FLAT-7OAC4 (CVE-2026-44561)
Authentication mechanism absence or evasion In open-webui
1.2
Low
Affects: PyPI
Package: open-webui
FLAT-S7ENF (CVE-2026-44563)
Improper authorization control for web services In open-webui
0.6
Low
Affects: PyPI
Package: open-webui
FLAT-1T6S9 (CVE-2026-44562)
Improper authorization control for web services In open-webui
7.5
High
Affects: PyPI
Package: open-webui
FLAT-P3IMV (CVE-2026-44559)
Improper authorization control for web services In open-webui
0.6
Low
Affects: PyPI
Package: open-webui
FLAT-NV5LO (CVE-2026-44557)
Business information leak In open-webui
1.3
Low
Affects: PyPI
Package: open-webui
FLAT-AYV6Q (CVE-2026-44554)
Improper authorization control for web services In open-webui
5.8
Medium
Affects: PyPI
Package: open-webui
FLAT-GPHGE (CVE-2026-44558)
Authentication mechanism absence or evasion In open-webui
0.6
Low
Affects: PyPI
Package: open-webui
FLAT-C6SZH (CVE-2026-44556)
Improper authorization control for web services In open-webui
5.8
Medium
Affects: PyPI
Package: open-webui
FLAT-1VWJ2 (CVE-2026-44555)
Improper authorization control for web services In open-webui
2.4
Low
Affects: PyPI
Package: open-webui
FLAT-JLPWG (CVE-2026-44553)
Insecure session expiration time In open-webui
5.8
Medium
Affects: PyPI
Package: open-webui
FLAT-7NSV1 (CVE-2026-44550)
Improper authorization control for web services In open-webui
1.3
Low
Affects: PyPI
Package: open-webui
FLAT-BH7V6 (CVE-2026-44551)
Authentication mechanism absence or evasion In open-webui
8.1
High
Affects: PyPI
Package: open-webui
FLAT-S8OWR (CVE-2026-44737)
Server side cross-site scripting In getgrav/grav
2.2
Low
Affects: Packagist
Package: getgrav/grav
FLAT-0R7UU (MAL-2026-3400)
Use of software with malware In typo-crypto
5.2
Medium
Affects: Npm
Package: typo-crypto
FLAT-A8411 (CVE-2026-44680)
SQL injection - Code In @mikro-orm/sql
6.1
Medium
Affects: Npm
Package: @mikro-orm/sql
FLAT-RNLLD (CVE-2026-6322)
Remote command execution In fast-uri
6.5
Medium
Affects: Npm
Package: fast-uri
FLAT-6JYX0 (CVE-2026-44499)
Asymmetric denial of service In zebrad
6.6
Medium
Affects: Cargo
Package: zebrad
FLAT-8N9Z0 (CVE-2026-44502)
Server-side request forgery (SSRF) In bugsink
0.6
Low
Affects: PyPI
Package: bugsink
FLAT-K3BP7 (CVE-2026-44588)
Server side cross-site scripting In github.com/siyuan-note/siyuan/kernel
7.6
High
Affects: Go
Package: github.com/siyuan-note/siyuan/kernel
FLAT-DKZ0T (CVE-2026-44721)
Server side cross-site scripting In open-webui
7.2
High
Affects: PyPI
Package: open-webui
FLAT-8SVV7 (CVE-2026-43944)
Lack of data validation In electerm
7.7
High
Affects: Npm
Package: electerm
FLAT-ZAAYO (CVE-2026-43943)
Remote command execution In electerm
5.6
Medium
Affects: Npm
Package: electerm
FLAT-2D6HQ (CVE-2026-43942)
Non-encrypted confidential information In electerm
1.6
Low
Affects: Npm
Package: electerm
FLAT-HYCHD (CVE-2026-43941)
Uncontrolled external site redirect In electerm
5.6
Medium
Affects: Npm
Package: electerm
FLAT-NN3YC (CVE-2026-43940)
Lack of data validation - Path Traversal In electerm
6.1
Medium
Affects: Npm
Package: electerm
FLAT-812PM (GHSA-pvmv-cwg8-v6c8)
Missing subresource integrity check In zebra-script
7.9
High
Affects: Cargo
Package: zebra-script
FLAT-9KW0B (GHSA-r8cj-3554-33mr)
Improper resource allocation In justhtml
2.4
Low
Affects: PyPI
Package: justhtml
FLAT-64XKY (MAL-2026-3399)
Use of software with malware In money-badger-open-rpc-test-bugbount
5.2
Medium
Affects: Npm
Package: money-badger-open-rpc-test-bugbount
FLAT-DNK6M (CVE-2026-44714)
Lack of data validation In org.bitcoinj:bitcoinj-core
7.7
High
Affects: Maven
Package: org.bitcoinj:bitcoinj-core
FLAT-Z0DKF (GHSA-7hgr-xvrr-xpw3)
Insecure session management In github.com/nhost/nhost
0.6
Low
Affects: Go
Package: github.com/nhost/nhost
FLAT-SUK76 (CVE-2026-44310)
Lack of data validation In github.com/sigstore/gitsign
0.5
Low
Affects: Go
Package: github.com/sigstore/gitsign
FLAT-AEW2V (GHSA-q9m2-fhv9-3jcf)
Lack of data validation - Path Traversal In potato-annotation
1.2
Low
Affects: PyPI
Package: potato-annotation
FLAT-MGLVI (CVE-2026-42876)
Excessive privileges In github.com/external-secrets/external-secrets/apis
0.6
Low
Affects: Go
Package: github.com/external-secrets/external-secrets/apis
FLAT-CHGD2 (CVE-2026-44430)
Server-side request forgery (SSRF) In github.com/modelcontextprotocol/registry
1.7
Low
Affects: Go
Package: github.com/modelcontextprotocol/registry
FLAT-XB7YZ (CVE-2026-44429)
Server side cross-site scripting In github.com/modelcontextprotocol/registry
1.2
Low
Affects: Go
Package: github.com/modelcontextprotocol/registry
FLAT-5SSWJ (CVE-2026-6321)
Improper type assignation In fast-uri
7.8
High
Affects: Npm
Package: fast-uri
FLAT-0GJ07 (CVE-2026-7768)
Inadequate file size control In @fastify/accepts-serializer
7.7
High
Affects: Npm
Package: @fastify/accepts-serializer
FLAT-7D4QQ (CVE-2026-44671)
LDAP injection In github.com/zitadel/zitadel
6.3
Medium
Affects: Go
Package: github.com/zitadel/zitadel
FLAT-PWW3X (CVE-2026-44428)
Server-side request forgery (SSRF) In github.com/modelcontextprotocol/registry
0.5
Low
Affects: Go
Package: github.com/modelcontextprotocol/registry
FLAT-1ERR7 (CVE-2026-44427)
Uncontrolled external site redirect In github.com/modelcontextprotocol/registry
4.9
Medium
Affects: Go
Package: github.com/modelcontextprotocol/registry
FLAT-GC7D2 (GHSA-8g7g-hmwm-6rv2)
Server-side request forgery (SSRF) In n8n-mcp
5.9
Medium
Affects: Npm
Package: n8n-mcp
FLAT-H48JY (CVE-2026-44694)
Server-side request forgery (SSRF) In n8n-mcp
4.3
Medium
Affects: Npm
Package: n8n-mcp
FLAT-AG3RO (CVE-2026-44212)
Server side cross-site scripting In prestashop/prestashop
7.5
High
Affects: Packagist
Package: prestashop/prestashop
FLAT-BLRRY (CVE-2026-44670)
Lack of data validation - Modify DOM Elements In github.com/siyuan-note/siyuan/kernel
7.7
High
Affects: Go
Package: github.com/siyuan-note/siyuan/kernel
FLAT-UDWOX (GHSA-52cq-7v8r-62c6)
Authentication mechanism absence or evasion In gmaps-mcp
4.9
Medium
Affects: PyPI
Package: gmaps-mcp
FLAT-IQA1U (CVE-2026-44665)
XML injection (XXE) In fast-xml-builder
6.6
Medium
Affects: Npm
Package: fast-xml-builder
FLAT-Z09RK (CVE-2026-44664)
XML injection (XXE) In fast-xml-builder
1.7
Low
Affects: Npm
Package: fast-xml-builder
FLAT-1DBLY (GHSA-2cm2-m3w5-gp2f)
Security controls bypass or absence In vm2
1.2
Low
Affects: Npm
Package: vm2
FLAT-BZ3JW (CVE-2026-44009)
Sensitive information sent insecurely In vm2
9.1
Critical
Affects: Npm
Package: vm2
FLAT-FP0A1 (CVE-2026-44008)
Sensitive information sent insecurely In vm2
8.4
High
Affects: Npm
Package: vm2
FLAT-R95GH (MAL-2026-3398)
Use of software with malware In ninja-ssh-proto
5.2
Medium
Affects: PyPI
Package: ninja-ssh-proto
FLAT-6Y7MH (CVE-2026-40295)
Uncontrolled external site redirect In devise
0.6
Low
Affects: RubyGems
Package: devise
FLAT-D418W (MAL-2026-3397)
Use of software with malware In tecken
5.2
Medium
Affects: Npm
Package: tecken
FLAT-WPAX1 (MAL-2026-3395)
Use of software with malware In coral-dev-proxy
5.2
Medium
Affects: Npm
Package: coral-dev-proxy
FLAT-0N84A (MAL-2026-3396)
Use of software with malware In ninja-core-optimizer
5.2
Medium
Affects: PyPI
Package: ninja-core-optimizer
FLAT-QE7CB (MAL-2026-3394)
Use of software with malware In @gaia-codesearch/gaia-api-typescript
5.2
Medium
Affects: Npm
Package: @gaia-codesearch/gaia-api-typescript
FLAT-770EC (MAL-2026-3387)
Use of software with malware In @gaia-codesearch/gaia-api-python
5.2
Medium
Affects: Npm
Package: @gaia-codesearch/gaia-api-python
FLAT-IAITS (MAL-2026-3389)
Use of software with malware In eth-wallet-kit
5.2
Medium
Affects: PyPI
Package: eth-wallet-kit
FLAT-EOEL8 (MAL-2026-3392)
Use of software with malware In wallet-scanner-pro
5.2
Medium
Affects: PyPI
Package: wallet-scanner-pro
FLAT-J309I (MAL-2026-3391)
Use of software with malware In tron-energy-sdk
5.2
Medium
Affects: PyPI
Package: tron-energy-sdk
FLAT-TKSKG (MAL-2026-3388)
Use of software with malware In crypto-bot-utils
5.2
Medium
Affects: PyPI
Package: crypto-bot-utils
FLAT-LPAKR (MAL-2026-3393)
Use of software with malware In web3-tool-sdk
5.2
Medium
Affects: PyPI
Package: web3-tool-sdk
FLAT-C5DAR (MAL-2026-3390)
Use of software with malware In solana-py-sdk
5.2
Medium
Affects: PyPI
Package: solana-py-sdk
FLAT-NHE9Q (MAL-2026-3380)
Use of software with malware In justinleaguekems
5.2
Medium
Affects: PyPI
Package: justinleaguekems
FLAT-MMBUE (MAL-2026-3386)
Use of software with malware In yeahmankema
5.2
Medium
Affects: PyPI
Package: yeahmankema
FLAT-UC5ZE (MAL-2026-3383)
Use of software with malware In wallet-utils-pro
5.2
Medium
Affects: PyPI
Package: wallet-utils-pro
FLAT-C2MM0 (MAL-2026-3381)
Use of software with malware In solana-scanner
5.2
Medium
Affects: PyPI
Package: solana-scanner
FLAT-O6A76 (MAL-2026-3378)
Use of software with malware In eth-toolkit
5.2
Medium
Affects: PyPI
Package: eth-toolkit
FLAT-93TBH (MAL-2026-3377)
Use of software with malware In crypto-wallet-utils
5.2
Medium
Affects: PyPI
Package: crypto-wallet-utils
FLAT-4HI1H (MAL-2026-3385)
Use of software with malware In web3-helper
5.2
Medium
Affects: PyPI
Package: web3-helper
FLAT-T6MJT (MAL-2026-3384)
Use of software with malware In web3-connect
5.2
Medium
Affects: PyPI
Package: web3-connect
FLAT-BUAKK (MAL-2026-3382)
Use of software with malware In solana-wallet-utils
5.2
Medium
Affects: PyPI
Package: solana-wallet-utils
FLAT-CDE48 (MAL-2026-3379)
Use of software with malware In eth-web3-utils
5.2
Medium
Affects: PyPI
Package: eth-web3-utils
FLAT-ISR7Z (MAL-2026-3375)
Use of software with malware In crypto-kit-pro
5.2
Medium
Affects: PyPI
Package: crypto-kit-pro
FLAT-H0ITQ (MAL-2026-3376)
Use of software with malware In solana-wallet-sdk
5.2
Medium
Affects: PyPI
Package: solana-wallet-sdk
FLAT-UH2PO (MAL-2026-3374)
Use of software with malware In playgod
5.2
Medium
Affects: Npm
Package: playgod
FLAT-8QQKA (CVE-2026-8124)
Improper resource allocation In gpac
1.1
Low
Affects: Debian
Package: gpac
FLAT-FN2CB (CVE-2026-44662)
Lack of data validation In openssl
1.2
Low
Affects: Cargo
Package: openssl
FLAT-KXN96 (CVE-2026-44661)
Server-side request forgery (SSRF) In utcp-http
6.5
Medium
Affects: PyPI
Package: utcp-http
FLAT-C5N7Z (GHSA-v7qw-hx66-4w9x)
Server side cross-site scripting In netbox-data-flows
5.7
Medium
Affects: PyPI
Package: netbox-data-flows
FLAT-H5A58 (CVE-2026-40214)
Improper authorization control for web services In cyborg
2.3
Low
Affects: Debian
Package: cyborg
FLAT-YJ2DD (CVE-2026-40213)
Improper authorization control for web services In cyborg
5.9
Medium
Affects: Debian
Package: cyborg
FLAT-OPIW7 (GHSA-j7h9-2jh7-g967)
Lack of data validation - Path Traversal In mcp-ssh-tool
6.6
Medium
Affects: Npm
Package: mcp-ssh-tool
FLAT-YIV2Y (CVE-2026-44641)
Lack of data validation - Path Traversal In apm-cli
7.1
High
Affects: PyPI
Package: apm-cli
FLAT-ZEC1G (GHSA-fpw6-hrg5-q5x5)
Insecure session management In github.com/lin-snow/ech0
8.1
High
Affects: Go
Package: github.com/lin-snow/ech0
FLAT-PYMB9 (GHSA-p64j-f4x9-wq66)
Cross-site request forgery In github.com/lin-snow/ech0
5.7
Medium
Affects: Go
Package: github.com/lin-snow/ech0
FLAT-F6SB3 (GHSA-8mc6-xjpr-h98x)
Server-side request forgery (SSRF) In github.com/lin-snow/ech0
3.8
Low
Affects: Go
Package: github.com/lin-snow/ech0
FLAT-WL2KO (MAL-2026-3372)
Use of software with malware In ninja-core-utils
5.2
Medium
Affects: PyPI
Package: ninja-core-utils
FLAT-ARV0I (GHSA-pj6q-4vq4-r8cg)
Asymmetric denial of service In github.com/lin-snow/ech0
7.8
High
Affects: Go
Package: github.com/lin-snow/ech0
FLAT-74B94 (GHSA-rgj7-vg8v-j4wr)
Improper authorization control for web services In github.com/lin-snow/ech0
2.7
Low
Affects: Go
Package: github.com/lin-snow/ech0
FLAT-N536F (GHSA-3v85-fqvh-7rxf)
Server side cross-site scripting In github.com/lin-snow/ech0
1.1
Low
Affects: Go
Package: github.com/lin-snow/ech0
FLAT-VX2TC (GHSA-rj4g-rqgh-rx9h)
Business information leak In github.com/lin-snow/ech0
2.7
Low
Affects: Go
Package: github.com/lin-snow/ech0
FLAT-VR7VP (CVE-2026-44523)
Insecure encryption algorithm In github.com/enchant97/note-mark/backend
8.1
High
Affects: Go
Package: github.com/enchant97/note-mark/backend
FLAT-0RT0U (CVE-2026-44522)
Lack of data validation - Path Traversal In github.com/enchant97/note-mark/backend
6.1
Medium
Affects: Go
Package: github.com/enchant97/note-mark/backend
FLAT-9H4MV (GHSA-h4fw-6r7f-w494)
Authentication mechanism absence or evasion In web-auth/webauthn-framework
0.1
Low
Affects: Packagist
Package: web-auth/webauthn-framework
FLAT-B2MKY (GHSA-cwfq-rfcr-8hmp)
Missing subresource integrity check In zebrad
7.7
High
Affects: Cargo
Package: zebrad
FLAT-XWSYR (CVE-2026-44497)
Lack of data validation In zebra-script
7.9
High
Affects: Cargo
Package: zebra-script
FLAT-GZYJX (CVE-2026-44500)
Improper resource allocation In zebra-chain
2.4
Low
Affects: Cargo
Package: zebra-chain
FLAT-9XW0G (CVE-2026-44498)
Inappropriate coding practices In zebrad
7.7
High
Affects: Cargo
Package: zebrad
FLAT-90XCI (CVE-2026-44589)
Server-side request forgery (SSRF) In nuxt-og-image
6.5
Medium
Affects: Npm
Package: nuxt-og-image