1467 matches found
airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plug (=1.6.2) +39 more potentially affected by CVE-2026-30911 via apache-airflow-core (>=3.0.0 <=3.1.8)
apache-airflow-core PYPI version =3.0.0, =0.7.0, =1.5.0, =0.6.1, =1.10.7, =0.6.0, =0.1.0, =1.4.3, =0.2.0, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =1.28.0rc1 and more Source cves: CVE-2026-30911 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-15674482...
airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plugin (=1.5.0) +29 more potentially affected by CVE-2026-28779 via apache-airflow (>=3.0.0 <=3.1.7)
apache-airflow PYPI version =3.0.0, =0.7.0, =0.6.1, =1.10.7, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =0.0.4, =2.0.2, =2.3.0rc1 and more Source cves: CVE-2026-28779 Source advisory: OSV:PYSEC-2026-16...
abadpour (>=6.13.1 <=7.24.1), abcli (>=9.273.1 <=9.572.1) +765 more potentially affected by CVE-2025-14287 via mlflow-skinny (>=3.0.0 <=3.8.0)
mlflow-skinny PYPI version =3.0.0, =6.13.1, =9.273.1, =2.0.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.1.0, =1.0.0, =0.1.0, =1.0.0, =1.0.1 and more Source cves: CVE-2025-14287 Source advisory: SNYK:PYTHON-MLFLOWSKINNY-16698158...
org.webjars.npm:actions__core (>=1.10.0 <=1.11.1), org.webjars.npm:actions__http-client (>=2.2.1 <=2.2.3) +14 more potentially affected by CVE-2026-1527 via org.webjars.npm:undici (>=4.12.2 <=5.29.0)
org.webjars.npm:undici MAVEN version =4.12.2, =1.10.0, =2.2.1, =0.1.16, =0.1.28 - org.webjars.npm:elasticelasticsearch =8.6.0 - org.webjars.npm:elastictransport =8.3.1 - org.webjars.npm:firebase =10.13.0 - org.webjars.npm:firebaseauth =1.7.7 - org.webjars.npm:firebaseauth-compat =0.5.12 -...
a-mailx (=0.1.0), abracadabra (>=0.0.0 <=0.0.7) +656 more potentially affected by CVE-2026-31958 via tornado (>=6.0.0 <=6.5.4)
tornado PYPI version =6.0.0, =0.0.0, =0.7.3, =0.0.5, =1.0.0, =1.0.0, =0.31.0, =1.3.0, =0.1.23, =0.0.9.1, =0.20.0, =0.9.5, =22.5.13, =26.2.0 and more Source cves: CVE-2026-31958 Source advisory: SNYK:PYTHON-TORNADO-15467447...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005543)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005543 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: asihpi: Fix potential OOB array access ASIHPI driver stores some values in the static array...
@restura/core (>=0.1.0-alpha.12 <=2.0.3), @restura/logger (=1.0.1) +42 more potentially affected by CVE-2023-26132 +1 more via dottie (>=2.0.4 <=2.0.6)
dottie NPM version =2.0.4, =0.1.0-alpha.12, =1.3.53, =1.0.25, =1.0.25, =1.0.25, =1.0.25, =1.0.25, =1.0.21, =1.0.25, =1.0.25, =1.0.25, =1.3.44, =1.3.53, =1.3.35, =1.6.13-alpha.7 and more Source cves: CVE-2023-26132, CVE-2026-27837 Source advisory: SNYK:JS-DOTTIE-15360180...
@n8n/ai-workflow-builder (>=1.0.2 <=1.1.1), @n8n/backend-common (>=1.0.2 <=1.1.1) +6 more potentially affected by CVE-2026-27498 via @n8n/config (>=2.0.0 <=2.0.1)
@n8n/config NPM version =2.0.0, =1.0.2, =1.0.2, =1.0.3, =1.0.3, =2.0.2, =2.0.2, =0.1.0, =0.11.0 Source cves: CVE-2026-27498 Source advisory: SNYK:JS-N8NCONFIG-15357607...
@regis-samurai/n8n (>=0.216.1 <=0.219.1), n8n-nodes-accelo (>=0.1.0 <=0.1.9) +11 more potentially affected by CVE-2026-27497 via n8n (>=0.138.0 <=0.93.0)
n8n NPM version =0.138.0, =0.216.1, =0.1.0, =0.18.0, =0.1.0, =0.1.0, =0.2.14, =0.1.0, =0.1.0, =0.0.2, =0.0.2, =1.1.3 Source cves: CVE-2026-27497 Source advisory: OSV:GHSA-WXX7-MCGF-J869...
acceldata-o2a (=1.0.0), aglow (>=0.1.0rc3 <=0.1.0rc4) +33 more potentially affected by CVE-2025-65995 via apache-airflow (>=1.8.2 <=2.11.0)
apache-airflow PYPI version =1.8.2, =0.1.0rc3, =0.1.0, =0.6.0, =2.4.2, =0.0.1, =0.6.4, =1.0.0, =0.2.0, =1.7.2, =2.10.3, =0.3.12, =1.8.2 and more Source cves: CVE-2025-65995 Source advisory: OSV:GHSA-GFW7-2V73-69WG...
fast-whisper-diarizer (>=0.1.2 <=0.1.32), faster-whisper-hotkey (>=0.2.7 <=0.4.3) +14 more potentially affected by CVE-2025-33245 via nemo-toolkit (>=1.23.0 <=2.5.3)
nemo-toolkit PYPI version =1.23.0, =0.1.2, =0.2.7, =1.0.0, =0.0.1, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.0.1, =0.0.3, =0.0.4 - wavlmmsdd =1.0.0 and more Source cves: CVE-2025-33245 Source advisory: OSV:GHSA-9379-MWVR-7WXX...
ayy (>=0.1.6 <=0.1.8), camel-database-agent (>=0.1.0 <=0.2.0) +19 more potentially affected by CVE-2026-26216 via crawl4ai (>=0.3.5 <=0.7.8)
crawl4ai PYPI version =0.3.5, =0.1.6, =0.1.0, =0.2.0, =0.0.38, =0.1.0, =0.1.0, =0.1.0, =0.1.7.4 and more Source cves: CVE-2026-26216 Source advisory: OSV:PYSEC-2026-33...
abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +156 more potentially affected by CVE-2026-24098 via apache-airflow (>=1.8.2 <=3.1.6)
apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.1, =0.2.9b1, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.6.4 and more Source cves: CVE-2026-24098 Source advisory: OSV:GHSA-5G2W-9F8G-G5Q7...
CVE-2026-25540 Mastodon's signature-dependent ActivityPub collection responses cached under signature-independent keys (Web Cache Poisoning via `Rails.cache`)
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.3.19, 4.4.13, 4.5.6, Mastodon is vulnerable to web cache poisoning via Rails.cache. When AUTHORIZEDFETCH is enabled, the ActivityPub endpoints for pinned posts and featured hashtags have contents that...
1shot (>=0.0.3 <=0.0.9), @4via6/relay (>=1.0.0 <=1.1.3) +235 more potentially affected by CVE-2026-24053 via @anthropic-ai/claude-code (>=0.2.126 <=2.0.69)
@anthropic-ai/claude-code NPM version =0.2.126, =0.0.3, =1.0.0, =0.1.18, =1.0.0, =0.4.0, =0.2.3, =0.0.1, =0.0.1, =0.0.55, =0.0.69 - @brandongtr/rule-agent-cli =1.0.1-beta.0 and more Source cves: CVE-2026-24053 Source advisory: OSV:GHSA-Q728-GF8J-W49R...
@kimuson/claude-code-viewer (>=0.4.2 <=0.5.9), @netlify/agent-runner-cli (>=1.0.0-broken <=1.58.3) +15 more potentially affected by CVE-2026-24053 via @anthropic-ai/claude-code (>=2.0.0 <=2.0.69)
@anthropic-ai/claude-code NPM version =2.0.0, =0.4.2, =1.0.0-broken, =0.0.1-rc.1, =0.12.0, =0.5.2, =0.12.1, =0.0.0, =0.1.2, =0.11.1, =0.11.0, =1.0.0, =1.2.1 and more Source cves: CVE-2026-24053 Source advisory: SNYK:JS-ANTHROPICAICLAUDECODE-15202063...
CVE-2025-11598 Exposure of Confidential Information in mObywatel application
In mObywatel iOS application an unauthorized user can use the App Switcher to view the account owner's personal information in the minimized app window, even after the login session has ended reopening the app would require the user to log in. The data exposed depends on the last application view...
CVE-2025-11598 Exposure of Confidential Information in mObywatel application
In mObywatel iOS application an unauthorized user can use the App Switcher to view the account owner's personal information in the minimized app window, even after the login session has ended reopening the app would require the user to log in. The data exposed depends on the last application view...
Chasing Elusive Memory Bugs in GPU Programs
Memory safety bugs, such as out-of-bound accesses OOB in GPU programs, can compromise the security and reliability of GPU-accelerated software. We report the existence of input-dependent OOBs in the wild that manifest only under specific inputs. All existing tools to detect OOBs in GPU programs...
CVE-2026-0771
Langflow PythonFunction Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Attack vectors and exploitability will vary depending on the configuration of the product. The specific flaw exis...