163213 matches found
GHSA-9M62-HMPM-RR2M vulnerabilities
Vulnerabilities for packages: openjdk...
GHSA-RJ5J-26XX-HH3V vulnerabilities
Vulnerabilities for packages: openjdk...
GHSA-376J-8F52-GP2X vulnerabilities
Vulnerabilities for packages: openjdk...
CVE-2026-22021 vulnerabilities
Vulnerabilities for packages: openjdk...
CVE-2026-22018 vulnerabilities
Vulnerabilities for packages: openjdk...
CVE-2026-22007 vulnerabilities
Vulnerabilities for packages: openjdk...
GHSA-HPM9-74QX-6X32 vulnerabilities
Vulnerabilities for packages: openjdk...
GHSA-9GRW-5H83-65P3 vulnerabilities
Vulnerabilities for packages: openjdk...
CVE-2026-23865 vulnerabilities
Vulnerabilities for packages: openjdk...
CVE-2026-22016 vulnerabilities
Vulnerabilities for packages: openjdk...
GHSA-7C78-JF6Q-G5CM vulnerabilities
Vulnerabilities for packages: lerna, vitess, saf, prism, opensearch-dashboards, pulumi...
CVE-2026-49458 vulnerabilities
Vulnerabilities for packages: langfuse, nextcloud-server...
GHSA-HPCV-96WG-7VJ8 vulnerabilities
Vulnerabilities for packages: langfuse, nextcloud-server...
GHSA-F38Q-MGVJ-VPH7 vulnerabilities
Vulnerabilities for packages: vitess, jitsucom-jitsu, langfuse, kubeflow-centraldashboard, pulumi...
CVE-2026-54269 vulnerabilities
Vulnerabilities for packages: vitess, jitsucom-jitsu, langfuse, kubeflow-centraldashboard, pulumi...
GHSA-HMW2-7CC7-3QXX vulnerabilities
Vulnerabilities for packages: lerna, jitsucom-jitsu, kubeflow-pipelines, sqlpad, langfuse, kubeflow-centraldashboard, saf, prism, tileserver-gl, opensearch-dashboards, argo-workflows...
CVE-2026-54387
Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, forwarding both verbatim to the backend while using Content-Length to determine how many request body bytes to consume. Remote attackers can desynchronize the...
CVE-2026-9678
Impact: Undici's cache interceptor incorrectly classifies some responses as cacheable when the upstream Cache-Control header uses whitespace-padded qualified private or no-cache field names such as private=" authorization" or no-cache="\tauthorization". The parser preserves the surrounding...
CVE-2026-9679
Impact: undici's cookie parser in parseSetCookie percent-decodes cookie values via qsUnescape, turning encoded sequences like %0D%0A, %00, %3B, and %3D into their literal byte equivalents. RFC 6265 §5.4 does not specify any decoding and browsers do not decode either. Applications that parse a...
CVE-2026-9697
Impact: undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI socks5:// or socks://. The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servernam...