Bugs with TODO items

Hide "check" TODOs

BugDescriptionNote
CVE-2016-1584In all versions of Unity8 a running but not active application on a la ...check proper tracking update
CVE-2018-25246Wikipedia 12.0 contains a denial of service vulnerability that allows ...check
CVE-2018-25305librsvg2-bin 2.40.13 contains a buffer overflow vulnerability that all ...check
CVE-2018-25306PDFunite 0.41.0 contains a buffer overflow vulnerability that allows l ...check
CVE-2019-25485R 3.4.4 on Windows x64 contains a buffer overflow vulnerability in the ...check
CVE-2019-25683FileZilla 3.40.0 contains a denial of service vulnerability in the loc ...check
CVE-2022-23538github.com/sylabs/scs-library-client is the Go client for the Singular ...check details, might as well affect golang-github-apptainer-container-library-client
CVE-2022-50942Incinga Web 2.8.2 contains a client-side cross-site scripting vulnerab ...check status upstream
CVE-2023-26044react/http is an event-driven, streaming HTTP client and server implem ...check, is embedded inicinga-php-thirdparty, icingaweb2-module-reactbundle possibly affected
CVE-2023-47268In libslic3r/GCode/PostProcessor.cpp in Prusa PrusaSlicer through 2.6. ...check
CVE-2023-49316In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively larg ...check if affecting ldap-account-manager or unused path
CVE-2023-50251php-svg-lib is an SVG file parsing / rendering library. Prior to versi ...check, other packages are embedding the library: civicrm, icinga-php-thirdparty and icingaweb2 to be checked
CVE-2023-50252php-svg-lib is an SVG file parsing / rendering library. Prior to versi ...check, other packages are embedding the library: civicrm, icinga-php-thirdparty and icingaweb2 to be checked
CVE-2023-50262Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Do ...check sources embedding php-dompdf if affected
CVE-2024-22420JupyterLab is an extensible environment for interactive and reproducib ...check completeness, src:jupyter-notebook?
CVE-2024-22421JupyterLab is an extensible environment for interactive and reproducib ...check completeness, src:jupyter-notebook?
CVE-2024-47091Privilege escalation in the mk_mysql agent plugin on Windows in Checkm ...check
CVE-2024-54192An issue inTcpreplay v4.5.1 allows a local attacker to cause a denial ...check
CVE-2025-3110OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare line-feed seque ...check
CVE-2025-4382A flaw was found in systems utilizing LUKS-encrypted disks with GRUB c ...double check if vulnerability only considered present after grub_is_cli_disabled is introduced
CVE-2025-6499A vulnerability classified as problematic was found in vstakhov libucl ...check if impacts security wise rspamd, which embeds libucl and uses it a compile time
CVE-2025-8671A mismatch caused by client-triggered server-sent stream resets betwee ...check, some projects will assign own CVEs and should then be covered under that specific CVE instead
CVE-2025-8941A flaw was found in linux-pam. The pam_namespace module may improperly ...check likely RedHat specific incomplete fix for CVE-2025-6020, but asked to pinpoint incomplete fixes
CVE-2025-11010A vulnerability has been found in vstakhov libucl up to 0.9.2. Affecte ...check if impacts security wise rspamd, which embeds libucl and uses it a compile time
CVE-2025-11147Reflected cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vuln ...clarifying with reporter and Eduard Bloch on the issue.
CVE-2025-14575An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS b ...check
CVE-2025-15569A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. The im ...check
CVE-2025-15667A vulnerability was determined in GPAC up to 2.5-DEV. This vulnerabili ...check
CVE-2025-15668A vulnerability was identified in GPAC up to b40ce70f5. This issue aff ...check
CVE-2025-33221NVIDIA Display Driver for Windows and Linux contains a vulnerability i ...check
CVE-2025-56814A code injection vulnerability in the wxExecute() function of OpenCPN ...check
CVE-2025-58064CKEditor 5 is a modern JavaScript rich-text editor with an MVC archite ...check
CVE-2025-60796phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting ( ...check, possibly not reported upstream
CVE-2025-60797phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability i ...check, possibly not reported upstream
CVE-2025-60798phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability i ...check, possibly not reported upstream
CVE-2025-60799phpPgAdmin 7.13.0 and earlier contains an incorrect access control vul ...check, possibly not reported upstream
CVE-2025-61261A reflected cross-site scripting (XSS) vulnerability in CKeditor v46.1 ...check
CVE-2025-61982An arbitrary code execution vulnerability exists in the Code Stream di ...check upstream status
CVE-2025-66578xmlseclibs is a library written in PHP for working with XML Encryption ...check
CVE-2025-67108eProsima Fast-DDS v3.3 was discovered to contain improper validation f ...check https://gist.github.com/lkloliver/81b5d5a8328d712dbfd497bf11dbe913, unclear if reported upstream
CVE-2025-69534Python-Markdown version 3.8 contain a vulnerability where malformed HT ...Asking whether it really needs a backport: https://bugs.debian.org/1131896
CVE-2025-69720The infocmp command-line tool in ncurses before 6.5-20251213 has a sta ...check upstream status
CVE-2025-69969A lack of authentication and authorization mechanisms in the Bluetooth ...check
CVE-2025-70887An issue in ralphje Signify before v.0.9.2 allows a remote attacker to ...check
CVE-2026-0708A flaw was found in libucl. A remote attacker could exploit this by pr ...check if impacts security wise rspamd, which embeds libucl and uses it a compile time
CVE-2026-1703When pip is installing and extracting a maliciously crafted wheel arch ...check as well pipenv
CVE-2026-4833A weakness has been identified in Orc discount up to 3.0.1.2. This iss ...check libtext-markdown-discount-perl, ruby-rdiscount, cantor, embedding discount; check if security impact present
CVE-2026-7701A security vulnerability has been detected in Telegram Desktop up to 6 ...check
CVE-2026-7790Uncontrolled Resource Consumption vulnerability in ninenines cowlib (c ...check if embedded copy in rabbitmq-server is problematic
CVE-2026-8484A heap buffer overflow vulnerability exists in the Jansi JNI "ioctl()" ...double-check source packages, as there is not much details from cert.pl post
CVE-2026-8851SOGo versions 5.12.7 and prior contains a SQL injection vulnerability ...check correctness
CVE-2026-8863Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to Secu ...check
CVE-2026-10097wolfSSL's AVX2-optimized ML-KEM implementation (mlkem_cmp_avx2) compar ...check
CVE-2026-10098OCSP CertID serial-number length-confusion in wolfSSL_OCSP_resp_find_s ...check
CVE-2026-10512The X25519 x86_64 assembly implementation fails to clear the most sign ...check
CVE-2026-10592Certificates with wildcard DNS SANs (e.g. *.example.com) bypassed CA n ...check
CVE-2026-10706In Adalo\u2019s no-code app builder, (Versions 1 and 2) the attackers ...check
CVE-2026-10708This vulnerability enables large\u2011scale data harvesting without re ...check
CVE-2026-11310X.509 trust-chain bypass in the OpenSSL compatibility certificate veri ...check
CVE-2026-11703Missing SNI/ALPN binding on stateful (session-ID) resumption, which pr ...check
CVE-2026-11999X.509 trust-chain bypass (path-depth exhaustion) in the OpenSSL compat ...check
CVE-2026-12340Out-of-bounds heap read during SM2/SM3 certificate signature verificat ...check
CVE-2026-12616The /v1/upload/sbom endpoint extracts the iss claim from the attacker- ...check
CVE-2026-12681Improper Validation of Specified Index, Position, or Offset in Input v ...check
CVE-2026-13500A weakness has been identified in antlr ANTLR4 up to 4.13.2. Affected ...check upstream reporting and status
CVE-2026-13501A security vulnerability has been detected in antlr ANTLR4 up to 4.13. ...check upstream reporting and status
CVE-2026-13502A flaw has been found in antlr ANTLR4 up to 4.13.2. This affects the f ...check upstream reporting and status
CVE-2026-13503A vulnerability was detected in antlr ANTLR4 up to 4.13.2. Affected by ...check upstream reporting and status
CVE-2026-13696Improper neutralization of special elements used in an LDAP query ('LD ...check
CVE-2026-14178openGauss \u5728\u5904\u7406\u5e26 NLS \u53c2\u6570\u7684 to_timestamp ...check
CVE-2026-14191An out-of-bounds heap write exists in the RAR5 recovery-volume (.rev) ...check
CVE-2026-14362HashiCorp memberlist before version 0.6.0 is vulnerable to a denial-of ...check
CVE-2026-14468HashiCorp Terraform Enterprise contained an issue in its version contr ...check
CVE-2026-14801A security vulnerability has been detected in GPAC 26.03-DEV-rev342-g8 ...check
CVE-2026-14867Credentials of built-in users are insecurely stored in the User direct ...check
CVE-2026-14868The encryption algorithm used to protect the configuration of user acc ...check
CVE-2026-14966BBOT's unarchive module rejects archives containing symlink entries be ...check
CVE-2026-14967BBOT's `github_workflows` module could be induced to write a downloade ...check
CVE-2026-15033A flaw has been found in christopherthielen check-peer-dependencies up ...check
CVE-2026-15034A vulnerability has been found in flask-dashboard Flask-MonitoringDash ...check
CVE-2026-15035A vulnerability was found in bentoml OpenLLM 0.6.30. This affects the ...check
CVE-2026-15036A vulnerability was determined in Harness up to 2.28.2. This vulnerabi ...check
CVE-2026-15041A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password v ...check
CVE-2026-15044A flaw was found in the TrustyAI Service Operator. When deploying serv ...check
CVE-2026-15062SQL injection vulnerabilities in the Snowflake Snowpark Python SDK (sn ...check
CVE-2026-15063A flaw was found in the gorch service template, which is part of the t ...check
CVE-2026-15067Snowflake Terraform Provider versions prior to 2.18.0 contain several ...check
CVE-2026-22739Vulnerability in Spring Cloud when substituting the profile parameter ...check
CVE-2026-22927Omnissa Workspace ONE\xae Tunnel for Windows addresses a Local Privi ...check
CVE-2026-23479Redis is an in-memory data structure store. In redis-server from 7.2.0 ...check redict and valkey
CVE-2026-23631Redis is an in-memory data structure store. In all versions of redis-s ...check redict and valkey
CVE-2026-24182NVIDIA Display Driver for Windows and Linux contains a vulnerability w ...check
CVE-2026-24187NVIDIA Display Driver for Linux contains a vulnerability where an atta ...check
CVE-2026-24190NVIDIA Display Driver for Windows and Linux contains a vulnerability i ...check
CVE-2026-24191NVIDIA Display Driver for Windows contains a vulnerability where an at ...check
CVE-2026-24192NVIDIA Display Driver for Linux contains a vulnerability where an atta ...check
CVE-2026-24193NVIDIA Display Driver for Windows and Linux contains a vulnerability w ...check
CVE-2026-24194NVIDIA Display Driver for Linux contains a vulnerability in a kernel m ...check
CVE-2026-24195NVIDIA Display Driver for Linux contains a vulnerability in UVM, where ...check
CVE-2026-24196NVIDIA Display Driver for Linux contains a vulnerability where a user ...check
CVE-2026-24197NVIDIA Display Driver for Linux contains a vulnerability in the Multi- ...check
CVE-2026-24198NVIDIA GPU Display Driver for Linux contains a vulnerability where an ...check
CVE-2026-24199NVIDIA Display Driver for Linux contains a vulnerability in a kernel m ...check
CVE-2026-24697An OS command injection vulnerability exists in the start_bonjour() fu ...check
CVE-2026-24698An OS command injection vulnerability exists in the save_syslog_to_fil ...check
CVE-2026-24699An OS command injection vulnerability exists in the sub_34984() functi ...check
CVE-2026-24700An OS command injection vulnerability exists in the start_lltd() funct ...check
CVE-2026-25243Redis is an in-memory data structure store. In versions of redis-serve ...check redict and valkey
CVE-2026-25701An Insecure Temporary File vulnerability in openSUSE sdbootutil allows ...check
CVE-2026-25702A Improper Access Control vulnerability in the kernel of SUSE SUSE Lin ...check
CVE-2026-27586Caddy is an extensible server platform that uses TLS by default. Prior ...check, introducing version
CVE-2026-27704The Dart and Flutter SDKs provide software development kits for the Da ...check
CVE-2026-27738The Angular SSR is a server-rise rendering tool for Angular applicatio ...check
CVE-2026-27739The Angular SSR is a server-rise rendering tool for Angular applicatio ...check
CVE-2026-27970Angular is a development platform for building mobile and desktop web ...check status for older versions
CVE-2026-28343CKEditor 5 is a modern JavaScript rich-text editor with an MVC archite ...check
CVE-2026-28378The public dashboard deletion endpoint does not enforce organization i ...check
CVE-2026-28687ImageMagick is free and open-source software used for editing and mani ...For imagemagick6 superseded by fix inside jumbo patch for CVE-2026-28686, first patch was incomplete
CVE-2026-28687ImageMagick is free and open-source software used for editing and mani ...Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/6a602fb36f181a0089848344a3b0d79fc6155a2b (6.9.13-41)
CVE-2026-28688ImageMagick is free and open-source software used for editing and mani ...For imagemagick6 by fix inside jumbo patch for CVE-2026-28686, first patch was incomplete
CVE-2026-28688ImageMagick is free and open-source software used for editing and mani ...Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/6a602fb36f181a0089848344a3b0d79fc6155a2b (6.9.13-41)
CVE-2026-29007U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerabilit ...check
CVE-2026-29008U-Boot through 2026.04-rc3 contains an integer underflow vulnerability ...check
CVE-2026-29009U-Boot through 2026.04-rc3 contains a buffer overflow vulnerability in ...check
CVE-2026-29022dr_libs dr_wav.h version 0.14.4 and earlier (fixed in commit 8a7258c) ...qtads, dosbox-x, roc-toolkit, octave-ltfat, faudio bundle a copy, check security impact
CVE-2026-30478A Dynamic-link Library Injection vulnerability in GatewayGeo MapServer ...check
CVE-2026-30479A Dynamic-link Library Injection vulnerability in OSGeo Project MapSer ...check
CVE-2026-31053A double free vulnerability exists in librz/bin/format/le/le.c in the ...check
CVE-2026-32148Insufficient Verification of Data Authenticity vulnerability in hexpm ...check
CVE-2026-32313xmlseclibs is a library written in PHP for working with XML Encryption ...check
CVE-2026-32600xml-security is a library that implements XML signatures and encryptio ...check
CVE-2026-32635Angular is a development platform for building mobile and desktop web ...check status for older versions
CVE-2026-33397The Angular SSR is a server-rise rendering tool for Angular applicatio ...check
CVE-2026-34240JOSE is a Javascript Object Signing and Encryption (JOSE) library. Pri ...check
CVE-2026-36162An authenticated stored cross-site scripting (XSS) vulnerability in th ...check
CVE-2026-36163An HTML injection vulnerability in the file view endpoint of LiquidFil ...check
CVE-2026-36189Buffer Overflow vulnerability in Uncrustify Project Affected v.Uncrust ...check
CVE-2026-36499A missing upper-bound check in the udpif_set_threads() function of Ope ...check, unclear status/validity
CVE-2026-39860Nix is a package manager for Linux and other Unix systems. A bug in th ...check, potentially affecting guix if same issue in backporting fix for CVE-2024-2729
CVE-2026-40033FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in ...unclear fixing commit references, incorrect reference in CVE entry?
CVE-2026-40968When an authenticated user is denied access to a gRPC method, their au ...check
CVE-2026-40969The raw message of every server-side AuthenticationException is return ...check
CVE-2026-41889pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, ...check the other golang-github-jackc-pgx* sources
CVE-2026-42199Grid is a data structure grid for rust. From version 0.17.0 to before ...check
CVE-2026-42308Pillow is a Python imaging library. Prior to version 12.2.0, if a font ...research fixing commit(s), maybe https://github.com/python-pillow/Pillow/pull/9518/changes
CVE-2026-42503gopls by default communicates via pipe. However, -port and -listen fla ...check impact on golang-golang-x-tools
CVE-2026-44437The Angular SSR is a server-rise rendering tool for Angular applicatio ...check
CVE-2026-44840Dgraph is an open source distributed GraphQL database. Prior to versio ...check
CVE-2026-44933`PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot ...check
CVE-2026-45388In OCaml-TLS before 2.1.0, the client implementation does insufficient ...check
CVE-2026-45389In OCaml-TLS before 2.1.0, the server implementation does insufficient ...check
CVE-2026-45390In OCaml-tar before 3.4.0, a crafted archive with ../ path segments in ...check
CVE-2026-46727An issue was discovered in Ruby 4 before 4.0.5. A race condition leadi ...check
CVE-2026-49033The application contains a stack-based buffer overflow vulnerability t ...check
CVE-2026-49145App::Ack versions through 3.10.0 for Perl read arbitrary files via --f ...check
CVE-2026-49146App::Ack versions before 3.10.0 for Perl allow memory exhaustion via a ...check
CVE-2026-49147App::Ack versions through 3.10.0 for Perl print unsanitised terminal e ...check
CVE-2026-49294Valhalla is an open source routing engine and accompanying libraries f ...check
CVE-2026-50810A NULL pointer dereference in smooth_parse_stream_index() in src/media ...check
CVE-2026-50812A NULL pointer dereference in the SQLite Session Extension in SQLite 3 ...check
CVE-2026-50813An issue in SQLite before Fossil check-in 869a51ae84df allows a local ...check
CVE-2026-53951Copier is a library and CLI app for rendering project templates. In ve ...check
CVE-2026-54061Dgraph is an open source distributed GraphQL database. Prior to versio ...check
CVE-2026-54344ToolJet is an open-source low-code platform for building internal tool ...check
CVE-2026-54652Frigate is an open source network video recorder. In version 0.17.1, t ...check
CVE-2026-55223c3p0 is a JDBC Connection pooling library. In versions prior to 0.14.0 ...check if that is an issue with the packaged version
CVE-2026-55654A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds ...check details, AI generated report
CVE-2026-55655A flaw was found in OpenSSH. A local unprivileged attacker on a Linux ...check details, AI generated report
CVE-2026-55668File Browser provides a web file managing interface. Prior to 2.63.16, ...check
CVE-2026-55761Portainer Community Edition is a lightweight service delivery platform ...check
CVE-2026-55873SeaweedFS is a distributed storage system. In versions 4.08 through 4. ...check
CVE-2026-55874SeaweedFS is a distributed storage system. Prior to 4.34, the S3 API g ...check
CVE-2026-56004A shellcode injection in the mercurial handler of the obs tar_scm sour ...check
CVE-2026-56217Capgo before 12.128.2 contains a policy bypass vulnerability in app_ve ...check
CVE-2026-56220Capgo before 12.128.2 contains an authorization bypass vulnerability i ...check
CVE-2026-56226Capgo (Cap-go/capgo) before 12.128.2 exposes the Supabase PostgREST RP ...check
CVE-2026-56246Capgo before 12.128.2 contains a broken access control vulnerability i ...check
CVE-2026-56250Capgo before 12.128.2 allows upload-scoped API keys to modify the muta ...check
CVE-2026-56283Capgo before 12.128.2 contains an html injection vulnerability in the ...check
CVE-2026-56284Capgo (Cap-go/capgo) before 12.128.2 contains an information disclosur ...check
CVE-2026-56293Capgo before 12.128.2 contains an authorization flaw in transfer_app() ...check
CVE-2026-56297FreeRDP before 3.22.0 contains a use-after-free vulnerability in dvcma ...check
CVE-2026-56298Capgo before 12.128.2 fails to strip EXIF metadata from images uploade ...check
CVE-2026-56359n8n before 2.8.0 contains a cross-site scripting vulnerability in the ...check
CVE-2026-56360n8n before versions 1.123.18 and 2.6.2 fails to verify HMAC-SHA256 sig ...check
CVE-2026-56362ImageMagick before 7.1.2-15 contains a heap-buffer-overflow read vulne ...check
CVE-2026-56374ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerabil ...check
CVE-2026-56401Wazuh wazuh-modulesd before 5.0.0-beta3 contains a null pointer derefe ...check
CVE-2026-56775n8n before 1.123.55, 2.25.7, and 2.26.2 contains an authorization vuln ...check
CVE-2026-56776n8n before 1.123.55, 2.25.7, and 2.26.2 contains an authorization bypa ...check
CVE-2026-56778n8n before 2.25.7 and 2.26.x before 2.26.2 contains an authorization b ...check
CVE-2026-57439CyberChef is a web app for encryption, encoding, compression, and data ...check
CVE-2026-58050libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute c ...check with upstream, only affecting libssh2 on Winddows?
CVE-2026-58051libssh2 through 1.11.1 grows its publickey list with SSH2_REALLOC but ...check with upstream, only affecting libssh2 on Winddows?
CVE-2026-580527-Zip for Windows through 26.02 fails to preserve the Mark-of-the-Web ...check
CVE-2026-58465Eclipse Wakaama before snapshot/2026-05-26 contains an unbounded memor ...check
CVE-2026-58480Blocksy Companion Pro plugin for WordPress before 2.1.47 contains an u ...check
CVE-2026-58654The Grav API plugin (getgrav/grav-plugin-api) 1.0.0 contains an unrest ...check
CVE-2026-58656Grav API plugin before v1.0.0-rc.16 accepts JWT tokens via the ?token= ...check
CVE-2026-58657Grav before 2.0.0 (affected through 2.0.0-rc.9 and the 2.0 branch) con ...check
CVE-2026-59253n8n before 2.28.0 contains an improper authorization vulnerability all ...check
CVE-2026-59257n8n before 1.123.61, 2.x before 2.27.4, and 2.28.x before 2.28.1 conta ...check
CVE-2026-59262AFFiNE's histories GraphQL field fails to validate Doc.Read permission ...check
CVE-2026-59702repomix contains a server-side request forgery vulnerability in the PO ...check
CVE-2026-59703repomix contains a local file inclusion vulnerability in the git clone ...check
CVE-2026-59724Socket.IO enables bidirectional and low-latency communication for ever ...check
CVE-2026-59725Socket.IO enables bidirectional and low-latency communication for ever ...check
CVE-2026-59731Astro is a web framework for content-driven websites. Version 6.4.7 pe ...check
CVE-2026-59868js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2. ...check
CVE-2026-59869js-yaml is a JavaScript YAML parser and dumper. From 3.0.0 before 3.15 ...check
CVE-2026-59870js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2. ...check
CVE-2026-59871node-tar is a tar archive manipulation library for Node.js. Prior to 7 ...check
CVE-2026-59873node-tar is a tar archive manipulation library for Node.js. Prior to 7 ...check
CVE-2026-59874node-tar is a tar archive manipulation library for Node.js. Prior to 7 ...check
CVE-2026-59875node-tar is a tar archive manipulation library for Node.js. Prior to 7 ...check
CVE-2026-59876protobufjs compiles protobuf definitions into JavaScript (JS) function ...check
CVE-2026-59877protobufjs compiles protobuf definitions into JavaScript (JS) function ...check
CVE-2026-59879Immutable.js provides many Persistent Immutable data structures. Prior ...check
CVE-2026-59880Immutable.js provides many Persistent Immutable data structures. Prior ...check
CVE-2026-59887linkify-it is a links recognition library with full Unicode support. P ...check

Search for package or bug name: Reporting problems