Find out if you have vulnerabilities that put you at risk
Test your applications
Toggle filtering controls
All Vulnerabilities
APPLICATION
Cargo | Rust
Objective-C, CocoaPods | Swift
Composer | PHP
Conan | C/C++
GitHub | Go
Hex | Elixir / Erlang
Maven | Java
npm | JavaScript
NuGet | C#/F#/VB
Pypi | Python
pub | Dart, Flutter
RubyGems | Ruby
Swift Packages | Swift
C/C++
OPERATING SYSTEM
All OS vulnerabilities
AlmaLinux
Alpine Linux
Amazon Linux
CentOS
Chainguard
Debian
MinimOS
Oracle Linux
Red Hat Enterprise Linux
Rocky Linux
SUSE Linux Enterprise Server
Ubuntu
Wolfi
Report a new vulnerability
Vulnerabilities
Packages
L
External Control of File Name or Path
CVE-2026-49358
Affects
pontedilana/php-weasyprint
| Versions
<2.6.0
C
Authorization Bypass Through User-Controlled Key
CVE-2026-27823
Affects
egroupware/egroupware
| Versions
<23.1.20260224
>=26.0.20251208, <26.2.20260224
H
Eval Injection
CVE-2026-40187
Affects
egroupware/egroupware
| Versions
<23.1.20260601
>=26.0.20251208, <26.4.20260413
H
External Control of File Name or Path
CVE-2026-45016
Affects
egroupware/egroupware
| Versions
<23.1.20260601
>=26.0.20251208, <26.5.20260507
H
Authorization Bypass Through User-Controlled Key
CVE-2026-59712
Affects
leantime/leantime
| Versions
<3.9.6
H
Cross-site Request Forgery (CSRF)
CVE-2026-59713
Affects
leantime/leantime
| Versions
<3.8.0
H
Arbitrary Code Injection
CVE-2026-55794
Affects
craftcms/cms
| Versions
>=5.9.0, <5.10.0
M
Cross-site Scripting (XSS)
CVE-2026-55793
Affects
craftcms/cms
| Versions
>=5.0.0-RC1, <5.9.22
H
Cross-site Scripting (XSS)
CVE-2026-55790
Affects
craftcms/cms
| Versions
>=4.0.0-RC1, <4.17.15
>=5.0.0-RC1, <5.9.22
M
Information Exposure
CVE-2026-55792
Affects
craftcms/cms
| Versions
>=4.0.0-RC1, <4.18.0
>=5.0.0-RC1, <5.10.0
M
Missing Authorization
Affects
craftcms/cms
| Versions
>=4.0.0-RC1, <4.17.8
>=5.0.0-RC1, <5.9.14
C
Improper Neutralization of Special Elements Used in a Template Engine
CVE-2026-52889
Affects
verbb/formie
| Versions
>=3.0.0-beta.1, <3.1.27
C
Embedded Malicious Code
Affects
roberts/leads
| Versions
>=0.0.0
H
Missing Authorization
CVE-2026-50282
Affects
craftcms/cms
| Versions
>=4.0.0-RC1, <4.17.14
>=5.0.0-RC1, <5.9.21
M
Missing Authorization
Affects
kimai/kimai
| Versions
<2.57.0
H
Improperly Controlled Modification of Dynamically-Determined Object Attributes
CVE-2026-50281
Affects
craftcms/cms
| Versions
>=5.7.0, <5.9.21
H
Improper Certificate Validation
CVE-2026-49283
Affects
simplesamlphp/saml2
| Versions
<4.20.2
>=5.0.0, <5.0.6
>=6.0.0, <6.2.1
H
Improper Certificate Validation
CVE-2026-49283
Affects
simplesamlphp/saml2-legacy
| Versions
<4.20.2
H
Insufficient Verification of Data Authenticity
CVE-2026-49284
Affects
simplesamlphp/simplesamlphp
| Versions
<2.4.7
>=2.5.0, <2.5.2
H
Improper Neutralization of Data within XPath Expressions ('XPath Injection')
CVE-2026-49289
Affects
simplesamlphp/saml2
| Versions
<4.20.3
H
Improper Neutralization of Data within XPath Expressions ('XPath Injection')
CVE-2026-49289
Affects
simplesamlphp/saml2-legacy
| Versions
<4.20.3
M
Authorization Bypass Through User-Controlled Key
Affects
froxlor/froxlor
| Versions
<2.3.7
M
Improper Authorization
Affects
froxlor/froxlor
| Versions
<2.3.7
H
Missing Authorization
CVE-2026-50284
Affects
craftcms/cms
| Versions
>=4.0.0-RC1, <4.17.15
>=5.0.0-RC1, <5.9.22
M
Access Control Bypass
CVE-2026-50280
Affects
craftcms/cms
| Versions
>=5.0.0-RC1, <5.9.21
M
Authorization Bypass Through User-Controlled Key
CVE-2026-50283
Affects
craftcms/cms
| Versions
>=4.0.0-RC1, <4.17.14
>=5.0.0-RC1, <5.9.21
H
Improper Authorization
CVE-2026-50279
Affects
craftcms/cms
| Versions
>=5.0.0-RC1, <5.9.21
H
Cross-site Scripting (XSS)
CVE-2026-52854
Affects
mediawiki/maps
| Versions
<12.1.3
H
Use of Cache Containing Sensitive Information
CVE-2026-49858
Affects
api-platform/json-api
| Versions
>=4.0.0-alpha.1, <4.1.29
>=4.2.0-alpha.1, <4.2.25
>=4.3.0-alpha.1, <4.3.8
H
Use of Cache Containing Sensitive Information
CVE-2026-49858
Affects
api-platform/hal
| Versions
>=4.0.0-alpha.1, <4.1.29
>=4.2.0-alpha.1, <4.2.25
>=4.3.0-alpha.1, <4.3.8