Know every threat before it ships
200K+ vulnerabilities, malicious packages, and supply chain threats enriched with Corgea's research.
CVE-2026-44990
Apostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html`
CVE-2026-47140
NodeVM builtin denylist bypass via process and inspector/promises allows host code execution
CVE-2026-47131
vm2 has a Sandbox Escape issue
CVE-2026-47210
vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass
CVE-2026-47208
vm2 is Vulnerable to Sandbox Breakout Through Promise Species
CVE-2026-47137
vm2 has a CVE-2023-37903 patch bypass: nesting:true without explicit require still allows full RCE
CVE-2025-66614
Apache Tomcat - Client certificate verification bypass
CVE-2026-46695
BoxLite: Permission Bypass Allows Modification of Read-Only Files
CVE-2026-46703
Boxlite: Path Traversal Vulnerability Leads to Arbitrary File Write on the Host
CVE-2026-48150
Budibase: Workspace-scoped builder escalates to global admin via /api/public/v1/roles/assign
CVE-2026-40982
Spring Cloud Config vulnerable to Path Traversal
CVE-2024-30564
@andrei-tatar/nora-firebase-common Prototype Pollution vulnerability
CVE-2026-48039
Meta Ads MCP: Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token
CVE-2024-3408
Authentication bypass in dtale
CVE-2026-46614
Fission router exposes /fission-function/<ns>/<name> on its public listener, allowing invocation of any function without an HTTPTrigger
CVE-2020-18698
Lin-CMS-Flask vulnerable to Improper Authentication
CVE-2024-32977
CVE-2024-32977
CVE-2022-39327
CVE-2022-39327
CVE-2024-28179
Jupyter Server Proxy's Websocket Proxying does not require authentication
CVE-2024-23346
pymatgen vulnerable to arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string
CVE-2025-31116
CVE-2025-31116
CVE-2025-32375
BentoML's runner server Vulnerable to Remote Code Execution (RCE) via Insecure Deserialization
CVE-2024-35225
Jupyter Server Proxy has a reflected XSS issue in host parameter
CVE-2025-32444
vLLM Vulnerable to Remote Code Execution via Mooncake Integration
CVE-2023-29824
Withdrawn: Use after free in SciPy
CVE-2024-22205
CVE-2024-22205
CVE-2024-22203
CVE-2024-22203
CVE-2024-2083
CVE-2024-2083
CVE-2025-6278
CVE-2025-6278
CVE-2024-9053
CVE-2024-9053
CVE-2024-53899
CVE-2024-53899
CVE-2022-3457
CVE-2022-3457
CVE-2022-3439
CVE-2022-3439
CVE-2022-3456
CVE-2022-3456
CVE-2024-34249
CVE-2024-34249
CVE-2025-1497
CVE-2025-1497
CVE-2025-1716
CVE-2025-1716
CVE-2023-52314
CVE-2023-52314
CVE-2023-52311
CVE-2023-52311
CVE-2023-52310
CVE-2023-52310
CVE-2023-52309
CVE-2023-52309
CVE-2023-52304
CVE-2023-52304
CVE-2022-46742
CVE-2022-46742
CVE-2024-27319
CVE-2024-27319
CVE-2026-24178
CVE-2026-24178
CVE-2023-39631
CVE-2023-39631
CVE-2024-7776
CVE-2024-7776
CVE-2023-52307
CVE-2023-52307
CVE-2025-14009
CVE-2025-14009
CVE-2024-6581
CVE-2024-6581
CVE-2023-3765
CVE-2023-3765
CVE-2024-37014
CVE-2024-37014
CVE-2025-2828
CVE-2025-2828
CVE-2023-36281
CVE-2023-36281
CVE-2023-39659
CVE-2023-39659
CVE-2023-38896
CVE-2023-38896
CVE-2023-38860
CVE-2023-38860
Ready to move
Start Securing
Free, no credit card | First findings in minutes