Know every threat before it ships
200K+ vulnerabilities, malicious packages, and supply chain threats enriched with Corgea's research.
CVE-2026-48526
PyJWT: Public-key JWK accepted as HMAC secret enables forged HS256 tokens when mixed families are allowed
CVE-2026-46373
SQLFluff: Recursive Stack Overflow in Parser
CVE-2026-46374
SQLFluff: Uncontrolled Resource Consumption in SQLFluff Parser
CVE-2026-25087
Apache Arrow: Potential use-after-free when reading IPC file with pre-buffering
CVE-2026-48099
WsgiDAV encoded dot segments can escape filesystem share roots
CVE-2026-42305
Dulwich has an arbitrary file write via NTFS-hostile tree entries on Windows
CVE-2026-46439
compliance-trestle Vulnerable to Remote Code Execution via Recursive Server-Side Template Injection (SSTI)
CVE-2026-48060
Litestar has HTML Injection Through its CSRF Token
CVE-2017-1002153
Koji blacklisted paths workaround
CVE-2023-48054
Missing SSL certificate validation in localstack
CVE-2022-25508
Improper Authentication in FreeTAKServer
CVE-2021-31606
furlongm openvpn-monitor allows Authorization Bypass to disconnect arbitrary clients
CVE-2022-42731
django-mfa2 vulnerable to MFA Replay attack
CVE-2020-29367
blosc2 heap-based buffer overflow
CVE-2026-22777
ComfyUI-Manager is Vulnerable to CRLF Injection in Configuration Handler
CVE-2025-21607
CVE-2025-21607
CVE-2025-32021
CVE-2025-32021
CVE-2024-39689
CVE-2024-39689
CVE-2024-32977
OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled
CVE-2024-41672
sniff_csv provides filesystem access even when enable_external_access is disabled in duckdb
CVE-2022-36070
Poetry vulnerable to Untrusted Search Path leading to Local Code Execution on Windows
CVE-2024-23346
CVE-2024-23346
CVE-2022-39327
Improper Control of Generation of Code ('Code Injection') in Azure CLI
CVE-2026-43891
changedetection.io has an Arbitrary Local File Read via a crafted backup restore
CVE-2024-26134
Potential buffer overflow in CBOR2 decoder
CVE-2025-32013
CVE-2025-32013
CVE-2024-52581
Litestar allows unbounded resource consumption (DoS vulnerability)
CVE-2024-26130
cryptography NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override
CVE-2024-35178
Jupyter server on Windows discloses Windows user password hash
CVE-2023-42261
Withdrawn Advisory: Mobile Security Framework (MobSF) Vulnerable to Insecure Permissions
CVE-2023-38759
CVE-2023-38759
CVE-2025-6279
CVE-2025-6279
CVE-2023-6730
CVE-2023-6730
CVE-2023-7018
CVE-2023-7018
CVE-2025-2099
CVE-2025-2099
CVE-2024-49048
CVE-2024-49048
CVE-2025-2148
CVE-2025-2148
CVE-2012-0051
CVE-2012-0051
CVE-2024-31411
CVE-2024-31411
CVE-2023-25617
CVE-2023-25617
CVE-2023-20898
CVE-2023-20898
CVE-2021-25315
CVE-2021-25315
CVE-2021-47935
CVE-2021-47935
CVE-2023-47163
CVE-2023-47163
CVE-2025-25301
CVE-2025-25301
CVE-2024-11392
CVE-2024-11392
CVE-2023-5289
CVE-2023-5289
CVE-2022-3290
CVE-2022-3290
Ready to move
Start Securing
Free, no credit card | First findings in minutes