FLAT-FEYD5 (CVE-2026-23745)
Lack of data validation - Path Traversal In tar
5.5
Medium
Affects: npm
Package: tar
FLAT-3B1AA (CVE-2026-23744)
Authentication mechanism absence or evasion In @mcpjam/inspector
8.4
High
Affects: npm
Package: @mcpjam/inspector
FLAT-5WGTS (CVE-2026-23735)
Race condition In graphql-modules
6.6
Medium
Affects: npm
Package: graphql-modules
FLAT-66H1W (GHSA-38cw-85xc-xr9x)
SQL injection - Code In @veramo/data-store
6.1
Medium
Affects: npm
Package: @veramo/data-store
FLAT-2IKLG (CVE-2026-23742)
Server side template injection In github.com/zalando/skipper
5.8
Medium
Affects: go
Package: github.com/zalando/skipper
FLAT-CY0P2 (GHSA-gw32-9rmw-qwww)
Server side cross-site scripting In svelte
5.7
Medium
Affects: npm
Package: svelte
FLAT-9K611 (CVE-2026-23643)
Reflected cross-site scripting (XSS) In cakephp/cakephp
1.2
Low
Affects: composer
Package: cakephp/cakephp
FLAT-46EJE (GHSA-5882-5rx9-xgxp)
Server side template injection In crawl4ai
8.4
High
Affects: pip
Package: crawl4ai
FLAT-VH74I (GHSA-vx9w-5cx4-9796)
Lack of data validation - Path Traversal In crawl4ai
7.8
High
Affects: pip
Package: crawl4ai
FLAT-4LSTK (CVE-2026-23645)
Server side cross-site scripting In github.com/siyuan-note/siyuan/kernel
1.3
Low
Affects: go
Package: github.com/siyuan-note/siyuan/kernel
FLAT-OV7QS (GHSA-mpwp-4h2m-765c)
OS Command Injection In activejob
6.6
Medium
Affects: gem
Package: activejob
FLAT-5XKOT (GHSA-5qw5-wf2q-f538)
SQL injection - Code In activerecord-jdbc-adapter
8.0
High
Affects: gem
Package: activerecord-jdbc-adapter
FLAT-31AU0 (CVE-2026-23490)
Asymmetric denial of service - ReDoS In pyasn1
7.7
High
Affects: pip
Package: pyasn1
FLAT-VNO4D (CVE-2026-23535)
Lack of data validation - Path Traversal In wlc
4.1
Medium
Affects: pip
Package: wlc
FLAT-7DYSD (CVE-2026-23528)
Reflected cross-site scripting (XSS) In distributed
1.3
Low
Affects: pip
Package: distributed
FLAT-HBJNU (CVE-2025-15104)
Server-side request forgery (SSRF) In vnu-jar
2.7
Low
Affects: npm
Package: vnu-jar
FLAT-74TIX (MAL-2026-322)
Use of software with malware In admin10001
5.2
Medium
Affects: npm
Package: admin10001
FLAT-YYQWN (CVE-2025-68675)
Sensitive information stored in logs In apache-airflow
0.0
Unknown
Affects: pip
Package: apache-airflow
FLAT-E4X7F (CVE-2025-14435)
Asymmetric denial of service In github.com/mattermost/mattermost/server/v8
0.0
Unknown
Affects: go
Package: github.com/mattermost/mattermost/server/v8
FLAT-PZNFS (CVE-2025-68438)
Sensitive information sent insecurely In apache-airflow
6.3
Medium
Affects: pip
Package: apache-airflow
FLAT-GQOHW (MAL-2026-321)
Use of software with malware In flip-prx
5.2
Medium
Affects: npm
Package: flip-prx
FLAT-BXXBG (CVE-2025-14822)
Improper resource allocation In github.com/mattermost/mattermost/server/v8
0.0
Unknown
Affects: go
Package: github.com/mattermost/mattermost/server/v8
FLAT-RPOC0 (CVE-2026-0858)
Server side cross-site scripting In net.sourceforge.plantuml:plantuml
1.2
Low
Affects: maven
Package: net.sourceforge.plantuml:plantuml
FLAT-F1SO0 (MAL-2026-319)
Use of software with malware In vue_frontend_rpc
5.2
Medium
Affects: npm
Package: vue_frontend_rpc
FLAT-OR5WO (MAL-2026-303)
Use of software with malware In sd-active-conversation-module-client
5.2
Medium
Affects: npm
Package: sd-active-conversation-module-client
FLAT-AARID (MAL-2026-293)
Use of software with malware In lusha-micro-app-messages
5.2
Medium
Affects: npm
Package: lusha-micro-app-messages
FLAT-TKFP8 (MAL-2026-284)
Use of software with malware In flag-v211
5.2
Medium
Affects: npm
Package: flag-v211
FLAT-42JHE (MAL-2026-261)
Use of software with malware In @spx-delivery/react
5.2
Medium
Affects: npm
Package: @spx-delivery/react
FLAT-ZQ5H6 (MAL-2026-305)
Use of software with malware In sd-ccp-module-client
5.2
Medium
Affects: npm
Package: sd-ccp-module-client
FLAT-C78HQ (MAL-2026-270)
Use of software with malware In base-ui-vue3
5.2
Medium
Affects: npm
Package: base-ui-vue3
FLAT-S8PVP (MAL-2026-267)
Use of software with malware In alf-ui-js
5.2
Medium
Affects: npm
Package: alf-ui-js
FLAT-1BW0A (MAL-2026-266)
Use of software with malware In @wbgo/shared
5.2
Medium
Affects: npm
Package: @wbgo/shared
FLAT-8EJTF (MAL-2026-299)
Use of software with malware In origin_response_handler
5.2
Medium
Affects: npm
Package: origin_response_handler
FLAT-KE1Y0 (MAL-2026-283)
Use of software with malware In flag-v21
5.2
Medium
Affects: npm
Package: flag-v21
FLAT-BGATJ (MAL-2026-306)
Use of software with malware In sd-cip-module-client
5.2
Medium
Affects: npm
Package: sd-cip-module-client
FLAT-WFDFC (MAL-2026-304)
Use of software with malware In sd-agent-toolbar-module-client
5.2
Medium
Affects: npm
Package: sd-agent-toolbar-module-client
FLAT-YSM32 (MAL-2026-314)
Use of software with malware In styled-system-old
5.2
Medium
Affects: npm
Package: styled-system-old
FLAT-KKTSK (MAL-2026-277)
Use of software with malware In cognito-auth-plugin
5.2
Medium
Affects: npm
Package: cognito-auth-plugin
FLAT-BF3JV (MAL-2026-265)
Use of software with malware In @wb-team/uikit-myteam-web
5.2
Medium
Affects: npm
Package: @wb-team/uikit-myteam-web
FLAT-RPMWP (MAL-2026-259)
Use of software with malware In @riag-libs/pattern-library-react-hooks
5.2
Medium
Affects: npm
Package: @riag-libs/pattern-library-react-hooks
FLAT-34RYW (MAL-2026-269)
Use of software with malware In auc-2-lib
5.2
Medium
Affects: npm
Package: auc-2-lib
FLAT-280VS (MAL-2026-318)
Use of software with malware In victim-package-a
5.2
Medium
Affects: npm
Package: victim-package-a
FLAT-4SJQ4 (MAL-2026-296)
Use of software with malware In nyse-web-tools-common
5.2
Medium
Affects: npm
Package: nyse-web-tools-common
FLAT-4TC7E (MAL-2026-264)
Use of software with malware In @ux-foundry/palette
5.2
Medium
Affects: npm
Package: @ux-foundry/palette
FLAT-BQHEO (MAL-2026-310)
Use of software with malware In sky1oauth2
5.2
Medium
Affects: npm
Package: sky1oauth2
FLAT-6DPDK (MAL-2026-289)
Use of software with malware In js-observability
5.2
Medium
Affects: npm
Package: js-observability
FLAT-WVEXR (MAL-2026-313)
Use of software with malware In spire.officejs-fonts
5.2
Medium
Affects: npm
Package: spire.officejs-fonts
FLAT-HVIB4 (MAL-2026-317)
Use of software with malware In textual-sorter-lib
5.2
Medium
Affects: npm
Package: textual-sorter-lib
FLAT-63D1P (MAL-2026-285)
Use of software with malware In focus-trap-v2
5.2
Medium
Affects: npm
Package: focus-trap-v2
FLAT-4RMPS (MAL-2026-297)
Use of software with malware In omnicore-ds2-sdk
5.2
Medium
Affects: npm
Package: omnicore-ds2-sdk
FLAT-QP9H5 (MAL-2026-291)
Use of software with malware In lead-ion
5.2
Medium
Affects: npm
Package: lead-ion
FLAT-H5FCT (MAL-2026-292)
Use of software with malware In lusha-integrations-widgets
5.2
Medium
Affects: npm
Package: lusha-integrations-widgets
FLAT-9AS69 (MAL-2026-281)
Use of software with malware In eniram-web-common-ui
5.2
Medium
Affects: npm
Package: eniram-web-common-ui
FLAT-21L2P (MAL-2026-301)
Use of software with malware In react-sitecore-library
5.2
Medium
Affects: npm
Package: react-sitecore-library
FLAT-I9Z49 (MAL-2026-290)
Use of software with malware In kc-fe-cli
5.2
Medium
Affects: npm
Package: kc-fe-cli
FLAT-BXSBG (MAL-2026-316)
Use of software with malware In tailwind-merge-v3
5.2
Medium
Affects: npm
Package: tailwind-merge-v3
FLAT-HB469 (MAL-2026-271)
Use of software with malware In bve-react-ui-kit
5.2
Medium
Affects: npm
Package: bve-react-ui-kit
FLAT-AKVEY (MAL-2026-295)
Use of software with malware In lusha-widgets
5.2
Medium
Affects: npm
Package: lusha-widgets
FLAT-ZBS8G (MAL-2026-287)
Use of software with malware In idel2-content
5.2
Medium
Affects: npm
Package: idel2-content
FLAT-4MJHT (MAL-2026-302)
Use of software with malware In s3-cache-handler
5.2
Medium
Affects: npm
Package: s3-cache-handler
FLAT-0MRE3 (MAL-2026-320)
Use of software with malware In zis-common-lib
5.2
Medium
Affects: npm
Package: zis-common-lib
FLAT-4LE7C (MAL-2026-268)
Use of software with malware In assurance-common-components
5.2
Medium
Affects: npm
Package: assurance-common-components
FLAT-J04US (MAL-2026-312)
Use of software with malware In spire.officejs-externs
5.2
Medium
Affects: npm
Package: spire.officejs-externs
FLAT-10UPT (MAL-2026-273)
Use of software with malware In chakra-ui-2--react-utils
5.2
Medium
Affects: npm
Package: chakra-ui-2--react-utils
FLAT-0Y4Y7 (MAL-2026-280)
Use of software with malware In dws-dx
5.2
Medium
Affects: npm
Package: dws-dx
FLAT-N2Z3C (MAL-2026-260)
Use of software with malware In @servicepoint/vue-project
5.2
Medium
Affects: npm
Package: @servicepoint/vue-project
FLAT-N705Z (MAL-2026-315)
Use of software with malware In tailwind-merge-v2
5.2
Medium
Affects: npm
Package: tailwind-merge-v2
FLAT-N1EKQ (MAL-2026-307)
Use of software with malware In sd-conversation-history-module-client
5.2
Medium
Affects: npm
Package: sd-conversation-history-module-client
FLAT-R8IJR (MAL-2026-309)
Use of software with malware In sd-pdc-module-client
5.2
Medium
Affects: npm
Package: sd-pdc-module-client
FLAT-XCL5Z (MAL-2026-294)
Use of software with malware In lusha-ui-components
5.2
Medium
Affects: npm
Package: lusha-ui-components
FLAT-V89Y2 (MAL-2026-311)
Use of software with malware In sparkling-router
5.2
Medium
Affects: npm
Package: sparkling-router
FLAT-TZLQK (MAL-2026-288)
Use of software with malware In insightvm-ui-nav-menus
5.2
Medium
Affects: npm
Package: insightvm-ui-nav-menus
FLAT-US4VM (MAL-2026-276)
Use of software with malware In closure-net
5.2
Medium
Affects: npm
Package: closure-net
FLAT-N07G9 (MAL-2026-274)
Use of software with malware In chakra-ui-2--styled-system
5.2
Medium
Affects: npm
Package: chakra-ui-2--styled-system
FLAT-SX3NG (MAL-2026-279)
Use of software with malware In dibels8-content
5.2
Medium
Affects: npm
Package: dibels8-content
FLAT-Q3MNR (MAL-2026-308)
Use of software with malware In sd-navbar-module-client
5.2
Medium
Affects: npm
Package: sd-navbar-module-client
FLAT-P1VMR (MAL-2026-263)
Use of software with malware In @spx-workforceops/shared-vue
5.2
Medium
Affects: npm
Package: @spx-workforceops/shared-vue
FLAT-2J37V (MAL-2026-300)
Use of software with malware In presentation-test-utilities
5.2
Medium
Affects: npm
Package: presentation-test-utilities
FLAT-2MI6Y (MAL-2026-286)
Use of software with malware In forms-new-design
5.2
Medium
Affects: npm
Package: forms-new-design
FLAT-LCYWH (MAL-2026-262)
Use of software with malware In @spx-smartsorting/vue
5.2
Medium
Affects: npm
Package: @spx-smartsorting/vue
FLAT-NY5GO (MAL-2026-272)
Use of software with malware In chakra-ui-2--react
5.2
Medium
Affects: npm
Package: chakra-ui-2--react
FLAT-2RC0M (MAL-2026-275)
Use of software with malware In chakra-ui-2--theme-tools
5.2
Medium
Affects: npm
Package: chakra-ui-2--theme-tools
FLAT-2KX2N (MAL-2026-278)
Use of software with malware In comstrap
5.2
Medium
Affects: npm
Package: comstrap
FLAT-LKC7C (MAL-2026-298)
Use of software with malware In omnicore-ds2-sdk2
5.2
Medium
Affects: npm
Package: omnicore-ds2-sdk2
FLAT-KHSNP (CVE-2026-22045)
Improper resource allocation In github.com/traefik/traefik/v3
6.3
Medium
Affects: go
Package: github.com/traefik/traefik/v3
FLAT-WGSCI (GHSA-rwr8-xrpw-9qf5)
Non-upgradable dependencies In solspace/craft-freeform
1.3
Low
Affects: composer
Package: solspace/craft-freeform
FLAT-DLRDF (GHSA-44jg-mv3h-wj6g)
Server side cross-site scripting In solspace/craft-freeform
1.1
Low
Affects: composer
Package: solspace/craft-freeform
FLAT-WBUZP (CVE-2026-22775)
Asymmetric denial of service In devalue
7.7
High
Affects: npm
Package: devalue
FLAT-VQA2N (CVE-2026-1002)
HTTP request smuggling In io.vertx:vertx-core
2.7
Low
Affects: maven
Package: io.vertx:vertx-core
FLAT-KWQZM (CVE-2025-68671)
Security controls bypass or absence In github.com/treeverse/lakefs
1.7
Low
Affects: go
Package: github.com/treeverse/lakefs
FLAT-KD44E (CVE-2026-23634)
Excessive privileges In pepr
1.7
Low
Affects: npm
Package: pepr
FLAT-4W9I6 (CVE-2025-15265)
Server side cross-site scripting In svelte
1.3
Low
Affects: npm
Package: svelte
FLAT-ZATI2 (GHSA-58q2-9x27-h2jm)
Inadequate file size control In solspace/craft-freeform
2.7
Low
Affects: composer
Package: solspace/craft-freeform
FLAT-9H2RC (CVE-2026-23622)
Cross-site request forgery In alextselegidis/easyappointments
6.3
Medium
Affects: composer
Package: alextselegidis/easyappointments
FLAT-HZ258 (CVE-2026-23527)
HTTP request smuggling In h3
8.3
High
Affects: npm
Package: h3
FLAT-URXXX (CVE-2026-23520)
Remote command execution In github.com/getarcaneapp/arcane/backend
5.8
Medium
Affects: go
Package: github.com/getarcaneapp/arcane/backend
FLAT-NDD8J (CVE-2021-47776)
Server-side request forgery (SSRF) In umbracocms
2.7
Low
Affects: nuget
Package: umbracocms
FLAT-R5OSU (CVE-2021-47763)
SQL injection - Code In aimeos/aimeos-laravel
6.7
Medium
Affects: composer
Package: aimeos/aimeos-laravel
FLAT-Z4QMA (CVE-2026-23511)
User enumeration In github.com/zitadel/zitadel
2.7
Low
Affects: go
Package: github.com/zitadel/zitadel
FLAT-JDL6X (CVE-2026-23496)
Improper authorization control for web services In pimcore/web2print-tools-bundle
2.3
Low
Affects: composer
Package: pimcore/web2print-tools-bundle