Find out if you have vulnerabilities that put you at risk
Test your applications
Toggle filtering controls
All Vulnerabilities
APPLICATION
Cargo | Rust
Objective-C, CocoaPods | Swift
Composer | PHP
Conan | C/C++
GitHub | Go
Hex | Elixir / Erlang
Maven | Java
npm | JavaScript
NuGet | C#/F#/VB
Pypi | Python
pub | Dart, Flutter
RubyGems | Ruby
Swift Packages | Swift
C/C++
OPERATING SYSTEM
All OS vulnerabilities
AlmaLinux
Alpine Linux
Amazon Linux
CentOS
Chainguard
Debian
MinimOS
Oracle Linux
Red Hat Enterprise Linux
Rocky Linux
SUSE Linux Enterprise Server
Ubuntu
Wolfi
Report a new vulnerability
Vulnerabilities
Packages
H
Arbitrary Code Injection
CVE-2026-55794
Affects
craftcms/cms
| Versions
>=5.9.0, <5.10.0
M
Cross-site Scripting (XSS)
CVE-2026-55793
Affects
craftcms/cms
| Versions
>=5.0.0-RC1, <5.9.22
H
Cross-site Scripting (XSS)
CVE-2026-55790
Affects
craftcms/cms
| Versions
>=4.0.0-RC1, <4.17.15
>=5.0.0-RC1, <5.9.22
M
Information Exposure
CVE-2026-55792
Affects
craftcms/cms
| Versions
>=4.0.0-RC1, <4.18.0
>=5.0.0-RC1, <5.10.0
M
Missing Authorization
Affects
craftcms/cms
| Versions
>=4.0.0-RC1, <4.17.8
>=5.0.0-RC1, <5.9.14
C
Improper Neutralization of Special Elements Used in a Template Engine
CVE-2026-52889
Affects
verbb/formie
| Versions
>=3.0.0-beta.1, <3.1.27
C
Embedded Malicious Code
Affects
roberts/leads
| Versions
>=0.0.0
H
Missing Authorization
CVE-2026-50282
Affects
craftcms/cms
| Versions
>=4.0.0-RC1, <4.17.14
>=5.0.0-RC1, <5.9.21
M
Missing Authorization
Affects
kimai/kimai
| Versions
<2.57.0
H
Improperly Controlled Modification of Dynamically-Determined Object Attributes
CVE-2026-50281
Affects
craftcms/cms
| Versions
>=5.7.0, <5.9.21
H
Improper Certificate Validation
CVE-2026-49283
Affects
simplesamlphp/saml2
| Versions
<4.20.2
>=5.0.0, <5.0.6
>=6.0.0, <6.2.1
H
Improper Certificate Validation
CVE-2026-49283
Affects
simplesamlphp/saml2-legacy
| Versions
<4.20.2
H
Insufficient Verification of Data Authenticity
CVE-2026-49284
Affects
simplesamlphp/simplesamlphp
| Versions
<2.4.7
>=2.5.0, <2.5.2
H
Improper Neutralization of Data within XPath Expressions ('XPath Injection')
CVE-2026-49289
Affects
simplesamlphp/saml2
| Versions
<4.20.3
H
Improper Neutralization of Data within XPath Expressions ('XPath Injection')
CVE-2026-49289
Affects
simplesamlphp/saml2-legacy
| Versions
<4.20.3
M
Authorization Bypass Through User-Controlled Key
Affects
froxlor/froxlor
| Versions
<2.3.7
M
Improper Authorization
Affects
froxlor/froxlor
| Versions
<2.3.7
H
Missing Authorization
CVE-2026-50284
Affects
craftcms/cms
| Versions
>=4.0.0-RC1, <4.17.15
>=5.0.0-RC1, <5.9.22
M
Access Control Bypass
CVE-2026-50280
Affects
craftcms/cms
| Versions
>=5.0.0-RC1, <5.9.21
M
Authorization Bypass Through User-Controlled Key
CVE-2026-50283
Affects
craftcms/cms
| Versions
>=4.0.0-RC1, <4.17.14
>=5.0.0-RC1, <5.9.21
H
Improper Authorization
CVE-2026-50279
Affects
craftcms/cms
| Versions
>=5.0.0-RC1, <5.9.21
H
Cross-site Scripting (XSS)
CVE-2026-52854
Affects
mediawiki/maps
| Versions
<12.1.3
H
Use of Cache Containing Sensitive Information
CVE-2026-49858
Affects
api-platform/json-api
| Versions
>=4.0.0-alpha.1, <4.1.29
>=4.2.0-alpha.1, <4.2.25
>=4.3.0-alpha.1, <4.3.8
H
Use of Cache Containing Sensitive Information
CVE-2026-49858
Affects
api-platform/hal
| Versions
>=4.0.0-alpha.1, <4.1.29
>=4.2.0-alpha.1, <4.2.25
>=4.3.0-alpha.1, <4.3.8
H
Use of Cache Containing Sensitive Information
CVE-2026-49858
Affects
api-platform/core
| Versions
>=2.6.0-alpha.1, <4.1.29
>=4.2.0-alpha.1, <4.2.25
>=4.3.0-alpha.1, <4.3.8
H
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2026-54164
Affects
api-platform/core
| Versions
<4.1.30
>=4.2.0-alpha.1, <4.2.26
>=4.3.0-alpha.1, <4.3.12
M
SQL Injection
CVE-2026-14363
Affects
mediawiki/cargo
| Versions
<3.9.1
M
Cross-site Scripting (XSS)
CVE-2026-54720
Affects
silverstripe/framework
| Versions
<6.2.2
H
Directory Traversal
CVE-2026-58451
Affects
horde/imp
| Versions
<7.0.1
M
Weak Password Recovery Mechanism for Forgotten Password
Affects
kimai/kimai
| Versions
<2.58.0