Find out if you have vulnerabilities that put you at risk
Test your applications
Toggle filtering controls
All Vulnerabilities
APPLICATION
Cargo | Rust
Objective-C, CocoaPods | Swift
Composer | PHP
Conan | C/C++
GitHub | Go
Hex | Elixir / Erlang
Maven | Java
npm | JavaScript
NuGet | C#/F#/VB
Pypi | Python
pub | Dart, Flutter
RubyGems | Ruby
Swift Packages | Swift
C/C++
OPERATING SYSTEM
All OS vulnerabilities
AlmaLinux
Alpine Linux
Amazon Linux
CentOS
Chainguard
Debian
MinimOS
Oracle Linux
Red Hat Enterprise Linux
Rocky Linux
SUSE Linux Enterprise Server
Ubuntu
Wolfi
Report a new vulnerability
Vulnerabilities
Packages
M
Use of Weak Hash
CVE-2026-48488
Affects
thorsten/phpmyfaq
| Versions
<4.1.4
M
Use of Weak Hash
CVE-2026-48488
Affects
phpmyfaq/phpmyfaq
| Versions
<4.1.4
M
Improper Authentication
CVE-2026-44584
Affects
paymenter/paymenter
| Versions
<1.5.0
M
Server-side Request Forgery (SSRF)
CVE-2026-44583
Affects
paymenter/paymenter
| Versions
<1.5.0
M
Missing Authorization
CVE-2026-44585
Affects
paymenter/paymenter
| Versions
<1.5.0
H
Arbitrary File Upload
CVE-2025-58048
Affects
paymenter/paymenter
| Versions
<1.2.11
H
Cross-site Scripting (XSS)
CVE-2026-55692
Affects
starcitizenwiki/embedvideo
| Versions
<4.1.0
C
Origin Validation Error
CVE-2026-55791
Affects
craftcms/cms
| Versions
>=4.0.0-RC1, <4.18
>=5.0.0-RC1, <5.10
M
Brute Force
CVE-2026-55795
Affects
craftcms/commerce
| Versions
>=4.0.0, <4.11.2
>=5.0.0, <5.6.5
M
Improper Validation of Specified Quantity in Input
Affects
craftcms/commerce
| Versions
>=4.0.0, <4.11.2
>=5.0.0, <5.6.5
H
Cross-site Scripting (XSS)
CVE-2026-55690
Affects
starcitizenwiki/embedvideo
| Versions
<4.1.0
M
Cross-site Scripting (XSS)
CVE-2026-55877
Affects
symfony/ux-icons
| Versions
>=2.17.0, <2.36.1
>=3.0.0, <3.2.0
H
Cross-site Scripting (XSS)
CVE-2026-55691
Affects
starcitizenwiki/embedvideo
| Versions
<4.1.0
H
Directory Traversal
CVE-2026-55878
Affects
symfony/ux-toolkit
| Versions
>=2.32.0, <2.36.1
>=3.0.0, <3.2.0
M
Server-side Request Forgery (SSRF)
CVE-2026-55374
Affects
jleehr/canto-saas-api
| Versions
<3.0.0
M
Cross-site Scripting (XSS)
Affects
wwbn/avideo
| Versions
>=0.0.0
C
Command Injection
CVE-2026-55173
Affects
wwbn/avideo
| Versions
>=0.0.0
M
Cross-site Request Forgery (CSRF)
CVE-2026-55745
Affects
cotonti/cotonti
| Versions
>=0.0.0
H
Cross-site Request Forgery (CSRF)
CVE-2026-55744
Affects
cotonti/cotonti
| Versions
>=0.0.0
C
Cross-site Request Forgery (CSRF)
CVE-2026-55742
Affects
cotonti/cotonti
| Versions
>=0.0.0
M
Use of GET Request Method With Sensitive Query Strings
CVE-2026-55375
Affects
jleehr/canto-saas-api
| Versions
<3.0.0
H
Cross-site Scripting (XSS)
CVE-2026-55746
Affects
cotonti/cotonti
| Versions
>=0.0.0
M
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Affects
spomky-labs/otphp
| Versions
<11.4.3
H
Improper Validation of Specified Quantity in Input
Affects
spomky-labs/otphp
| Versions
<11.4.3
M
Insufficiently Protected Credentials
CVE-2026-55885
Affects
getgrav/grav
| Versions
<1.7.53
M
Cross-site Scripting (XSS)
CVE-2026-55890
Affects
getgrav/grav
| Versions
<2.0.0-rc.9
M
Open Redirect
CVE-2026-55590
Affects
cakephp/authentication
| Versions
<3.3.6
>=4.0.0, <4.1.1
L
Improper Encoding or Escaping of Output
Affects
laravel/framework
| Versions
<12.61.1
>=13.0.0, <13.12.0
M
Improper Encoding or Escaping of Output
Affects
grumpydictator/firefly-iii
| Versions
<6.6.3
C
Arbitrary File Upload
CVE-2026-48062
Affects
codeigniter4/framework
| Versions
<4.7.3