Vulnerability DB | Snyk

See the full list of npm packages compromised in the "Node-gyp Supply Chain Compromise - June 2026" [View compromised packages].

Find out if you have vulnerabilities that put you at risk

Test your applications

All Vulnerabilities

APPLICATION

Cargo | Rust
Objective-C, CocoaPods | Swift
Composer | PHP
Conan | C/C++
GitHub | Go
Hex | Elixir / Erlang
Maven | Java
npm | JavaScript
NuGet | C#/F#/VB
Pypi | Python
pub | Dart, Flutter
RubyGems | Ruby
Swift Packages | Swift
C/C++

OPERATING SYSTEM

All OS vulnerabilities
AlmaLinux
Alpine Linux
Amazon Linux
CentOS
Chainguard
Debian
MinimOS
Oracle Linux
Red Hat Enterprise Linux
Rocky Linux
SUSE Linux Enterprise Server
Ubuntu
Wolfi

Report a new vulnerability

M

Missing AuthorizationCVE-2026-48923

Affects com.rapid7:jenkinsci-appspider-plugin | Versions [,1.0.18)

Has fix

MavenPublished 29 May 2026

H

Deserialization of Untrusted DataCVE-2026-48917

Affects org.jenkins-ci.plugins:ldap | Versions [,807.809.vd3a_4e5e4ec98)

Has fix

MavenPublished 29 May 2026

M

Cross-site Request Forgery (CSRF)CVE-2026-9674

Affects org.jenkins-ci.plugins:jenkins-multijob-plugin | Versions [,669.v9d96a_d9c71b_0)

Has fix

MavenPublished 29 May 2026

H

Directory TraversalCVE-2026-48922

Affects org.jenkins-ci.plugins:credentials-binding | Versions [,725.ve52b_2328a_fde)

Has fix

MavenPublished 29 May 2026

M

Improper Encoding or Escaping of OutputCVE-2026-45011

Affects org.webjars.npm:sanitize-html | Versions [0,]

Has fix

MavenPublished 29 May 2026

M

Use of a One-Way Hash with a Predictable SaltCVE-2026-9370

Affects com.github.ulisesbocchio:jasypt-spring-boot | Versions [3.0.4,]

Has fix

MavenPublished 28 May 2026

H

External Control of File Name or PathCVE-2026-48920

Affects org.jenkins-ci.plugins:email-ext | Versions [,1933.1935.v276319e3cc47)

Has fix

MavenPublished 28 May 2026

M

Directory TraversalCVE-2026-48047

Affects org.xwiki.platform:xwiki-platform-webjars-api | Versions [9.6-rc-1,16.10.17)[17.0.0-rc-1,17.4.9)[17.5.0-rc-1,17.10.3)

Has fix

MavenPublished 27 May 2026

H

Directory TraversalCVE-2026-44705

Affects org.webjars.npm:tmp | Versions [0,]

Has fix

MavenPublished 27 May 2026

M

Incorrect Implementation of Authentication AlgorithmCVE-2026-8922

Affects org.keycloak:keycloak-services | Versions [9.0.0,]

Has fix

MavenPublished 26 May 2026

M

Client-Side Enforcement of Server-Side SecurityCVE-2026-8830

Affects org.keycloak:keycloak-services | Versions [9.0.2,]

Has fix

MavenPublished 26 May 2026

H

Insertion of Sensitive Information Into Sent DataCVE-2026-46481

Affects org.open-metadata:openmetadata-service | Versions [1.12.1,1.12.4)

Has fix

MavenPublished 25 May 2026

M

Cross-site Scripting (XSS)CVE-2026-45249

Affects org.webjars.npm:echarts | Versions [0,]

Has fix

MavenPublished 25 May 2026

M

Uncontrolled RecursionCVE-2026-9358

Affects org.webjars.npm:postcss-selector-parser | Versions [0,]

Has fix

MavenPublished 25 May 2026

C

Arbitrary Command InjectionCVE-2026-9277

Affects org.webjars.npm:shell-quote | Versions [1.4.3,]

Has fix

MavenPublished 25 May 2026

M

XML External Entity (XXE) InjectionCVE-2026-6501

Affects org.jopendocument:jopendocument | Versions [1.5,]

Has fix

MavenPublished 25 May 2026

H

LDAP InjectionCVE-2026-44930

Affects org.apache.cxf.services.xkms:cxf-services-xkms-x509-repo-ldap | Versions [,3.6.11)[4.0.0,4.1.6)[4.2.0,4.2.1)

Has fix

MavenPublished 25 May 2026

H

User ImpersonationCVE-2026-7507

Affects org.keycloak:keycloak-services | Versions [4.0.0.Beta1 ,26.6.2)

Has fix

MavenPublished 25 May 2026

H

Denial of Service (DoS)CVE-2026-9496

Affects org.webjars.npm:pacote | Versions [11.2.7,)

Has fix

MavenPublished 25 May 2026

H

Open RedirectCVE-2026-7504

Affects org.keycloak:keycloak-services | Versions [,26.6.2)

Has fix

MavenPublished 24 May 2026

H

Directory TraversalCVE-2026-41863

Affects org.springframework.ai:spring-ai-anthropic | Versions [,1.1.7)

Has fix

MavenPublished 24 May 2026

M

Open RedirectCVE-2026-37979

Affects org.keycloak:keycloak-services | Versions [,26.6.2)

Has fix

MavenPublished 24 May 2026

H

External Control of Assumed-Immutable Web ParameterCVE-2026-7571

Affects org.keycloak:keycloak-services | Versions [26.3.0,26.6.2)

Has fix

MavenPublished 24 May 2026

H

Replay AttackCVE-2026-37982

Affects org.keycloak:keycloak-server-spi-private | Versions [,26.6.2)

Has fix

MavenPublished 24 May 2026

H

Replay AttackCVE-2026-37982

Affects org.keycloak:keycloak-services | Versions [,26.6.2)

Has fix

MavenPublished 24 May 2026

H

Improper Validation of Syntactic Correctness of InputCVE-2026-7307

Affects org.keycloak:keycloak-saml-core | Versions [,26.6.2)

Has fix

MavenPublished 24 May 2026

H

Authorization Bypass Through User-Controlled KeyCVE-2026-4630

Affects org.keycloak:keycloak-services | Versions [2.0.0.CR1,26.6.2)

Has fix

MavenPublished 24 May 2026

M

Insufficient Granularity of Access ControlCVE-2026-37981

Affects org.keycloak:keycloak-services | Versions [7.0.0,26.6.2)

Has fix

MavenPublished 24 May 2026

M

Authorization Bypass Through User-Controlled KeyCVE-2026-37978

Affects org.keycloak:keycloak-services | Versions [,26.6.2)

Has fix

MavenPublished 24 May 2026

M

Cross-site Scripting (XSS)CVE-2026-36766

Affects com.shopizer:shopizer | Versions [0,]

Has fix

MavenPublished 22 May 2026

Product

Partners
Developers & Devops Features
Enterprise Features
Pricing
Test with GitHub
Test with CLI
API status

Resources

Vulnerability DB
Blog
Documentation
FAQs

Company

About
Jobs
Contact
Legal terms
Privacy
Press kit
Events

Contact us

Support
Report a new vuln

Find us online

Track our development

© 2026 Snyk Ltd.