nautobot-app-intent-networking (>=2.0.9 <=2.0.11), nautobot-bgp-models (>=3.0.0a1 <=3.0.0a2) +13 more potentially affected by CVE-2026-44797 via nautobot (>=3.0.0rc2 <=3.1.1)

nautobot PYPI version =3.0.0rc2, =2.0.9, =3.0.0a1, =3.0.0rc1, =4.0.0a1, =3.0.0a1, =4.0.0a1, =4.0.0a2 - nautobot-ssot =4.0.0a1 - nautobot-welcome-wizard =3.0.0a1 Source cves: CVE-2026-44797 Source advisory: OSV:GHSA-C35Q-VXRP-PH26...

@saasmakers/ui (>=0.1.88 <=0.1.117), @styleframe/app (>=0.0.1 <=0.1.1) +13 more potentially affected by CVE-2026-39315 via unhead (>=2.0.0-alpha.0 <=2.1.12)

unhead NPM version =2.0.0-alpha.0, =0.1.88, =0.0.1, =1.1.0, =2.0.0, =2.0.0, =2.0.0-alpha.0, =2.0.0, =2.0.0, =2.0.0, =1.2.0, =0.0.2, =0.17.0, =2.0.0-alpha.8, =0.1.0-beta.10, =0.1.0-beta.14 Source cves: CVE-2026-39315 Source advisory: SNYK:JS-UNHEAD-15965923...

@regis-samurai/n8n (>=0.216.1 <=0.219.1), n8n-nodes-accelo (>=0.1.0 <=0.1.9) +11 more potentially affected by unknown CVE via n8n (>=0.138.0 <=0.93.0)

n8n NPM version =0.138.0, =0.216.1, =0.1.0, =0.18.0, =0.1.0, =0.1.0, =0.2.14, =0.1.0, =0.1.0, =0.0.2, =0.0.2, =1.1.3 Source cves: unknown CVE Source advisory: OSV:GHSA-F3F2-MCXC-PWJX...

@regis-samurai/n8n (>=0.216.1 <=0.219.1), n8n-nodes-accelo (>=0.1.0 <=0.1.9) +11 more potentially affected by CVE-2026-25053 via n8n (>=0.138.0 <=0.93.0)

n8n NPM version =0.138.0, =0.216.1, =0.1.0, =0.18.0, =0.1.0, =0.1.0, =0.2.14, =0.1.0, =0.1.0, =0.0.2, =0.0.2, =1.1.3 Source cves: CVE-2026-25053 Source advisory: OSV:GHSA-9G95-QF3F-GGRW...

CVE-2025-6596 Vector inserts portlet labels as HTML, allowing for stored XSS through system messages

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation Vector. This vulnerability is associated with program files resources/skins.Vector.Js/portlets.Js, resources/skins.Vector.Legacy.Js/portlets.Js. This issue affects Vecto...

PT-2023-13614 · Easyvista · Easyvista

Name of the Vulnerable Software and Affected Versions: EasyVista versions 2020.2.125.3 through 2022.1.109.0.03 Description: An issue was discovered that allows SQL injection through some parameters. Recommendations: For versions 2020.2.125.3 through 2022.1.109.0.03, update to version...

PT-2022-28220 · Unknown · Sweetalert2

Name of the Vulnerable Software and Affected Versions: sweetalert2 versions 8.19.1 through 9.0.0 Description: The issue concerns hidden functionality introduced by the maintainer, causing the package to output audio and/or video messages unrelated to its intended functionality. This behavior is n...

PT-2022-12964 · Litespeed Technologies · Openlitespeed Web Server +1

Name of the Vulnerable Software and Affected Versions: OpenLiteSpeed Web Server versions 1.5.11 through 1.5.12 OpenLiteSpeed Web Server versions 1.6.5 through 1.6.20.1 OpenLiteSpeed Web Server versions 1.7.0 through 1.7.16.0 LiteSpeed Web Server versions 1.5.11 through 1.5.12 LiteSpeed Web Server...

elita (>=0.60.0 <=0.64.1) potentially affected by CVE-2020-17490 via salt (=2014.1.10)

salt PYPI version =2014.1.10 is affected by a known vulnerability. The following packages have a transitive dependency on salt and may be impacted: - elita =0.60.0, =0.64.1 Source cves: CVE-2020-17490 Source advisory: OSV:GHSA-3C56-VX6V-Q5VH...

com.nhl.bootique.tapestry:bootique-tapestry (=0.1), de.julielab:julie-elastic-query-components (=1.0.3) +31 more potentially affected by CVE-2020-13953 via org.apache.tapestry:tapestry-core (>=5.4.0 <=5.5.0)

org.apache.tapestry:tapestry-core MAVEN version =5.4.0, =1.2.0, =0.2, =1.1, =1.2.0, =1.1.0, =5.4.0, =5.4.0, =5.4.0, =5.4.0, =5.4.0, =5.4.0, =5.5.0-beta-3 and more Source cves: CVE-2020-13953 Source advisory: OSV:GHSA-W9MP-P2WP-2XF7...

a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +97 more potentially affected by CVE-2022-23565 via tensorflow-cpu (>=1.15.0 <=2.4.4)

tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: CVE-2022-23565 Source advisory: OSV:PYSEC-2022-74...

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +162 more potentially affected by CVE-2021-29583 via tensorflow-gpu (>=1.10.1 <=2.2.0)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - cctv-analysis =0.0.2 - chatbot-nlu =1.0.0 - classitransformers =0.0.1 and more Source cves: CVE-2021-29583 Source advisory: OSV:PYSEC-2021-709...

buf (>=0.1.0 <=0.2.1), i-o (>=0.1.0 <=0.4.1) +2 more potentially affected by CVE-2021-25907 via containers (>=0.1.1 <=0.8.5)

containers CARGO version =0.1.1, =0.1.0, =0.1.0, =0.13.0, =0.14.1 - lude =0.1.0 Source cves: CVE-2021-25907 Source advisory: OSV:RUSTSEC-2021-0010...

elita (>=0.60.0 <=0.64.1) potentially affected by CVE-2017-12791 via salt (=2014.1.10)

salt PYPI version =2014.1.10 is affected by a known vulnerability. The following packages have a transitive dependency on salt and may be impacted: - elita =0.60.0, =0.64.1 Source cves: CVE-2017-12791 Source advisory: OSV:PYSEC-2017-35...

PT-2008-1134 · Underbit Technologies +1 · Libid3Tag +1

Name of the Vulnerable Software and Affected Versions: libid3tag versions 0.15.0b through 0.15.1b-r1 libid3tag version 0.15.1b-r2 is not affected, so the range is up to 0.15.1b-r1 Description: The issue allows context-dependent attackers to cause a denial of service, specifically CPU consumption,...