Vulnerability DB | Snyk

See the full list of npm packages compromised in the "Node-gyp Supply Chain Compromise - June 2026" [View compromised packages].

Find out if you have vulnerabilities that put you at risk

Test your applications

All Vulnerabilities

APPLICATION

Cargo | Rust
Objective-C, CocoaPods | Swift
Composer | PHP
Conan | C/C++
GitHub | Go
Hex | Elixir / Erlang
Maven | Java
npm | JavaScript
NuGet | C#/F#/VB
Pypi | Python
pub | Dart, Flutter
RubyGems | Ruby
Swift Packages | Swift
C/C++

OPERATING SYSTEM

All OS vulnerabilities
AlmaLinux
Alpine Linux
Amazon Linux
CentOS
Chainguard
Debian
MinimOS
Oracle Linux
Red Hat Enterprise Linux
Rocky Linux
SUSE Linux Enterprise Server
Ubuntu
Wolfi

Report a new vulnerability

H

Protection Mechanism FailureCVE-2026-47139

Affects org.webjars.npm:vm2 | Versions [0,]

Has fix

MavenPublished 1 Jun 2026

M

Incorrect AuthorizationCVE-2026-40914

Affects org.apache.activemq:artemis-stomp-protocol | Versions [2.0.0,2.54.0)

Has fix

MavenPublished 1 Jun 2026

M

Incorrect AuthorizationCVE-2026-40914

Affects org.apache.artemis:artemis-stomp-protocol | Versions [,2.54.0)

Has fix

MavenPublished 1 Jun 2026

H

Relative Path TraversalCVE-2025-48977

Affects org.apache.ignite:ignite-core | Versions [,2.18.0)

Has fix

MavenPublished 1 Jun 2026

H

Files or Directories Accessible to External PartiesCVE-2026-40564

Affects org.apache.flink:flink-kubernetes-operator-api | Versions [1.3.0,1.15.0)

Has fix

MavenPublished 1 Jun 2026

M

Session FixationCVE-2026-43827

Affects org.apache.shiro:shiro-web | Versions [,2.2.0)[3.0.0-alpha-1,3.0.0-alpha-2)

Has fix

MavenPublished 1 Jun 2026

M

Session FixationCVE-2026-43827

Affects org.apache.shiro:shiro-core | Versions [,2.2.0)[3.0.0-alpha-1,3.0.0-alpha-2)

Has fix

MavenPublished 1 Jun 2026

M

Sensitive Cookie in HTTPS Session Without "Secure" AttributeCVE-2026-43828

Affects org.apache.shiro:shiro-core | Versions [,2.2.0)[3.0.0-alpha-0,3.0.0-alpha-2)

Has fix

MavenPublished 1 Jun 2026

M

Sensitive Cookie in HTTPS Session Without "Secure" AttributeCVE-2026-43828

Affects org.apache.shiro:shiro-web | Versions [,2.2.0)[3.0.0-alpha-0,3.0.0-alpha-2)

Has fix

MavenPublished 1 Jun 2026

M

Open RedirectCVE-2026-44598

Affects org.apache.shiro:shiro-jakarta-ee | Versions [,2.2.0)[3.0.0-alpha-0,3.0.0-alpha-2)

Has fix

MavenPublished 1 Jun 2026

M

Open RedirectCVE-2026-48589

Affects org.apache.shiro:shiro-jakarta-ee | Versions [,2.2.1)[3.0.0-alpha-1,3.0.0-alpha-2)

Has fix

MavenPublished 1 Jun 2026

H

Improper Isolation or CompartmentalizationCVE-2026-42782

Affects org.apache.syncope.core:syncope-core-spring | Versions [3.0.0-M1,4.0.6)[4.1.0,4.1.1)

Has fix

MavenPublished 1 Jun 2026

M

Information ExposureCVE-2026-42797

Affects org.apache.syncope.core:syncope-core-provisioning-api | Versions [3.0.0,4.0.6)[4.1.0,4.1.1)

Has fix

MavenPublished 1 Jun 2026

H

Deserialization of Untrusted DataCVE-2026-44417

Affects org.apache.cxf:cxf-rt-transports-jms | Versions [,3.6.11)[4.0.0,4.1.6)[4.2.0,4.2.1)

Has fix

MavenPublished 1 Jun 2026

M

XML External Entity (XXE) InjectionCVE-2026-44618

Affects org.apache.cxf:cxf-rt-ws-transfer | Versions [,3.6.11)[4.0.0,4.1.6)[4.2.0,4.2.1)

Has fix

MavenPublished 1 Jun 2026

L

Authentication Bypass by Primary WeaknessCVE-2026-9798

Affects org.keycloak:keycloak-services | Versions [0,]

Has fix

MavenPublished 29 May 2026

M

Out-of-bounds ReadCVE-2026-9803

Affects org.keycloak:keycloak-services | Versions [9.0.0,]

Has fix

MavenPublished 29 May 2026

H

Time-of-check Time-of-use (TOCTOU) Race ConditionCVE-2026-9796

Affects org.keycloak:keycloak-services | Versions [0,]

Has fix

MavenPublished 29 May 2026

H

Incorrect AuthorizationCVE-2026-9791

Affects org.keycloak:keycloak-services | Versions [0,]

Has fix

MavenPublished 29 May 2026

M

Improper Handling of Insufficient Permissions or PrivilegesCVE-2026-9792

Affects org.keycloak:keycloak-services | Versions [0,]

Has fix

MavenPublished 29 May 2026

M

Cross-site Scripting (XSS)CVE-2026-47760

Affects org.webjars.npm:tinymce | Versions [6.8.1,7.2.1)

Has fix

MavenPublished 29 May 2026

M

Cross-site Scripting (XSS)CVE-2026-47762

Affects org.webjars.npm:tinymce | Versions [0,]

Has fix

MavenPublished 29 May 2026

M

Cross-site Scripting (XSS)CVE-2026-47761

Affects org.webjars.npm:tinymce | Versions [0,]

Has fix

MavenPublished 29 May 2026

M

Cross-site Request Forgery (CSRF)CVE-2026-48925

Affects org.jenkins-ci.plugins:github-pullrequest | Versions [,0.7.4)

Has fix

MavenPublished 29 May 2026

M

Cross-site Scripting (XSS)CVE-2026-48927

Affects org.jenkins-ci.plugins:buildgraph-view | Versions [0,]

Has fix

MavenPublished 29 May 2026

M

Open RedirectCVE-2026-48924

Affects org.jenkins-ci.plugins:bitbucket-oauth | Versions [,0.18)

Has fix

MavenPublished 29 May 2026

H

Server-side Request Forgery (SSRF)CVE-2026-48918

Affects org.jenkins-ci.plugins:active-directory | Versions [,2.41.1)

Has fix

MavenPublished 29 May 2026

H

Directory TraversalCVE-2026-48921

Affects io.jenkins.plugins:pipeline-groovy-lib | Versions [,798.v5cc688825312)

Has fix

MavenPublished 29 May 2026

M

Open RedirectCVE-2026-48916

Affects org.jenkins-ci.plugins:ldap | Versions [,807.809.vd3a_4e5e4ec98)

Has fix

MavenPublished 29 May 2026

M

Missing AuthorizationCVE-2026-48926

Affects org.jenkins-ci.plugins:job-import-plugin | Versions [,143.145.v48f9a_a_6ff384)

Has fix

MavenPublished 29 May 2026

Product

Partners
Developers & Devops Features
Enterprise Features
Pricing
Test with GitHub
Test with CLI
API status

Resources

Vulnerability DB
Blog
Documentation
FAQs

Company

About
Jobs
Contact
Legal terms
Privacy
Press kit
Events

Contact us

Support
Report a new vuln

Find us online

Track our development

© 2026 Snyk Ltd.