| Inappropriate Comment Style | |
| Unintended Proxy or Intermediary ('Confused Deputy') | |
| HTTP Response Splitting | |
| Improper Authentication | |
| GHSA-r4q5-vmmm-2653 | |
| Directory Traversal | |
| GHSA-x4vx-rjvf-j5p4 | |
| Interpretation Conflict | |
| Improper Encoding or Escaping of Output | |
| Insufficient Verification of Data Authenticity | |
| CVE-2026-2950 | |
| CVE-2026-49459 | |
| GHSA-vxr8-fq34-vvx9 | |
| GHSA-cmwh-pvxp-8882 | |
| Directory Traversal | |
| Allocation of Resources Without Limits or Throttling | |
| CRLF Injection | |
| GHSA-cj63-jhhr-wcxv | |
| GHSA-gvmj-g25r-r7wr | |
| Cross-site Scripting (XSS) | |
| Resource Exhaustion | |
| Incorrect Regular Expression | |
| Cross-site Scripting (XSS) | |
| Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | |
| Cross-site Scripting (XSS) | |
| HTTP Response Splitting | |
| GHSA-v8w9-8mx6-g223 | |
| CVE-2026-49978 | |
| Improper Encoding or Escaping of Output | |
| GHSA-39q2-94rc-95cp | |
| Inefficient Regular Expression Complexity | |
| GHSA-h8r8-wccr-v5f2 | |
| CVE-2026-4923 | |
| Permissive Whitelist | |
| GHSA-7rx3-28cr-v5wh | |
| GHSA-cjmm-f4jc-qw8r | |
| Resource Exhaustion | |
| Cross-site Scripting (XSS) | |
| HTTP Request Smuggling | |
| Arbitrary Code Injection | |
| Improper Validation of Specified Quantity in Input | |
| CVE-2026-49458 | |
| Cross-site Scripting (XSS) | |
| Cross-site Scripting (XSS) | |
| Information Exposure Through Caching | |
| CVE-2026-56761 | |
| Server-Side Request Forgery (SSRF) | |
| Directory Traversal | |
| Resource Exhaustion | |
| Uncontrolled Recursion | |
| GHSA-26pp-8wgv-hjvm | |
| Incorrect Behavior Order: Validate Before Canonicalize | |
| Arbitrary Code Injection | |
| CVE-2026-2739 | |
| Use of Less Trusted Source | |
| GHSA-76mc-f452-cxcm | |
| Improper Input Validation | |
| Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | |
| Allocation of Resources Without Limits or Throttling | |
| Directory Traversal | |
| Arbitrary Code Injection | |
| Improper Authorization | |
| GHSA-442j-39wm-28r2 | |
| Improperly Controlled Modification of Dynamically-Determined Object Attributes | |
| Permissive Whitelist | |
| Loop with Unreachable Exit Condition ('Infinite Loop') | |
| Improper Check for Unusual or Exceptional Conditions | |
| Arbitrary Code Injection | |
| Improper Input Validation | |
| Allocation of Resources Without Limits or Throttling | |
| Cross-site Scripting (XSS) | |
| Overly Permissive Cross-domain Whitelist | |
| Inefficient Regular Expression Complexity | |
| Improper Certificate Validation | |
| Inefficient Regular Expression Complexity | |
| Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | |
| CVE-2026-4926 | |
| HTTP Response Splitting | |
| Improper Handling of URL Encoding (Hex Encoding) | |
| CVE-2026-12143 | |
| Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | |
| Information Exposure | |
| Incorrect Authorization | |
| Improper Verification of Cryptographic Signature | |
| CVE-2026-4800 | |
| Algorithmic Complexity | |
| Arbitrary Code Injection | |
| CVE-2026-44974 | |
| CVE-2026-6322 | |
| Inefficient Regular Expression Complexity | |
| Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | |
| Inefficient Regular Expression Complexity | |
| Arbitrary Code Injection | |
| Information Exposure | |
| Improper Check for Unusual or Exceptional Conditions | |
| Server-Side Request Forgery (SSRF) | |
| CVE-2026-6321 | |
| Allocation of Resources Without Limits or Throttling | |
| Directory Traversal | |
| Resource Exhaustion | |
| GHSA-5c6j-r48x-rmvq | |
| Unintended Proxy or Intermediary ('Confused Deputy') | |
| Arbitrary Code Injection | |