CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

76 matches found

Veracode•added 2026/03/04 9:12 a.m.•1 views

Information Disclosure

Storybook is vulnerable to Information Disclosure. The vulnerability is due to a bug in how Storybook handles environment variables defined in a .env file, which could, in specific circumstances, lead to those variables being unexpectedly bundled into the artifacts created by the storybook build...

7.3CVSS5.8AI score0.00013EPSS

Exploits0References8Affected Software1

SUSE CVE•added 2026/02/07 12:23 a.m.•2 views

SUSE CVE-2026-25145

melange allows users to build apk packages using declarative pipelines. From version 0.14.0 to before 0.40.3, an attacker who can influence a melange configuration file e.g., through pull request-driven CI or build-as-a-service scenarios could read arbitrary files from the host system. The...

5.5CVSS5.5AI score0.00004EPSS

Exploits0References3

RedhatCVE•added 2026/02/06 1:25 a.m.•2 views

CVE-2026-25145

5.5CVSS5.4AI score0.00004EPSS

Exploits0References1

OSV•added 2026/02/04 12:9 a.m.•1 views

GHSA-2W4F-9FGG-Q2V9 melange has a path traversal in license-path which allows reading files outside workspace

An attacker who can influence a melange configuration file e.g., through pull request-driven CI or build-as-a-service scenarios could read arbitrary files from the host system. The LicensingInfos function in pkg/config/config.go reads license files specified in copyright.license-path without...

5.5CVSS5.5AI score0.00004EPSS

Exploits0References4

GitLab Advisory Database•added 2026/02/04 12:0 a.m.•6 views

melange has a path traversal in license-path which allows reading files outside workspace

5.5CVSS5.5AI score0.00004EPSS

Exploits0References5Affected Software1

OSV•added 2026/01/21 12:31 a.m.•2 views

GHSA-8H3Q-9FPP-C883 Duplicate Advisory: Wrangler affected by OS Command Injection in `wrangler pages deploy`

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-36p8-mvp6-cv38. This link is maintained to preserve external references. Original Description SummaryA command injection vulnerability CWE-78 has been found to exist in the wrangler pages deploy command. The iss...

7.7CVSS6.2AI score0.00068EPSS

Exploits0References2

RedhatCVE•added 2026/01/09 8:37 a.m.•4 views

CVE-2019-11404

arrow-kt Arrow before 0.9.0 resolved Gradle build artifacts for compiling and building the published JARs over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by an MITM attack...

8.1CVSS6.9AI score0.00307EPSS

Exploits1References1

Snyk•added 2025/12/17 10:47 p.m.•1 views

Insertion of Sensitive Information into Externally-Accessible File or Directory

Overview @storybook/builder-webpack5 is an A Storybook builder to dev and build with Webpack Affected versions of this package are vulnerable to Insertion of Sensitive Information into Externally-Accessible File or Directory via the storybook build command. An attacker can access sensitive...

7.5CVSS6.9AI score0.00013EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2019-3438

Malware in sbrugna...

8.1CVSS8AI score0.00443EPSS

Exploits1References3

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-11099