Find out if you have vulnerabilities that put you at risk
Test your applications
Toggle filtering controls
All Vulnerabilities
APPLICATION
Cargo | Rust
Objective-C, CocoaPods | Swift
Composer | PHP
Conan | C/C++
GitHub | Go
Hex | Elixir / Erlang
Maven | Java
npm | JavaScript
NuGet | C#/F#/VB
Pypi | Python
pub | Dart, Flutter
RubyGems | Ruby
Swift Packages | Swift
C/C++
OPERATING SYSTEM
All OS vulnerabilities
AlmaLinux
Alpine Linux
Amazon Linux
CentOS
Chainguard
Debian
MinimOS
Oracle Linux
Red Hat Enterprise Linux
Rocky Linux
SUSE Linux Enterprise Server
Ubuntu
Wolfi
Report a new vulnerability
Vulnerabilities
Packages
M
Improper Validation of Certificate with Host Mismatch
CVE-2025-68161
Affects
org.apache.logging.log4j:log4j-core
| Versions
[,2.25.3)
M
Use of a Broken or Risky Cryptographic Algorithm
CVE-2025-14763
Affects
software.amazon.encryption.s3:amazon-s3-encryption-client-java
| Versions
[,3.6.0)
H
Allocation of Resources Without Limits or Throttling
CVE-2024-29371
Affects
org.bitbucket.b_c:jose4j
| Versions
[,0.9.6)
M
Improper Verification of Cryptographic Signature
CVE-2025-68113
Affects
org.altcha:altcha
| Versions
[,1.3.0)
M
Arbitrary Code Injection
CVE-2025-14674
Affects
com.aizuda:snail-job-common-core
| Versions
[,1.7.0-beta1)
H
Authentication Bypass by Alternate Name
CVE-2025-14777
Affects
org.keycloak:keycloak-services
| Versions
[0,]
M
Cross-site Scripting (XSS)
CVE-2023-53880
Affects
org.lucee:core
| Versions
[0,]
M
CRLF Injection
CVE-2025-67735
Affects
io.netty:netty-codec-http
| Versions
[,4.1.129.Final)
[4.2.0.Alpha1,4.2.8.Final)
H
Improper Certificate Validation
CVE-2025-37731
Affects
org.elasticsearch.plugin:x-pack-core
| Versions
[7.8.1,8.19.8)
[9.0.0-beta1,9.1.8)
[9.2.0,9.2.2)
H
Improper Certificate Validation
CVE-2025-37731
Affects
org.elasticsearch.plugin:x-pack-security
| Versions
[7.8.1,8.19.8)
[9.0.0-beta1,9.1.8)
[9.2.0,9.2.2)
H
Improper Certificate Validation
CVE-2025-37731
Affects
org.elasticsearch:elasticsearch-ssl-config
| Versions
[7.8.1,8.19.8)
[9.0.0-beta1,9.1.8)
[9.2.0,9.2.2)
M
Directory Traversal
CVE-2025-67898
Affects
org.webjars.npm:mjml-core
| Versions
[0,]
H
Insertion of Sensitive Information Into Sent Data
CVE-2025-67721
Affects
io.airlift:aircompressor-v3
| Versions
[,3.4)
H
Insertion of Sensitive Information Into Sent Data
CVE-2025-67721
Affects
io.airlift:aircompressor
| Versions
[0,)
M
Cross-site Scripting (XSS)
CVE-2025-8082
Affects
org.webjars.npm:vuetify
| Versions
[2.0.0,3.0.0)
H
Incorrect Authorization
CVE-2025-3586
Affects
com.liferay:com.liferay.object.scripting.impl
| Versions
[,1.0.3)
H
Incorrect Authorization
CVE-2025-3586
Affects
com.liferay:com.liferay.object.scripting.api
| Versions
[,2.0.0)
H
Incorrect Authorization
CVE-2025-3586
Affects
com.liferay:com.liferay.object.service
| Versions
[,1.0.96)
H
Prototype Pollution
CVE-2025-8083
Affects
org.webjars.npm:vuetify
| Versions
[2.2.1,3.0.0)
M
Directory Traversal
CVE-2025-67643
Affects
org.jenkinsci.plugins:pipeline-reporter-by-redpen
| Versions
[0,]
H
Cross-site Scripting (XSS)
CVE-2025-67641
Affects
io.jenkins.plugins:coverage
| Versions
[,2.3056.v1dfe888b_0249)
M
Improper Ownership Management
CVE-2025-67642
Affects
com.datapipe.jenkins.plugins:hashicorp-vault-plugin
| Versions
[0,]
M
Command Injection
CVE-2025-67640
Affects
org.jenkins-ci.plugins:git-client
| Versions
[,6.4.1)
H
Improper Resource Shutdown or Release
CVE-2025-67635
Affects
org.jenkins-ci.main:jenkins-core
| Versions
[,2.528.3)
[2.529,2.541)
H
Improper Resource Shutdown or Release
CVE-2025-67635
Affects
org.jenkins-ci.main:cli
| Versions
[,2.528.3)
[2.529,2.541)
M
Missing Authorization
CVE-2025-67636
Affects
org.jenkins-ci.main:jenkins-core
| Versions
[,2.528.3)
[2.529,2.541)
M
Cleartext Storage of Sensitive Information
CVE-2025-67637
Affects
org.jenkins-ci.main:jenkins-core
| Versions
[,2.528.3)
[2.529,2.541)
M
Insufficiently Protected Credentials
CVE-2025-67638
Affects
org.jenkins-ci.main:jenkins-core
| Versions
[,2.528.3)
[2.529,2.541)
M
Cross-site Request Forgery (CSRF)
CVE-2025-67639
Affects
org.jenkins-ci.main:jenkins-core
| Versions
[,2.528.3)
[2.529,2.541)
H
Deserialization of Untrusted Data
CVE-2025-26866
Affects
org.apache.hugegraph:hg-pd-core
| Versions
[,1.7.0)