Know every threat before it ships
200K+ vulnerabilities, malicious packages, and supply chain threats enriched with Corgea's research.
LOW 3.7
CVE-2026-48524
PyJWKClient unbounded JWKS endpoint requests via attacker-controlled kid values (DoS)
LOW 3.3
CVE-2026-48156
pypdf: Possible long runtimes for zero-only width values in cross-reference streamsuntimes for zero-only width values in cross-reference streams
LOW 3.7
CVE-2026-49854
Tornado has out-of-bounds memory access via C extension
LOW 3.3
CVE-2026-47712
Dulwich doesn't sanitize commit subjects in `porcelain.format_patch`
LOW 3.7
CVE-2023-41048
plone.namedfile vulnerable to Stored Cross Site Scripting with SVG images
LOW 3.7
CVE-2024-24564
Vyper's `extract32` can ready dirty memory
LOW 2.2
CVE-2025-32021
VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext
LOW 3.7
CVE-2024-26149
Vyper's `_abi_decode` vulnerable to Memory Overflow
LOW 3.1
CVE-2024-2032
CVE-2024-2032
LOW 3.7
CVE-2024-30471
CVE-2024-30471
LOW 3.3
CVE-2024-2213
CVE-2024-2213
LOW 2.8
CVE-2023-3674
CVE-2023-3674
LOW 3.3
CVE-2023-5752
CVE-2023-5752
LOW 2.8
CVE-2022-4134
CVE-2022-4134
LOW 2.5
CVE-2025-2149
PyTorch: Manipulation of the argument scale/zero_point leads to improper initialization via Quantized Sigmoid Module
LOW 3.3
CVE-2025-6272
pywasm3 has Improper Restriction of Operations within the Bounds of a Memory Buffer
LOW 3.5
CVE-2023-51649
Nautobot missing object-level permissions enforcement when running Job Buttons
LOW 3.3
CVE-2021-29510
Use of "infinity" as an input to datetime and date fields causes infinite loop in pydantic
LOW 2.8
CVE-2025-44021
OpenStack Ironic fails to restrict paths used for file:// image URLs
LOW 3.1
CVE-2026-45739
Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs
LOW 3.5
CVE-2026-33551
OpenStack Keystone: Restricted application credentials can create EC2 credentials
LOW 3.5
CVE-2026-42448
Magic Wormhole: receive, with --output pointing at an existing directory can be path-traversed
LOW 3.3
CVE-2025-65681
Overhang Tutor Discloses Sensitive Information due to Improper Cache-Control
LOW 3.3
CVE-2025-2953
PyTorch susceptible to local Denial of Service
LOW 3.3
CVE-2026-8088
OSGeo GDAL vulnerable to out-of-bounds read
LOW 3.1
CVE-2026-41488
langchain-openai: Image token counting SSRF protection can be bypassed via DNS rebinding
LOW 2.6
CVE-2025-64326
Weblate leaks the IP of project member inviting user to be reviewer in Audit log
LOW 3.9
CVE-2024-31636
LIEF obtain sensitive information via the name parameter
LOW 2.7
CVE-2026-4292
Django vulnerable to privilege abuse in ModelAdmin.list_editable
LOW 3.1
CVE-2026-47716
Bugsink: Issue bulk actions can affect another project’s issue if its UUID is known
LOW 3.1
CVE-2026-47715
Bugsink: Issue event views can show an event from another project if its UUID is known
LOW 3.7
CVE-2026-32109
Copyparty has unexpected JavaScript execution via crafted URL to folder with `.prologue.html`
LOW 3.7
CVE-2026-32690
Apache Airflow Exposes Secrets in Variables Saved as JSON Dictionaries
LOW 3.5
CVE-2025-62780
changedetection.io: Stored XSS in Watch update via API
LOW 2.7
CVE-2026-45076
CVE-2026-45076
LOW 3.1
CVE-2026-45426
CVE-2026-45426
LOW 2.5
CVE-2024-40647
Sentry's Python SDK unintentionally exposes environment variables to subprocesses
LOW 3.3
CVE-2025-63396
CVE-2025-63396
LOW 2.3
CVE-2024-47821
CVE-2024-47821
LOW 2.9
CVE-2024-47813
CVE-2024-47813
LOW 3.3
CVE-2025-3549
CVE-2025-3549
LOW 3.5
CVE-2026-45316
Open WebUI: Read-Only Users Can Toggle Note Pin Status via Incorrect Permission Check (Write via Read-Only Access)
LOW 3.0
CVE-2026-44218
ciguard: Container image runs as root (no USER directive)
LOW 3.7
CVE-2026-44219
ciguard: SCA HTTP client reads response body without size cap
LOW 3.1
CVE-2026-44970
dbt MCP Server Transmits All MCP Tool Arguments Including Raw SQL and --vars Credentials to dbt Labs Telemetry by Default Without Redaction
LOW 2.5
CVE-2026-44969
dbt MCP Server Logs Tool Arguments Including SQL Queries and Credentials in Plaintext Without Redaction When File Logging Is Enabled
LOW 3.7
CVE-2026-42874
Microdot has HTTP response splitting in Response.set_cookie()
LOW 3.4
CVE-2026-44405
Paramiko rsakey.py allows the SHA-1 algorithm
LOW 2.6
CVE-2026-7847
Langchain-Chatchat Uses Insufficiently Random Values
LOW 2.6
CVE-2026-7846
Langchain-Chatchat has a Race Condition in its OpenAI-Compatible File Upload API
LOW 2.6
CVE-2026-7845
Langchain-Chatchat Uses a Broken or Risky Cryptographic Algorithm
LOW 2.7
CVE-2026-6597
Langflow has an Information Leak through Incomplete API Key Redaction
Ready to move
Start Securing
Free, no credit card | First findings in minutes