Find out if you have vulnerabilities that put you at risk
Test your applications
Toggle filtering controls
All Vulnerabilities
APPLICATION
Cargo | Rust
Objective-C, CocoaPods | Swift
Composer | PHP
Conan | C/C++
GitHub | Go
Hex | Elixir / Erlang
Maven | Java
npm | JavaScript
NuGet | C#/F#/VB
Pypi | Python
pub | Dart, Flutter
RubyGems | Ruby
Swift Packages | Swift
C/C++
OPERATING SYSTEM
All OS vulnerabilities
AlmaLinux
Alpine Linux
Amazon Linux
CentOS
Chainguard
Debian
MinimOS
Oracle Linux
Red Hat Enterprise Linux
Rocky Linux
SUSE Linux Enterprise Server
Ubuntu
Wolfi
Report a new vulnerability
Vulnerabilities
Packages
H
Prototype Pollution
CVE-2026-54312
Affects
n8n-nodes-base
| Versions
<2.24.0
H
Server-side Request Forgery (SSRF)
CVE-2026-47684
Affects
@sync-in/server
| Versions
<2.3.0
C
Malicious Package
Affects
@cap-js/openapi
| Versions
=1.4.1
H
Missing Authentication for Critical Function
Affects
@agenticmail/mcp
| Versions
<0.9.27
C
Resources Downloaded over Insecure Protocol
Affects
esbuild
| Versions
>=0.17.0 <0.28.1
M
Exposure of Data Element to Wrong Session
CVE-2026-54311
Affects
n8n-nodes-base
| Versions
<2.25.2
>=2.26.0 <2.26.5
L
Directory Traversal
Affects
esbuild
| Versions
>=0.27.3 <0.28.1
H
Arbitrary Code Injection
CVE-2026-49143
Affects
browserstack-runner
| Versions
>=0.0.0
H
Directory Traversal
CVE-2026-49144
Affects
browserstack-runner
| Versions
>=0.0.0
H
Cross-site Scripting (XSS)
CVE-2026-54301
Affects
n8n
| Versions
<1.123.55
>=2.0.0-rc.0 <2.25.7
>=2.26.0 <2.26.2
M
User Impersonation
CVE-2026-54308
Affects
@n8n/n8n-nodes-langchain
| Versions
>=2.7.0 <2.25.2
>=2.26.0 <2.26.1
C
Incorrect Behavior Order
CVE-2026-6556
Affects
@fastify/express
| Versions
<4.0.7
H
Uncontrolled Search Path Element
CVE-2026-54672
Affects
app-builder-bin
| Versions
*
H
Uncontrolled Search Path Element
CVE-2026-54672
Affects
app-builder-lib
| Versions
<26.15.0
H
Insertion of Sensitive Information Into Sent Data
CVE-2026-54673
Affects
builder-util-runtime
| Versions
<9.7.0
M
Directory Traversal
CVE-2026-53766
Affects
chrome-devtools-mcp
| Versions
>=0.24.0 <1.1.0
L
Cross-site Scripting (XSS)
CVE-2026-54326
Affects
@mariozechner/pi-coding-agent
| Versions
*
L
Cross-site Scripting (XSS)
CVE-2026-54326
Affects
@earendil-works/pi-coding-agent
| Versions
<0.78.1
L
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2026-54327
Affects
@mariozechner/pi-coding-agent
| Versions
*
L
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2026-54327
Affects
@earendil-works/pi-coding-agent
| Versions
<0.78.1
M
SQL Injection
CVE-2026-47255
Affects
@agenticmail/api
| Versions
<0.9.32
M
SQL Injection
CVE-2026-47255
Affects
@agenticmail/core
| Versions
<0.9.10
C
Incorrect Authorization
CVE-2026-43945
Affects
@frangoteam/fuxa
| Versions
>=1.2.11 <1.3.1
C
Prototype Pollution
CVE-2026-46681
Affects
@nevware21/ts-utils
| Versions
<0.14.0
L
Cross-site Scripting (XSS)
Affects
@sveltia/cms
| Versions
<0.160.1
H
Server-side Request Forgery (SSRF)
Affects
@karakeep/sdk
| Versions
<0.32.0
C
Arbitrary Code Injection
CVE-2025-63706
Affects
@jswork/next-npm-version
| Versions
*
M
Improper Authorization
CVE-2026-46700
Affects
@actual-app/sync-server
| Versions
<26.6.0
H
Insufficient Session Expiration
CVE-2026-49229
Affects
@actual-app/sync-server
| Versions
<26.6.0
M
Arbitrary Argument Injection
Affects
@cyclonedx/cdxgen
| Versions
<12.4.3