Vulnerabilities

ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-9c3v-684m-579c
  • npm/openclaw
OpenClaw MCP SSE redirects could forward Authorization headers 14 minutes ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-6gr2-qh89-hxwm
  • npm/@apify/actors-mcp-server
Apify Model Context Protocol (MCP) server: Actor MCP path authority injection leaks Apify token 21 minutes ago
  • Fix available
  • Severity - 8.1 (High)
GHSA-j48m-h7xq-2xpj
  • Go/goshs.de/goshs/v2
goshs: Share-link ?token=… redemption races past download limit 24 minutes ago
  • Fix available
  • Severity - 5.9 (Medium)
GHSA-62q6-4hv4-vjrw
  • npm/ghost
Ghost: Cache-poisoning XSS in Ghost frontend via x-ghost-preview header 25 minutes ago
  • Fix available
  • Severity - 9.6 (Critical)
GHSA-3whc-qvhv-xqjp
  • Go/goshs.de/goshs/v2
goshs: WebDAV listener ignores --read-only, --upload-only, and --no-delete mode flags 27 minutes ago
  • Fix available
  • Severity - 8.1 (High)
GHSA-vh4v-2xq2-g5cg
  • Go/oras.land/oras-go/v2
ORAS Go forwards registry credentials across registry redirects 29 minutes ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-p9jg-fcr6-3mhf
  • Maven/com.ongres.scram:scram-client
  • Maven/com.ongres.scram:scram-common
OnGres SCRAM silent channel-binding authentication downgrade via unsupported certificate algorithms 32 minutes ago
  • Fix available
  • Severity - 8.2 (High)
DEBIAN-CVE-2026-55595
  • Debian:11/imagemagick
  • Debian:12/imagemagick
  • Debian:13/imagemagick
  • Debian:14/imagemagick
See record for full details 35 minutes ago
  • No fix available
DEBIAN-CVE-2026-55510
  • Debian:11/imagemagick
  • Debian:12/imagemagick
  • Debian:13/imagemagick
  • Debian:14/imagemagick
See record for full details 35 minutes ago
  • No fix available
DEBIAN-CVE-2026-55577
  • Debian:11/imagemagick
  • Debian:12/imagemagick
  • Debian:13/imagemagick
  • Debian:14/imagemagick
See record for full details 35 minutes ago
  • No fix available
DEBIAN-CVE-2026-55594
  • Debian:11/imagemagick
  • Debian:12/imagemagick
  • Debian:13/imagemagick
  • Debian:14/imagemagick
See record for full details 35 minutes ago
  • No fix available
GHSA-fxhp-mv3v-67qp
  • Go/oras.land/oras-go/v2
`oras-go` tar extraction: Hardlink entry with relative Linkname escapes extract dir via process CWD resolution 35 minutes ago
  • No fix available
  • Severity - 7.1 (High)
GHSA-8xwf-rjm4-xvhv
  • Go/oras.land/oras-go/v2
oras-go has file store write outside workingDir via symlink traversal 40 minutes ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-jxpm-75mh-9fp7
  • Go/oras.land/oras-go/v2
oras-go blob upload vulnerable to credential forwarding via unvalidated Location header 48 minutes ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-32h4-44jj-c5vx
  • Maven/org.keycloak:keycloak-services
Keycloak has privilege escalation via improper scope mapping enforcement 1 hour ago
  • Fix available
  • Severity - 7.3 (High)
MAL-2026-6722
  • npm/date-fns-lite
Malicious code in date-fns-lite (npm) 1 hour ago
  • No fix available