Know every threat before it ships
200K+ vulnerabilities, malicious packages, and supply chain threats enriched with Corgea's research.
MEDIUM 4.2
CVE-2026-48522
PyJWKClient: missing scheme allowlist enables CVE-2024-21643-class SSRF + token forgery via file://, ftp://, data: schemes
MEDIUM 5.4
CVE-2026-48523
PyJWT: Algorithm allow-list bypass when decoding with `PyJWK` / `PyJWKClient` keys
HIGH 7.4
CVE-2026-48526
PyJWT: Public-key JWK accepted as HMAC secret enables forged HS256 tokens when mixed families are allowed
MEDIUM 5.3
CVE-2026-48525
PyJWT: Unauthenticated DoS via unbounded Base64URL decoding of unused payload segment in b64=false detached JWS
LOW 3.7
CVE-2026-48524
PyJWKClient unbounded JWKS endpoint requests via attacker-controlled kid values (DoS)
MEDIUM 5.3
CVE-2025-3000
PyTorch is vulnerable to memory corruption through its torch.jit.script function
HIGH 7.8
CVE-2020-29367
CVE-2020-29367
UNKNOWN
CVE-2026-48155
pypdf: Possible large memory usage for large offsets for layout mode text
LOW 3.3
CVE-2026-48156
pypdf: Possible long runtimes for zero-only width values in cross-reference streamsuntimes for zero-only width values in cross-reference streams
LOW 3.7
CVE-2026-49854
Tornado has out-of-bounds memory access via C extension
HIGH 7.5
CVE-2026-46373
SQLFluff: Recursive Stack Overflow in Parser
HIGH 7.5
CVE-2026-46374
SQLFluff: Uncontrolled Resource Consumption in SQLFluff Parser
MEDIUM 6.5
CVE-2026-49818
CVE-2026-49818
MEDIUM 6.5
CVE-2026-48710
Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks
CRITICAL 10.0
CVE-2026-46695
BoxLite: Permission Bypass Allows Modification of Read-Only Files
MEDIUM 6.5
CVE-2026-47157
aiograpi: Unsafe signup challenge path handling
CRITICAL 9.6
CVE-2026-46703
Boxlite: Path Traversal Vulnerability Leads to Arbitrary File Write on the Host
MEDIUM 4.3
CVE-2026-53954
Bugsink: DOS using large numbers of event tags
MEDIUM 6.5
CVE-2026-2734
MLflow authenticated users can enumerate any registered model versions due to lack of per-model permissions checks
HIGH 7.0
CVE-2026-25087
Apache Arrow: Potential use-after-free when reading IPC file with pre-buffering
HIGH 7.1
CVE-2026-48099
WsgiDAV encoded dot segments can escape filesystem share roots
MEDIUM 6.6
CVE-2025-51481
CVE-2025-51481
MEDIUM 5.8
CVE-2026-48053
Kolibri has Unauthenticated Server-Side Request Forgery (SSRF) in RemoteFacilityUserViewset
UNKNOWN
CVE-2025-53009
MaterialX Stack Overflow via Lack of MTLX XML Parsing Recursion Limit
UNKNOWN
CVE-2025-48074
OpenEXR Out-Of-Memory via Unbounded File Header Values
LOW 3.3
CVE-2026-47712
Dulwich doesn't sanitize commit subjects in `porcelain.format_patch`
MEDIUM 6.5
CVE-2026-47213
BoxLite has a Timeout Bypass Vulnerability
MEDIUM 5.7
CVE-2026-47734
Dulwich has unbounded memory allocation in receive-pack from crafted thin packs
UNKNOWN
CVE-2026-42563
Dulwich Vulnerable to Command Injection via Merge Driver Path
HIGH 8.8
CVE-2026-42305
Dulwich has an arbitrary file write via NTFS-hostile tree entries on Windows
MEDIUM 4.3
CVE-2026-46645
SQLAdmin: Authorization Bypass on `ajax_lookup`
MEDIUM 6.5
CVE-2026-48045
python-zeroconf: Unbounded TC-deferred queue allows LAN-local memory exhaustion via spoofed-source flood
CRITICAL 9.1
CVE-2026-48039
Meta Ads MCP: Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token
MEDIUM 4.6
CVE-2026-45106
Weblate: Stored HTML injection in editor search preview
UNKNOWN
CVE-2026-47781
PDM: Project-Controlled `.pdm-plugins` Content Executes Before CLI Parsing
UNKNOWN
CVE-2015-5286
OpenStack Image Service (Glance) allows remote authenticated users to bypass storage quota, cause denial of service
HIGH 7.8
CVE-2026-46439
compliance-trestle Vulnerable to Remote Code Execution via Recursive Server-Side Template Injection (SSTI)
UNKNOWN
CVE-2026-47763
PDM: Project-Local State and Config Writes Follow Symlinks
UNKNOWN
CVE-2026-47764
PDM wheel installation leads to Path Traversal via overridden write_to_fs
MEDIUM 5.4
CVE-2012-5571
OpenStack Keystone intended authorization restrictions bypass
HIGH 8.1
CVE-2026-48060
Litestar has HTML Injection Through its CSRF Token
MEDIUM 5.9
CVE-2026-48061
Litestar: AllowedHostsMiddleware bypasses host validation via client-controlled X-Forwarded-Host header
MEDIUM 5.4
CVE-2025-70960
Tendenci CMS contains a stored Cross-site Scripting (XSS) vulnerability in the Forums module
MEDIUM 5.5
CVE-2022-33124
Withdrawn: Denial of Service in aiohttp
CRITICAL 9.8
CVE-2024-3408
Authentication bypass in dtale
HIGH 7.5
CVE-2017-1002153
Koji blacklisted paths workaround
UNKNOWN
CVE-2013-0212
OpenStack Glance logs user name and password in cleartext
HIGH 7.4
CVE-2023-48054
Missing SSL certificate validation in localstack
UNKNOWN
CVE-2026-46497
Crawlee for Python: SSRF via sitemap-derived URLs
HIGH 7.5
CVE-2022-25508
Improper Authentication in FreeTAKServer
MEDIUM 5.3
CVE-2021-31604
furlongm openvpn-monitor allows CSRF to disconnect an arbitrary client
HIGH 7.5
CVE-2021-31606
furlongm openvpn-monitor allows Authorization Bypass to disconnect arbitrary clients
MEDIUM 6.1
CVE-2020-19002
Mezzanine Cross Site Scripting (XSS) vulnerability
MEDIUM 6.1
CVE-2020-18699
Lin-CMS-Flask Cross Site Scripting (XSS) vulnerability
CRITICAL 9.8
CVE-2020-18698
Lin-CMS-Flask vulnerable to Improper Authentication
MEDIUM 5.5
CVE-2024-11319
django CMS Cross-Site Scripting (XSS)
HIGH 7.5
CVE-2022-42731
django-mfa2 vulnerable to MFA Replay attack
Ready to move
Start Securing
Free, no credit card | First findings in minutes