Find out if you have vulnerabilities that put you at risk
Test your applications
Toggle filtering controls
All Vulnerabilities
APPLICATION
Cargo | Rust
Objective-C, CocoaPods | Swift
Composer | PHP
Conan | C/C++
GitHub | Go
Hex | Elixir / Erlang
Maven | Java
npm | JavaScript
NuGet | C#/F#/VB
Pypi | Python
pub | Dart, Flutter
RubyGems | Ruby
Swift Packages | Swift
C/C++
OPERATING SYSTEM
All OS vulnerabilities
AlmaLinux
Alpine Linux
Amazon Linux
CentOS
Chainguard
Debian
MinimOS
Oracle Linux
Red Hat Enterprise Linux
Rocky Linux
SUSE Linux Enterprise Server
Ubuntu
Wolfi
Report a new vulnerability
Vulnerabilities
Packages
M
Improper Handling of Case Sensitivity
Affects
@bitbonsai/mcpvault
| Versions
<0.11.4
C
User Impersonation
CVE-2026-58399
Affects
@acastellon/auth
| Versions
<2.3.0
H
Missing Authentication for Critical Function
Affects
@agenticmail/core
| Versions
<0.9.43
H
Missing Authentication for Critical Function
Affects
@agenticmail/claudecode
| Versions
<0.2.39
H
Missing Authentication for Critical Function
Affects
@agenticmail/codex
| Versions
<0.1.33
H
Missing Authentication for Critical Function
Affects
@agenticmail/openclaw
| Versions
<0.5.71
C
Prototype Pollution
CVE-2026-55388
Affects
piscina
| Versions
<4.9.3
>=5.0.0-alpha.0 <5.2.0
>=6.0.0-rc.1 <6.0.0-rc.2
H
Server-side Request Forgery (SSRF)
Affects
@cardano402/mcp-server
| Versions
<0.1.2
M
Cross-site Scripting (XSS)
CVE-2026-46492
Affects
md-fileserver
| Versions
<1.10.3
H
Regular Expression Denial of Service (ReDoS)
CVE-2026-48801
Affects
linkify-it
| Versions
<5.0.1
M
Improper Verification of Cryptographic Signature
CVE-2026-48758
Affects
@sigstore/core
| Versions
<3.2.1
M
Missing Authentication for Critical Function
CVE-2026-45577
Affects
neotoma
| Versions
>=0.6.0 <0.11.1
M
Prototype Pollution
CVE-2026-48819
Affects
@hey-api/openapi-ts
| Versions
<0.97.3
H
Use of Cache Containing Sensitive Information
CVE-2026-53943
Affects
ghost
| Versions
>=4.0.0 <6.37.0
H
Server-side Request Forgery (SSRF)
CVE-2026-50143
Affects
@apify/actors-mcp-server
| Versions
<0.10.11
H
Insufficient Verification of Data Authenticity
CVE-2026-48816
Affects
@sigstore/verify
| Versions
>=3.1.0 <3.1.1
H
Improper Verification of Cryptographic Signature
CVE-2026-48815
Affects
sigstore
| Versions
<4.1.1
H
Improper Verification of Cryptographic Signature
CVE-2026-48815
Affects
@sigstore/cli
| Versions
<0.10.0
H
Improper Verification of Cryptographic Signature
CVE-2026-48815
Affects
@sigstore/verify
| Versions
<3.1.1
M
Unprotected Alternate Channel
CVE-2026-49988
Affects
repomix
| Versions
<1.14.1
H
Server-side Request Forgery (SSRF)
CVE-2026-49857
Affects
auth-fetch-mcp
| Versions
<3.0.2
M
Server-side Request Forgery (SSRF)
CVE-2026-49856
Affects
@jshookmcp/jshook
| Versions
>=0.3.1 <0.3.2
H
Arbitrary Argument Injection
CVE-2026-49987
Affects
repomix
| Versions
<1.14.1
C
Insecure Default Initialization of Resource
CVE-2026-47668
Affects
dbgate-api
| Versions
<7.1.9
H
Cross-site Scripting (XSS)
CVE-2026-49864
Affects
wetty
| Versions
<3.0.4
C
Directory Traversal
CVE-2026-47669
Affects
dbgate-api
| Versions
<7.1.9
H
Prototype Pollution
CVE-2026-46625
Affects
js-cookie
| Versions
>=2.0.0 <3.0.7
M
Permissive List of Allowed Inputs
CVE-2026-46341
Affects
@apify/actors-mcp-server
| Versions
<0.9.21
H
Incorrect Authorization
CVE-2026-49473
Affects
@cedar-policy/authorization-for-expressjs
| Versions
<0.3.0
M
Insufficient Session Expiration
CVE-2026-55617
Affects
hydrooj
| Versions
>=4.10.4 <5.0.2