aad-fastapi (>=1.0.0 <=1.1.2), aad-fastapi-dl37 (>=1.0.0 <=1.0.3) +232 more potentially affected by CVE-2026-41479 via authlib (>=0.10.0 <=1.6.1)

authlib PYPI version =0.10.0, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =1.0.2, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.1.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0, =1.2.1 and more Source cves: CVE-2026-41479 Source advisory: OSV:GHSA-W8P2-R796-3VMQ...

Catalyst::Plugin::Statsd 安全漏洞

Catalyst::Plugin::Statsd is a plugin module by Robert Rothenberg, an individual developer, for capturing application runtime metrics and sending them to a statistics system. A security vulnerability exists in Catalyst::Plugin::Statsd 0.10.0 and earlier versions, which stems from an unencrypted...

CLEANSTART-2026-ON62368 Security fixes for CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61729, CVE-2026-25679, CVE-2026-27137, CVE-2026-27138, CVE-2026-27139, CVE-2026-27142 applied in versions: 0.10.0-r0, 0.10.0-r1, 0.11.0-r0, 1.13.1-r0

Multiple security vulnerabilities affect the wave package. These issues are resolved in later releases. See references for individual vulnerability details...

org.webjars.npm:github-com-cisco-node-jose (=2.2.0), org.webjars.npm:google-auth-library (>=1.6.1 <=6.1.6) +7 more potentially affected by CVE-2026-33894 via org.webjars.npm:node-forge (>=0.10.0 <=1.3.3)

org.webjars.npm:node-forge MAVEN version =0.10.0, =1.6.1, =1.0.2, =2.3.2, =1.10.2, =2.1.1 Source cves: CVE-2026-33894 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15789774...

SUSE CVE-2026-21444

libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV initialization vector when certain symmetric ciphers were used...

cosmos-predict2 (>=1.0.6 <=1.0.9), entity-model (>=1.0.0 <=1.0.9) +19 more potentially affected by CVE-2025-33248 via megatron-core (>=0.10.0 <=0.15.2)

megatron-core PYPI version =0.10.0, =1.0.6, =1.0.0, =5.1.6, =1.0.0, =0.1.0rc0, =0.1.0rc1, =0.1.0, =1.0.0, =2.0.8, =1.0.0, =2.0.8, =1.0.0, =1.0.0, =1.0.7 and more Source cves: CVE-2025-33248 Source advisory: SNYK:PYTHON-MEGATRONCORE-15871032...

SUSE CVE-2026-25143

melange allows users to build apk packages using declarative pipelines. From version 0.10.0 to before 0.40.3, an attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds...

CVE-2026-21444

libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV initialization vector when certain symmetric ciphers were used...

agent-lifecycle-toolkit (=0.2.1.10102025), claude-helpers (>=0.1.1 <=0.2.7) +36 more potentially affected by CVE-2025-14546 via fastapi-sso (>=0.10.0 <=0.18.0)

fastapi-sso PYPI version =0.10.0, =0.1.1, =1.0.0, =0.1.7, =2.5.43, =0.17.0, =1.0.0, =0.2.0, =2.13.3, =0.50.0, =0.5.0, =0.1.0, =0.0.1, =0.0.1, =0.2.0 and more Source cves: CVE-2025-14546 Source advisory: SNYK:PYTHON-FASTAPISSO-14386403...

ado-vllm-performance (=1.2.2), agentclinic (=0.1.0) +23 more potentially affected by CVE-2025-66448 via vllm (>=0.10.0 <=0.11.0)

vllm PYPI version =0.10.0, =0.0.0, =2.3.5, =0.2.0, =0.1.0, =1.0.1rc1, =0.0.4, =0.1.0, =0.1.5, =1.0.0, =1.2.6 - haerae-evaluation-toolkit =0.1.0 - hedge-bench =0.1.2 and more Source cves: CVE-2025-66448 Source advisory: OSV:GHSA-8FR4-5Q9J-M8GM...

-fides-amor-et-lux (=1.0.0), -tompan-reacttemplate (>=1.0.1 <=1.1.0) +41773 more potentially affected by CVE-2025-66030 via node-forge (>=0.10.0 <=1.3.1)

node-forge NPM version =0.10.0, =1.0.1, =1.1.0 - 00ld8nuivn =2.1.0 - 00rqiw31nd =2.1.0 - 01dk01majk =2.1.0 - 02rjq8i863 =1.1.0 - 02vx8qsp01 =2.1.0 - 05y6tjgmws =1.1.0 - 066m7q8o0z =2.1.0 - 06buj9h3su =2.1.0 - 06dre15t8r =2.1.0 - 0726react =0.1.1 - 07fgapmu9l =1.1.0 - 07t2xvu6t4 =2.1.0 - 0850u4lkp...

cosmos-predict2 (>=1.0.6 <=1.0.9), frankenstein-model (>=5.1.6 <=5.3.9) +11 more potentially affected by CVE-2025-23357 via megatron-core (>=0.10.0 <=0.13.1)

megatron-core PYPI version =0.10.0, =1.0.6, =5.1.6, =0.4.0, =1.0.0, =2.0.8, =2.0.8, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.0.5, =5.0.4 Source cves: CVE-2025-23357 Source advisory: SNYK:PYTHON-MEGATRONCORE-13901364...

Common Expression Language 输入验证错误漏洞

Common Expression Language is a common expression language interpreter written in Rust by cel-rust open source. An input validation error vulnerability exists in Common Expression Language version 0.10.0 through versions prior to 0.11.4, which stems from the fact that parsing a specific incorrect...

DEBIAN-CVE-2025-46205

A heap-use-after free in the PdfTokenizer::ReadDictionary function of podofo v0.10.0 to v0.10.5 allows attackers to cause a Denial of Service DoS by supplying a crafted PDF file. NOTE: this is disputed by the Supplier because there is no available file to reproduce the issue...

agilerl (>=2.3.5 <=2.4.1.dev1), arbor-ai (=0.2.17) +7 more potentially affected by CVE-2025-48956 via vllm (>=0.10.0 <=0.10.1)

vllm PYPI version =0.10.0, =2.3.5, =0.1.5, =0.2.4, =0.1.2, =0.1.2, =0.1.0, =0.2.1, =0.3.0 Source cves: CVE-2025-48956 Source advisory: SNYK:PYTHON-VLLM-12177849...

aiqtoolkit-llama-index (>=1.1.0 <=1.2.0rc4), airunner (>=3.0.0 <=3.1.14) +37 more potentially affected by CVE-2025-3225 via llama-index (>=0.10.0 <=0.12.22)

llama-index PYPI version =0.10.0, =1.1.0, =3.0.0, =1.7.0, =0.1.3, =0.1.169, =0.1.0, =0.3.0, =0.0.52, =1.0.9, =1.0.3.post1, =0.1.2, =0.1.7.dev20240924104148, =0.1.0, =0.2.0 and more Source cves: CVE-2025-3225 Source advisory: SNYK:PYTHON-LLAMAINDEX-10645575...

aiqtoolkit-llama-index (>=1.1.0 <=1.2.0rc4), airunner (>=3.0.0 <=3.1.14) +37 more potentially affected by CVE-2025-3044 via llama-index (>=0.10.0 <=0.12.22)

llama-index PYPI version =0.10.0, =1.1.0, =3.0.0, =1.7.0, =0.1.3, =0.1.169, =0.1.0, =0.3.0, =0.0.52, =1.0.9, =1.0.3.post1, =0.1.2, =0.1.7.dev20240924104148, =0.1.0, =0.2.0 and more Source cves: CVE-2025-3044 Source advisory: SNYK:PYTHON-LLAMAINDEX-10645579...

a7a1234 (=1.0.0), aas2openapi (>=0.2.0 <=0.2.4) +2561 more potentially affected by CVE-2025-43859 via h11 (>=0.10.0 <=0.15.0)

h11 PYPI version =0.10.0, =0.2.0, =0.2.1, =1.2.1, =0.7.3.post0, =0.1.0, =2.0.0.1, =0.0.1, =0.1.0, =0.8.3, =0.1.0, =4.8.2, =0.1.0, =0.1.1 - adminui =1.5.2 and more Source cves: CVE-2025-43859 Source advisory: OSV:GHSA-VQFR-H8MV-GHFJ...

Icinga Reporting 代码问题漏洞

Icinga Reporting is an Icinga open source component that is a core component for reporting related functionality in Icinga web 2. A code issue vulnerability exists in Icinga Reporting versions 0.10.0 through 1.0.2 and earlier, which stems from embeddable arbitrary Javascript and could lead to use...

AZL-54522 CVE-2024-45338 affecting package prometheus-adapter for versions less than 0.10.0-16

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...