE-2025-33221 | NVIDIA Display Driver for Windows and Linux contains a vulnerability i ... | check |
| CVE-2025-58064 | CKEditor 5 is a modern JavaScript rich-text editor with an MVC archite ... | check |
| CVE-2025-60796 | phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting ( ... | check, possibly not reported upstream |
| CVE-2025-60797 | phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability i ... | check, possibly not reported upstream |
| CVE-2025-60798 | phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability i ... | check, possibly not reported upstream |
| CVE-2025-60799 | phpPgAdmin 7.13.0 and earlier contains an incorrect access control vul ... | check, possibly not reported upstream |
| CVE-2025-61261 | A reflected cross-site scripting (XSS) vulnerability in CKeditor v46.1 ... | check |
| CVE-2025-61982 | An arbitrary code execution vulnerability exists in the Code Stream di ... | check upstream status |
| CVE-2025-65865 | An integer overflow in eProsima Fast-DDS v3.3 allows attackers to caus ... | check https://gist.github.com/lkloliver/7aa48cb9fc7a1dd74cb595212bb69d33, unclear if reported upstream |
| CVE-2025-66578 | xmlseclibs is a library written in PHP for working with XML Encryption ... | check |
| CVE-2025-67108 | eProsima Fast-DDS v3.3 was discovered to contain improper validation f ... | check https://gist.github.com/lkloliver/81b5d5a8328d712dbfd497bf11dbe913, unclear if reported upstream |
| CVE-2025-69534 | Python-Markdown version 3.8 contain a vulnerability where malformed HT ... | Asking whether it really needs a backport: https://bugs.debian.org/1131896 |
| CVE-2025-69720 | The infocmp command-line tool in ncurses before 6.5-20251213 has a sta ... | check upstream status |
| CVE-2025-69969 | A lack of authentication and authorization mechanisms in the Bluetooth ... | check |
| CVE-2025-70887 | An issue in ralphje Signify before v.0.9.2 allows a remote attacker to ... | check |
| CVE-2025-71316 | SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Wi ... | check |
| CVE-2026-0708 | A flaw was found in libucl. A remote attacker could exploit this by pr ... | check if impacts security wise rspamd, which embeds libucl and uses it a compile time |
| CVE-2026-1703 | When pip is installing and extracting a maliciously crafted wheel arch ... | check as well pipenv |
| CVE-2026-3650 | A memory leak exists in the Grassroots DICOM library (GDCM). The bug o ... | check, vague report from Red Hat, no upstream details |
| CVE-2026-4833 | A weakness has been identified in Orc discount up to 3.0.1.2. This iss ... | check libtext-markdown-discount-perl, ruby-rdiscount, cantor, embedding discount; check if security impact present |
| CVE-2026-7701 | A security vulnerability has been detected in Telegram Desktop up to 6 ... | check |
| CVE-2026-7790 | Uncontrolled Resource Consumption vulnerability in ninenines cowlib (c ... | check if embedded copy in rabbitmq-server is problematic |
| CVE-2026-8851 | SOGo versions 5.12.7 and prior contains a SQL injection vulnerability ... | check correctness |
| CVE-2026-8863 | Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to Secu ... | check |
| CVE-2026-11460 | A flaw has been found in Boost Serialization up to 1.91. The impacted ... | check |
| CVE-2026-11785 | A flaw was found in 389 Directory Server. A type confusion in the SSO ... | check details |
| CVE-2026-11786 | A flaw was found in 389 Directory Server. The LDIF parser reads past t ... | check details |
| CVE-2026-11787 | A flaw was found in 389 Directory Server. The ldap_utf8prev() function ... | check details |
| CVE-2026-11788 | A flaw was found in 389 Directory Server. The dereference control plug ... | check details |
| CVE-2026-11789 | A flaw was found in 389 Directory Server. The SMD5 password storage pl ... | check details |
| CVE-2026-11790 | A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password s ... | check details |
| CVE-2026-11792 | A heap buffer overflow flaw was found in 389 Directory Server. When au ... | check details |
| CVE-2026-11793 | A stack buffer overflow flaw was found in 389 Directory Server. The ch ... | check details |
| CVE-2026-11822 | SQLite before 3.53.2 contains memory corruption vulnerabilities in the ... | check |
| CVE-2026-11824 | SQLite before 3.53.2 contains a heap-based buffer overflow vulnerabili ... | check |
| CVE-2026-11837 | A local privilege escalation vulnerability was found in the ansible.po ... | check |
| CVE-2026-22739 | Vulnerability in Spring Cloud when substituting the profile parameter ... | check |
| CVE-2026-23479 | Redis is an in-memory data structure store. In redis-server from 7.2.0 ... | check redict and valkey |
| CVE-2026-23631 | Redis is an in-memory data structure store. In all versions of redis-s ... | check redict and valkey |
| CVE-2026-24182 | NVIDIA Display Driver for Windows and Linux contains a vulnerability w ... | check |
| CVE-2026-24187 | NVIDIA Display Driver for Linux contains a vulnerability where an atta ... | check |
| CVE-2026-24190 | NVIDIA Display Driver for Windows and Linux contains a vulnerability i ... | check |
| CVE-2026-24191 | NVIDIA Display Driver for Windows contains a vulnerability where an at ... | check |
| CVE-2026-24192 | NVIDIA Display Driver for Linux contains a vulnerability where an atta ... | check |
| CVE-2026-24193 | NVIDIA Display Driver for Windows and Linux contains a vulnerability w ... | check |
| CVE-2026-24194 | NVIDIA Display Driver for Linux contains a vulnerability in a kernel m ... | check |
| CVE-2026-24195 | NVIDIA Display Driver for Linux contains a vulnerability in UVM, where ... | check |
| CVE-2026-24196 | NVIDIA Display Driver for Linux contains a vulnerability where a user ... | check |
| CVE-2026-24197 | NVIDIA Display Driver for Linux contains a vulnerability in the Multi- ... | check |
| CVE-2026-24198 | NVIDIA GPU Display Driver for Linux contains a vulnerability where an ... | check |
| CVE-2026-24199 | NVIDIA Display Driver for Linux contains a vulnerability in a kernel m ... | check |
| CVE-2026-25243 | Redis is an in-memory data structure store. In versions of redis-serve ... | check redict and valkey |
| CVE-2026-25701 | An Insecure Temporary File vulnerability in openSUSE sdbootutil allows ... | check |
| CVE-2026-25702 | A Improper Access Control vulnerability in the kernel of SUSE SUSE Lin ... | check |
| CVE-2026-26824 | libxls through version 1.6.3 contains a use of uninitialized memory vu ... | check security impact for r-cran-readxl |
| CVE-2026-26825 | A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 whe ... | check security impact for r-cran-readxl |
| CVE-2026-27586 | Caddy is an extensible server platform that uses TLS by default. Prior ... | check, introducing version |
| CVE-2026-27704 | The Dart and Flutter SDKs provide software development kits for the Da ... | check |
| CVE-2026-27738 | The Angular SSR is a server-rise rendering tool for Angular applicatio ... | check |
| CVE-2026-27739 | The Angular SSR is a server-rise rendering tool for Angular applicatio ... | check |
| CVE-2026-27970 | Angular is a development platform for building mobile and desktop web ... | check status for older versions |
| CVE-2026-28343 | CKEditor 5 is a modern JavaScript rich-text editor with an MVC archite ... | check |
| CVE-2026-28687 | ImageMagick is free and open-source software used for editing and mani ... | For imagemagick6 superseded by fix inside jumbo patch for CVE-2026-28686, first patch was incomplete |
| CVE-2026-28687 | ImageMagick is free and open-source software used for editing and mani ... | Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/6a602fb36f181a0089848344a3b0d79fc6155a2b (6.9.13-41) |
| CVE-2026-28688 | ImageMagick is free and open-source software used for editing and mani ... | For imagemagick6 by fix inside jumbo patch for CVE-2026-28686, first patch was incomplete |
| CVE-2026-28688 | ImageMagick is free and open-source software used for editing and mani ... | Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/6a602fb36f181a0089848344a3b0d79fc6155a2b (6.9.13-41) |
| CVE-2026-29022 | dr_libs dr_wav.h version 0.14.4 and earlier (fixed in commit 8a7258c) ... | qtads, dosbox-x, roc-toolkit, octave-ltfat, faudio bundle a copy, check security impact |
| CVE-2026-30478 | A Dynamic-link Library Injection vulnerability in GatewayGeo MapServer ... | check |
| CVE-2026-30479 | A Dynamic-link Library Injection vulnerability in OSGeo Project MapSer ... | check |
| CVE-2026-31053 | A double free vulnerability exists in librz/bin/format/le/le.c in the ... | check |
| CVE-2026-32148 | Insufficient Verification of Data Authenticity vulnerability in hexpm ... | check |
| CVE-2026-32313 | xmlseclibs is a library written in PHP for working with XML Encryption ... | check |
| CVE-2026-32600 | xml-security is a library that implements XML signatures and encryptio ... | check |
| CVE-2026-32635 | Angular is a development platform for building mobile and desktop web ... | check status for older versions |
| CVE-2026-32685 | Path traversal vulnerability in Gleam's handling of custom documentati ... | check |
| CVE-2026-32836 | dr_libsdr_flac.h version 0.13.3 and earlier (fixed in commits fefced4, ... | check |
| CVE-2026-33397 | The Angular SSR is a server-rise rendering tool for Angular applicatio ... | check |
| CVE-2026-34240 | JOSE is a Javascript Object Signing and Encryption (JOSE) library. Pri ... | check |
| CVE-2026-36189 | Buffer Overflow vulnerability in Uncrustify Project Affected v.Uncrust ... | check |
| CVE-2026-36499 | A missing upper-bound check in the udpif_set_threads() function of Ope ... | check, unclear status/validity |
| CVE-2026-39860 | Nix is a package manager for Linux and other Unix systems. A bug in th ... | check, potentially affecting guix if same issue in backporting fix for CVE-2024-2729 |
| CVE-2026-40033 | FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in ... | unclear fixing commit references, incorrect reference in CVE entry? |
| CVE-2026-40034 | gix-submodule before 0.29.0 (gitoxide before 0.5.21, gix before 0.84.0 ... | check |
| CVE-2026-40968 | When an authenticated user is denied access to a gRPC method, their au ... | check |
| CVE-2026-40969 | The raw message of every server-side AuthenticationException is return ... | check |
| CVE-2026-41423 | Angular is a development platform for building mobile and desktop web ... | check |
| CVE-2026-41567 | Moby is an open source container framework. In versions prior to 29.5. ... | check |
| CVE-2026-41889 | pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, ... | check the other golang-github-jackc-pgx* sources |
| CVE-2026-42199 | Grid is a data structure grid for rust. From version 0.17.0 to before ... | check |
| CVE-2026-42308 | Pillow is a Python imaging library. Prior to version 12.2.0, if a font ... | research fixing commit(s), maybe https://github.com/python-pillow/Pillow/pull/9518/changes |
| CVE-2026-42503 | gopls by default communicates via pipe. However, -port and -listen fla ... | check impact on golang-golang-x-tools |
| CVE-2026-42627 | In Arm ArmNN through 2026-03-27, an integer overflow in TensorShape::G ... | check details |
| CVE-2026-42795 | Symlink following vulnerability in Gleam's Hex package export allows f ... | check |
| CVE-2026-43958 | A flaw was found in rrdcached, a component of rrdtool. A local attacke ... | check upstream status |
| CVE-2026-43965 | Path traversal vulnerability in Gleam's dependency management allows a ... | check |
| CVE-2026-43966 | Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Reque ... | check |
| CVE-2026-44437 | The Angular SSR is a server-rise rendering tool for Angular applicatio ... | check |
| CVE-2026-44933 | `PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot ... | check |
| CVE-2026-46727 | An issue was discovered in Ruby 4 before 4.0.5. A race condition leadi ... | check |