Homepage

Find out if you have vulnerabilities that put you at risk

Test your applications
Toggle filtering controls
Report a new vulnerability
  • H
Improper Restriction of Communication Channel to Intended Endpoints
Affects @grackle-ai/mcp | Versions <0.70.2
Has fix
npmPublished 2 Apr 2026
  • M
Server-side Request Forgery (SSRF)CVE-2026-34746
Affects payload | Versions <3.79.1
Has fix
npmPublished 2 Apr 2026
  • M
Cross-site Scripting (XSS)CVE-2026-34748
Affects @payloadcms/ui | Versions <3.78.0
Has fix
npmPublished 2 Apr 2026
  • M
Cross-site Scripting (XSS)CVE-2026-34748
Affects @payloadcms/plugin-mcp | Versions <3.78.0
Has fix
npmPublished 2 Apr 2026
  • H
Directory TraversalCVE-2026-34750
Affects @payloadcms/storage-s3 | Versions <3.78.0
Has fix
npmPublished 2 Apr 2026
  • H
Directory TraversalCVE-2026-34750
Affects @payloadcms/storage-r2 | Versions <3.78.0
Has fix
npmPublished 2 Apr 2026
  • H
Directory TraversalCVE-2026-34750
Affects @payloadcms/storage-gcs | Versions <3.78.0
Has fix
npmPublished 2 Apr 2026
  • H
Directory TraversalCVE-2026-34750
Affects payload | Versions <3.78.0
Has fix
npmPublished 2 Apr 2026
  • M
Cross-site Request Forgery (CSRF)CVE-2026-34749
Affects payload | Versions <3.79.1
Has fix
npmPublished 2 Apr 2026
  • M
SQL InjectionCVE-2026-34747
Affects payload | Versions <3.79.1
Has fix
npmPublished 2 Apr 2026
  • M
SQL InjectionCVE-2026-34747
Affects @payloadcms/drizzle | Versions <3.79.1
Has fix
npmPublished 2 Apr 2026
  • M
Deserialization of Untrusted DataCVE-2026-2265
Affects replicator | Versions *
No fix available
npmPublished 2 Apr 2026
  • M
Missing Authentication for Critical Function
Affects @grackle-ai/powerline | Versions <0.70.1
Has fix
npmPublished 1 Apr 2026
  • C
Weak Password Recovery Mechanism for Forgotten PasswordCVE-2026-34751
Affects payload | Versions <3.79.1
Has fix
npmPublished 1 Apr 2026
  • C
Weak Password Recovery Mechanism for Forgotten PasswordCVE-2026-34751
Affects @payloadcms/graphql | Versions <3.79.1
Has fix
npmPublished 1 Apr 2026
  • M
Cross-site Scripting (XSS)
Affects @holoviz/panel | Versions <1.8.10-rc.0
Has fix
npmPublished 1 Apr 2026
  • H
Symlink AttackCVE-2026-34604
Affects @tinacms/graphql | Versions <2.2.2
Has fix
npmPublished 1 Apr 2026
  • H
Symlink AttackCVE-2026-34603
Affects @tinacms/graphql | Versions <2.2.2
Has fix
npmPublished 1 Apr 2026
  • C
Malicious Package
Affects @logcore/pino-pretty-logger | Versions *
No fix available
npmPublished 1 Apr 2026
  • C
Malicious Package
Affects mcp-server-todo | Versions *
No fix available
npmPublished 1 Apr 2026
  • C
Malicious Package
Affects base-x-64 | Versions *
No fix available
npmPublished 1 Apr 2026
  • C
Malicious Package
Affects raydium-bs58 | Versions *
No fix available
npmPublished 1 Apr 2026
  • C
Malicious Package
Affects ethersproject-wallet | Versions *
No fix available
npmPublished 1 Apr 2026
  • C
Malicious Package
Affects bs58-basic | Versions *
No fix available
npmPublished 1 Apr 2026
  • C
Malicious Package
Affects jellyfi-pino-pretty-logger | Versions *
No fix available
npmPublished 1 Apr 2026
  • C
Malicious Package
Affects jonas-prettier-logger | Versions *
No fix available
npmPublished 1 Apr 2026
  • C
Malicious Package
Affects base58-engine | Versions *
No fix available
npmPublished 1 Apr 2026
  • C
Malicious Package
Affects base-or-engine | Versions *
No fix available
npmPublished 1 Apr 2026
  • L
SQL Injection
Affects @langchain/google-cloud-sql-pg | Versions <1.0.22
Has fix
npmPublished 1 Apr 2026
  • H
XML InjectionCVE-2026-34601
Affects xmldom | Versions *
No fix available
npmPublished 1 Apr 2026