FLAT-OJHJO (MAL-2026-5176)
Use of software with malware In internal-tracker
5.2
Medium
Ecosystem: PyPI
Package: internal-tracker
FLAT-9KYWU (MAL-2026-5166)
Use of software with malware In sourceflow-tracker
5.2
Medium
Ecosystem: Npm
Package: sourceflow-tracker
FLAT-KEPK5 (MAL-2026-4805)
Use of software with malware In metricflow-tracker
5.2
Medium
Ecosystem: Npm
Package: metricflow-tracker
FLAT-IRJIA (MAL-2026-4283)
Use of software with malware In token-usage-tracker
5.2
Medium
Ecosystem: Npm
Package: token-usage-tracker
FLAT-LTCW7 (CVE-2026-41076)
Authentication mechanism absence or evasion In request-tracker4
8.1
High
Ecosystem: Debian
Package: request-tracker4
FLAT-BFAWR (CVE-2026-41075)
SQL injection - Code In request-tracker5
6.1
Medium
Ecosystem: Debian
Package: request-tracker5
FLAT-HFAK2 (CVE-2026-41073)
CSV injection In request-tracker5
0.4
Low
Ecosystem: Debian
Package: request-tracker5
FLAT-E4R8V (CVE-2026-6841)
Reflected cross-site scripting (XSS) In request-tracker5
1.2
Low
Ecosystem: Debian
Package: request-tracker5
FLAT-G8S2Q (MAL-2026-4661)
Use of software with malware In react-tracked-tony
5.2
Medium
Ecosystem: Npm
Package: react-tracked-tony
FLAT-GLR99 (MAL-2026-4460)
Use of software with malware In @trackking/core
5.2
Medium
Ecosystem: Npm
Package: @trackking/core
FLAT-BXHZ8 (MAL-2026-3633)
Use of software with malware In knot-rack-session-store
5.2
Medium
Ecosystem: RubyGems
Package: knot-rack-session-store
FLAT-UNZCP (MAL-2026-3360)
Use of software with malware In @paysafe-tracking/error-monitoring
5.2
Medium
Ecosystem: Npm
Package: @paysafe-tracking/error-monitoring
FLAT-XQODW (MAL-2026-2989)
Use of software with malware In @bmg-web-features/bmg-user-interaction-tracker
5.2
Medium
Ecosystem: Npm
Package: @bmg-web-features/bmg-user-interaction-tracker
FLAT-R8LPK (MAL-2026-2761)
Use of software with malware In f0-fpti-tracking
5.2
Medium
Ecosystem: Npm
Package: f0-fpti-tracking
FLAT-S68WZ (MAL-2026-2753)
Use of software with malware In declarative-tracker
5.2
Medium
Ecosystem: Npm
Package: declarative-tracker
FLAT-KABHQ (MAL-2026-2903)
Use of software with malware In trackora-chain
5.2
Medium
Ecosystem: Npm
Package: trackora-chain
FLAT-8Z6LV (MAL-2026-2904)
Use of software with malware In trackora-node
5.2
Medium
Ecosystem: Npm
Package: trackora-node
FLAT-71GIA (CVE-2026-39324)
Insecurely generated cookies In rack-session
6.9
Medium
Ecosystem: RubyGems
Package: rack-session
FLAT-ZTZX4 (CVE-2021-32773)
Lack of data validation In racket
6.6
Medium
Ecosystem: Alpm
Package: racket
FLAT-5LOGF (MAL-2026-2491)
Use of software with malware In @not-nemo/crypto-tracker
5.2
Medium
Ecosystem: Npm
Package: @not-nemo/crypto-tracker
FLAT-HOVRA (CVE-2026-34835)
Lack of data validation - Path Traversal In rack
1.7
Low
Ecosystem: RubyGems
Package: rack
FLAT-NW51K (CVE-2026-34831)
Insecure encryption algorithm In rack
2.7
Low
Ecosystem: RubyGems
Package: rack
FLAT-TPAT6 (CVE-2026-34830)
Lack of data validation In rack
6.3
Medium
Ecosystem: RubyGems
Package: rack
FLAT-TGEFT (CVE-2026-34829)
Improper resource allocation In rack
6.3
Medium
Ecosystem: RubyGems
Package: rack
FLAT-STWHA (CVE-2026-34763)
Lack of data validation In rack
1.7
Low
Ecosystem: RubyGems
Package: rack
FLAT-JIB0H (CVE-2026-34230)
Improper resource allocation In rack
6.3
Medium
Ecosystem: RubyGems
Package: rack
FLAT-EVUIC (CVE-2026-32762)
Lack of data validation In rack
1.7
Low
Ecosystem: RubyGems
Package: rack
FLAT-6IMGU (CVE-2026-26962)
Lack of data validation In rack
1.7
Low
Ecosystem: RubyGems
Package: rack
FLAT-B7IE6 (CVE-2026-26961)
Lack of data validation In rack
1.7
Low
Ecosystem: RubyGems
Package: rack
FLAT-XE067 (CVE-2026-34827)
Improper resource allocation In rack
7.7
High
Ecosystem: RubyGems
Package: rack
FLAT-ZNW3T (CVE-2026-34826)
Improper resource allocation In rack
6.3
Medium
Ecosystem: RubyGems
Package: rack
FLAT-R6NCQ (CVE-2026-34786)
Insecure functionality In rack
1.7
Low
Ecosystem: RubyGems
Package: rack
FLAT-AZLLN (CVE-2026-34785)
Enabled default configuration In rack
6.3
Medium
Ecosystem: RubyGems
Package: rack
FLAT-73WRY (MAL-2026-2425)
Use of software with malware In bytefrontier-tracker
5.2
Medium
Ecosystem: Npm
Package: bytefrontier-tracker
FLAT-3TCYY (MAL-2026-2426)
Use of software with malware In partner-tracker
5.2
Medium
Ecosystem: Npm
Package: partner-tracker
FLAT-PH9A4 (MAL-2026-2427)
Use of software with malware In partner-tracker-api
5.2
Medium
Ecosystem: Npm
Package: partner-tracker-api
FLAT-SO89D (DSA-6180-1)
Insecure HTTP methods enabled In ruby-rack
1.3
Low
Ecosystem: Debian
Package: ruby-rack
FLAT-V53N2 (GHSA-8g29-8xwr-qmhr)
Asymmetric denial of service In @grackle-ai/server
0.5
Low
Ecosystem: Npm
Package: @grackle-ai/server
FLAT-1TSV9 (GHSA-5j35-xr4g-vwf4)
Insecurely generated cookies In @grackle-ai/server
0.6
Low
Ecosystem: Npm
Package: @grackle-ai/server
FLAT-7GIHL (GHSA-3mjm-x6gw-2x42)
Reflected cross-site scripting (XSS) In @grackle-ai/server
1.3
Low
Ecosystem: Npm
Package: @grackle-ai/server
FLAT-Y8NQQ (GHSA-xq7h-vwjp-5vrh)
Authentication mechanism absence or evasion In @grackle-ai/powerline
1.7
Low
Ecosystem: Npm
Package: @grackle-ai/powerline
FLAT-BV55M (GHSA-w3hv-x4fp-6h6j)
Missing subresource integrity check In @grackle-ai/server
4.9
Medium
Ecosystem: Npm
Package: @grackle-ai/server
FLAT-DLJE3 (GHSA-647h-p824-99w7)
Improper authorization control for web services In @grackle-ai/mcp
6.2
Medium
Ecosystem: Npm
Package: @grackle-ai/mcp
FLAT-M6LB3 (GHSA-7q9x-8g6p-3x75)
Reflected cross-site scripting (XSS) In @grackle-ai/server
0.6
Low
Ecosystem: Npm
Package: @grackle-ai/server
FLAT-CSN0U (DLA-4505-1)
Insecure HTTP methods enabled In ruby-rack
0.6
Low
Ecosystem: Debian
Package: ruby-rack
FLAT-R528D (MAL-2026-1647)
Use of software with malware In adobe-tracking
5.2
Medium
Ecosystem: Npm
Package: adobe-tracking
FLAT-GR0G1 (MAL-2026-1457)
Use of software with malware In tracking-service-config
5.2
Medium
Ecosystem: Npm
Package: tracking-service-config
FLAT-AB88Y (CVE-2026-1767)
Lack of data validation - Path Traversal In tracker-miners
5.7
Medium
Ecosystem: RPM
Package: tracker-miners
FLAT-RBABB (CVE-2026-1766)
Lack of data validation In tracker-miners
3.8
Low
Ecosystem: RPM
Package: tracker-miners
FLAT-EDAN1 (CVE-2026-1765)
Lack of data validation In tracker-miners
1.8
Low
Ecosystem: RPM
Package: tracker-miners
FLAT-MMYSL (CVE-2026-1764)
Lack of data validation - Path Traversal In tracker-miners
5.7
Medium
Ecosystem: RPM
Package: tracker-miners
FLAT-CUOSJ (CVE-2026-25500)
Server side cross-site scripting In ruby-rack
0.1
Low
Ecosystem: Debian
Package: ruby-rack
FLAT-EHLW5 (CVE-2026-22860)
Lack of data validation - Path Traversal In ruby-rack
4.6
Medium
Ecosystem: Debian
Package: ruby-rack
FLAT-LCLCL (MAL-2025-192644)
Use of software with malware In usage-tracker-janus
5.2
Medium
Ecosystem: Npm
Package: usage-tracker-janus
FLAT-HWUUB (MAL-2025-192472)
Use of software with malware In elf-stats-candlelit-nutcracker-184
5.2
Medium
Ecosystem: Npm
Package: elf-stats-candlelit-nutcracker-184
FLAT-CRVF7 (MAL-2025-192530)
Use of software with malware In elf-stats-snuggly-nutcracker-187
5.2
Medium
Ecosystem: Npm
Package: elf-stats-snuggly-nutcracker-187
FLAT-YSP82 (MAL-2025-192229)
Use of software with malware In elf-stats-sleighing-nutcracker-806
5.2
Medium
Ecosystem: Npm
Package: elf-stats-sleighing-nutcracker-806
FLAT-R4FG7 (MAL-2025-192215)
Use of software with malware In elf-stats-glittering-nutcracker-709
5.2
Medium
Ecosystem: Npm
Package: elf-stats-glittering-nutcracker-709
FLAT-MUFBB (MAL-2025-192061)
Use of software with malware In elf-stats-glittering-nutcracker-591
5.2
Medium
Ecosystem: Npm
Package: elf-stats-glittering-nutcracker-591
FLAT-IP96O (MAL-2025-192110)
Use of software with malware In elf-stats-nutmeg-nutcracker-538
5.2
Medium
Ecosystem: Npm
Package: elf-stats-nutmeg-nutcracker-538
FLAT-FYXDD (MAL-2025-191952)
Use of software with malware In angular-trackjs
5.2
Medium
Ecosystem: Npm
Package: angular-trackjs
FLAT-GG3KD (MAL-2025-191289)
Use of software with malware In @posthog/bitbucket-release-tracker
5.2
Medium
Ecosystem: Npm
Package: @posthog/bitbucket-release-tracker
FLAT-O7ATM (MAL-2025-191326)
Use of software with malware In @trackstar/test-package
5.2
Medium
Ecosystem: Npm
Package: @trackstar/test-package
FLAT-JDLDU (MAL-2025-191325)
Use of software with malware In @trackstar/test-angular-package
5.2
Medium
Ecosystem: Npm
Package: @trackstar/test-angular-package
FLAT-DNYFK (MAL-2025-191324)
Use of software with malware In @trackstar/react-trackstar-link-upgrade
5.2
Medium
Ecosystem: Npm
Package: @trackstar/react-trackstar-link-upgrade
FLAT-YEQ53 (MAL-2025-191323)
Use of software with malware In @trackstar/react-trackstar-link
5.2
Medium
Ecosystem: Npm
Package: @trackstar/react-trackstar-link
FLAT-JVWD3 (MAL-2025-191322)
Use of software with malware In @trackstar/angular-trackstar-link
5.2
Medium
Ecosystem: Npm
Package: @trackstar/angular-trackstar-link
FLAT-KRNQ0 (MAL-2025-190880)
Use of software with malware In @posthog/github-release-tracking-plugin
5.2
Medium
Ecosystem: Npm
Package: @posthog/github-release-tracking-plugin
FLAT-5XNKQ (MAL-2025-190878)
Use of software with malware In @posthog/first-time-event-tracker
5.2
Medium
Ecosystem: Npm
Package: @posthog/first-time-event-tracker
FLAT-EHJFJ (MAL-2025-190835)
Use of software with malware In capacitor-plugin-apptrackingios
5.2
Medium
Ecosystem: Npm
Package: capacitor-plugin-apptrackingios
FLAT-T1LWH (CVE-2025-64758)
Server side cross-site scripting In @dependencytrack/frontend
2.1
Low
Ecosystem: Npm
Package: @dependencytrack/frontend
FLAT-OF4WZ (DSA-6048-1)
Insecure HTTP methods enabled In ruby-rack
0.6
Low
Ecosystem: Debian
Package: ruby-rack
FLAT-AZL0D (DLA-4357-1)
Insecure HTTP methods enabled In ruby-rack
0.6
Low
Ecosystem: Debian
Package: ruby-rack
FLAT-G4CE0 (MAL-2025-49198)
Use of software with malware In epic-tracking
5.2
Medium
Ecosystem: Npm
Package: epic-tracking
FLAT-2NYHA (CVE-2025-10927)
Reflected cross-site scripting (XSS) In drupal/plausible_tracking
0.6
Low
Ecosystem: Packagist
Package: drupal/plausible_tracking
FLAT-PJHZC (MAL-2025-49074)
Use of software with malware In xo-tracking
5.2
Medium
Ecosystem: Npm
Package: xo-tracking
FLAT-QFNP6 (DLA-4349-1)
Traceability loss In request-tracker4
0.5
Low
Ecosystem: Debian
Package: request-tracker4
FLAT-QJYVA (CVE-2025-9158)
Server side cross-site scripting In request-tracker5
1.3
Low
Ecosystem: Debian
Package: request-tracker5
FLAT-G4QSX (CVE-2025-61873)
OS Command Injection In request-tracker4
7.3
High
Ecosystem: Debian
Package: request-tracker4
FLAT-GBHFY (DSA-6031-1)
Insecure session expiration time In request-tracker5
1.1
Low
Ecosystem: Debian
Package: request-tracker5
FLAT-BLV79 (DSA-6032-1)
Traceability loss In request-tracker4
0.5
Low
Ecosystem: Debian
Package: request-tracker4
FLAT-65JD0 (MAL-2025-48440)
Use of software with malware In usage-tracker-secured
5.2
Medium
Ecosystem: Npm
Package: usage-tracker-secured
FLAT-V7594 (CVE-2025-62242)
Improper authorization control for web services In com.liferay:com.liferay.change.tracking.web
1.3
Low
Ecosystem: Maven
Package: com.liferay:com.liferay.change.tracking.web
FLAT-I3M52 (CVE-2025-62244)
Improper authorization control for web services In com.liferay:com.liferay.change.tracking.web
1.1
Low
Ecosystem: Maven
Package: com.liferay:com.liferay.change.tracking.web
FLAT-CJ7ZD (CVE-2025-62243)
Authentication mechanism absence or evasion In com.liferay:com.liferay.change.tracking.web
1.3
Low
Ecosystem: Maven
Package: com.liferay:com.liferay.change.tracking.web
FLAT-AVXTI (CVE-2025-62245)
Cross-site request forgery In com.liferay:com.liferay.change.tracking.web
1.2
Low
Ecosystem: Maven
Package: com.liferay:com.liferay.change.tracking.web
FLAT-DGMH7 (CVE-2025-61919)
Improper resource allocation In ruby-rack
6.6
Medium
Ecosystem: Debian
Package: ruby-rack
FLAT-IPOGX (CVE-2025-61780)
Improper authorization control for web services In rack
0.5
Low
Ecosystem: RubyGems
Package: rack
FLAT-BWB36 (CVE-2025-61772)
Technical information leak In rack
2.7
Low
Ecosystem: RubyGems
Package: rack
FLAT-4BQQD (CVE-2025-61771)
Improper resource allocation In rack
6.6
Medium
Ecosystem: RubyGems
Package: rack
FLAT-LSU8L (CVE-2025-61770)
Improper resource allocation In rack
6.6
Medium
Ecosystem: RubyGems
Package: rack
FLAT-C2S50 (MAL-2025-47867)
Use of software with malware In rack-test
5.2
Medium
Ecosystem: Npm
Package: rack-test
FLAT-9UDZO (CVE-2025-59830)
Asymmetric denial of service In rack
6.6
Medium
Ecosystem: RubyGems
Package: rack
FLAT-BMH61 (MAL-2025-47535)
Use of software with malware In @sev-ui-verse/event-tracking
5.2
Medium
Ecosystem: Npm
Package: @sev-ui-verse/event-tracking
FLAT-4P5HC (CVE-2025-43807)
Server side cross-site scripting In com.liferay:com.liferay.change.tracking.service
1.1
Low
Ecosystem: Maven
Package: com.liferay:com.liferay.change.tracking.service
FLAT-ET9QH (MAL-2025-47012)
Use of software with malware In airbnb-with-tracking
5.2
Medium
Ecosystem: Npm
Package: airbnb-with-tracking
FLAT-NMJ84 (MAL-2025-41753)
Use of software with malware In rsacracker
5.2
Medium
Ecosystem: PyPI
Package: rsacracker
FLAT-ENCV7 (MAL-2025-41405)
Use of software with malware In react-event-tracker1
5.2
Medium
Ecosystem: Npm
Package: react-event-tracker1
FLAT-AOZVH (MAL-2025-41404)
Use of software with malware In react-event-tracker-dpdpoc
5.2
Medium
Ecosystem: Npm
Package: react-event-tracker-dpdpoc
FLAT-C8PSL (MAL-2025-17654)
Use of software with malware In crackbot
5.2
Medium
Ecosystem: Npm
Package: crackbot