FLAT-EZXUM (MAL-2026-5132)
Use of software with malware In rookie-security-test-pkg
5.2
Medium
Ecosystem: Npm
Package: rookie-security-test-pkg
FLAT-JP2ZY (CVE-2026-47423)
Reflected cross-site scripting (XSS) In dompurify
6.5
Medium
Ecosystem: Npm
Package: dompurify
FLAT-Q69F6 (MAL-2026-4967)
Use of software with malware In @cloudplatform-single-spa/security-groups
5.2
Medium
Ecosystem: Npm
Package: @cloudplatform-single-spa/security-groups
FLAT-XOJZX (CVE-2026-45075)
Authentication mechanism absence or evasion In symfony/security-http
6.2
Medium
Ecosystem: Packagist
Package: symfony/security-http
FLAT-II2BQ (CVE-2026-44982)
Security controls bypass or absence In github.com/crowdsecurity/crowdsec
2.7
Low
Ecosystem: Go
Package: github.com/crowdsecurity/crowdsec
FLAT-TA1IP (CVE-2026-44981)
Excessive privileges In github.com/crowdsecurity/crowdsec
4.6
Medium
Ecosystem: Go
Package: github.com/crowdsecurity/crowdsec
FLAT-JTBD8 (MAL-2026-4337)
Use of software with malware In wm-plugin-create-iframe-capturing
5.2
Medium
Ecosystem: Npm
Package: wm-plugin-create-iframe-capturing
FLAT-8RMB5 (MAL-2026-4261)
Use of software with malware In eth-security-auditor
5.2
Medium
Ecosystem: PyPI
Package: eth-security-auditor
FLAT-FN4MV (CVE-2026-46715)
Authentication mechanism absence or evasion In flask-security-too
0.6
Low
Ecosystem: PyPI
Package: flask-security-too
FLAT-4QZBB (MAL-2026-4238)
Use of software with malware In env-security-scanner
5.2
Medium
Ecosystem: Npm
Package: env-security-scanner
FLAT-DE1SR (MAL-2026-4696)
Use of software with malware In turing-sdk
5.2
Medium
Ecosystem: Npm
Package: turing-sdk
FLAT-ANBU2 (MAL-2026-4219)
Use of software with malware In wallet-security-checker
5.2
Medium
Ecosystem: Npm
Package: wallet-security-checker
FLAT-0AG5Z (MAL-2026-4665)
Use of software with malware In security-env-loader
5.2
Medium
Ecosystem: Npm
Package: security-env-loader
FLAT-A2ZKB (MAL-2026-4157)
Use of software with malware In uri-parse
5.2
Medium
Ecosystem: Npm
Package: uri-parse
FLAT-BUHH9 (CVE-2026-45609)
Server-side request forgery (SSRF) In org.springaicommunity:mcp-client-security
1.7
Low
Ecosystem: Maven
Package: org.springaicommunity:mcp-client-security
FLAT-2EZ3C (CVE-2026-33117)
Authentication mechanism absence or evasion In com.azure:azure-security-keyvault-keys
8.0
High
Ecosystem: Maven
Package: com.azure:azure-security-keyvault-keys
FLAT-NY4UI (CVE-2026-42268)
Out-of-bounds read In mod_security
4.6
Medium
Ecosystem: RPM
Package: mod_security
FLAT-RNLLD (CVE-2026-6322)
Remote command execution In fast-uri
6.5
Medium
Ecosystem: Npm
Package: fast-uri
FLAT-5SSWJ (CVE-2026-6321)
Lack of data validation - Type confusion In fast-uri
7.8
High
Ecosystem: Npm
Package: fast-uri
FLAT-TT5P0 (CVE-2026-44928)
Lack of data validation In uriparser
1.2
Low
Ecosystem: Debian
Package: uriparser
FLAT-JTQL2 (CVE-2026-44927)
Lack of data validation - Type confusion In uriparser
0.5
Low
Ecosystem: Debian
Package: uriparser
FLAT-ETYBG (GHSA-x5hg-x4gv-j98m)
Insecure digital certificates In org.opensearch.plugin:opensearch-security
3.7
Low
Ecosystem: Maven
Package: org.opensearch.plugin:opensearch-security
FLAT-GLVF7 (GHSA-x83w-23jp-g6pw)
Authentication mechanism absence or evasion In org.opensearch.plugin:opensearch-security
2.3
Low
Ecosystem: Maven
Package: org.opensearch.plugin:opensearch-security
FLAT-YHHAK (GHSA-22vx-2x23-98w6)
Authentication mechanism absence or evasion In org.opensearch.plugin:opensearch-security
0.5
Low
Ecosystem: Maven
Package: org.opensearch.plugin:opensearch-security
FLAT-7PJD9 (GHSA-83x9-vc3c-hghc)
Authentication mechanism absence or evasion In org.opensearch.plugin:opensearch-security
1.7
Low
Ecosystem: Maven
Package: org.opensearch.plugin:opensearch-security
FLAT-RQ0VH (CVE-2026-42184)
Server-side request forgery (SSRF) In tauri
2.4
Low
Ecosystem: Cargo
Package: tauri
FLAT-3LBJK (CVE-2026-30923)
Asymmetric denial of service In modsecurity
4.6
Medium
Ecosystem: Debian
Package: modsecurity
FLAT-P5CA0 (GHSA-g485-8j3v-p6x8)
Server side cross-site scripting In @tdurieux/anonymous_github
7.5
High
Ecosystem: Npm
Package: @tdurieux/anonymous_github
FLAT-BGRPC (MAL-2026-3209)
Use of software with malware In apple-internal-security-library-v99
5.2
Medium
Ecosystem: Npm
Package: apple-internal-security-library-v99
FLAT-AD243 (MAL-2026-3305)
Use of software with malware In apple-internal-security-audit-v99
5.2
Medium
Ecosystem: Npm
Package: apple-internal-security-audit-v99
FLAT-FV8T8 (MAL-2026-3188)
Use of software with malware In apple-security-internal-scanner-v3
5.2
Medium
Ecosystem: Npm
Package: apple-security-internal-scanner-v3
FLAT-I4SUE (CVE-2026-42519)
Improper authorization control for web services In org.jenkins-ci.plugins:script-security
1.3
Low
Ecosystem: Maven
Package: org.jenkins-ci.plugins:script-security
FLAT-7NS07 (CVE-2026-42371)
Lack of data validation - Type confusion In uriparser
3.6
Low
Ecosystem: Debian
Package: uriparser
FLAT-HOA76 (CVE-2026-41239)
Reflected cross-site scripting (XSS) In node-dompurify
5.9
Medium
Ecosystem: Debian
Package: node-dompurify
FLAT-IBKC7 (CVE-2026-41240)
Reflected cross-site scripting (XSS) In node-dompurify
2.3
Low
Ecosystem: Debian
Package: node-dompurify
FLAT-6YQL7 (CVE-2026-41238)
Prototype Pollution In node-dompurify
4.0
Medium
Ecosystem: Debian
Package: node-dompurify
FLAT-R748Y (CVE-2026-22748)
Lack of data validation In org.springframework.security:spring-security-oauth2-jose
3.9
Low
Ecosystem: Maven
Package: org.springframework.security:spring-security-oauth2-jose
FLAT-SI4VN (CVE-2026-22754)
Improper authorization control for web services In org.springframework.security:spring-security-config
6.5
Medium
Ecosystem: Maven
Package: org.springframework.security:spring-security-config
FLAT-X6XP9 (CVE-2026-22753)
Security controls bypass or absence In org.springframework.security:spring-security-config
6.5
Medium
Ecosystem: Maven
Package: org.springframework.security:spring-security-config
FLAT-Y16TM (CVE-2026-22747)
Insecure digital certificates In org.springframework.security:spring-security-web
8.1
High
Ecosystem: Maven
Package: org.springframework.security:spring-security-web
FLAT-A1NYK (CVE-2026-22746)
Lack of data validation - Path Traversal In org.springframework.security:spring-security-core
1.7
Low
Ecosystem: Maven
Package: org.springframework.security:spring-security-core
FLAT-DF7FE (CVE-2026-22751)
Race condition In org.springframework.security:spring-security-core
1.7
Low
Ecosystem: Maven
Package: org.springframework.security:spring-security-core
FLAT-287TH (MAL-2026-2961)
Use of software with malware In apple-internal-security-poc-frank
5.2
Medium
Ecosystem: Npm
Package: apple-internal-security-poc-frank
FLAT-GXI30 (MAL-2026-2828)
Use of software with malware In express-security-policy
5.2
Medium
Ecosystem: Npm
Package: express-security-policy
FLAT-GWP3J (GHSA-39q2-94rc-95cp)
Insecure functionality In dompurify
1.3
Low
Ecosystem: Npm
Package: dompurify
FLAT-UPWXU (CVE-2026-26171)
Asymmetric denial of service - ReDoS In system.security.cryptography.xml
7.7
High
Ecosystem: NuGet
Package: system.security.cryptography.xml
FLAT-CJMWA (CVE-2026-33116)
Improper resource allocation In system.security.cryptography.xml
7.7
High
Ecosystem: NuGet
Package: system.security.cryptography.xml
FLAT-NC7UX (MAL-2026-2505)
Use of software with malware In @aspect-security/argon2
5.2
Medium
Ecosystem: Npm
Package: @aspect-security/argon2
FLAT-4WFUH (CVE-2021-32618)
Uncontrolled external site redirect In python-flask-security-too
0.5
Low
Ecosystem: Alpm
Package: python-flask-security-too
FLAT-LXEO5 (CVE-2021-46141)
Inappropriate coding practices In uriparser
4.0
Medium
Ecosystem: Alpm
Package: uriparser
FLAT-T5955 (CVE-2021-46142)
Inappropriate coding practices In uriparser
4.0
Medium
Ecosystem: Alpm
Package: uriparser
FLAT-MY1IN (CVE-2021-21241)
Cross-site request forgery In python-flask-security-too
5.7
Medium
Ecosystem: Alpm
Package: python-flask-security-too
FLAT-TTLIU (CVE-2017-1000115)
Insecure session management In mercurial
6.6
Medium
Ecosystem: Alpm
Package: mercurial
FLAT-Q0VN7 (CVE-2017-1000116)
OS Command Injection In mercurial
5.9
Medium
Ecosystem: Alpm
Package: mercurial
FLAT-VEX2D (MAL-2026-2499)
Use of software with malware In nerite-security-audit
5.2
Medium
Ecosystem: Npm
Package: nerite-security-audit
FLAT-RQ2RR (GHSA-cjmm-f4jc-qw8r)
Improper resource allocation In dompurify
1.3
Low
Ecosystem: Npm
Package: dompurify
FLAT-BCE3W (GHSA-cj63-jhhr-wcxv)
Prototype Pollution In dompurify
1.3
Low
Ecosystem: Npm
Package: dompurify
FLAT-COM5J (CVE-2026-33691)
Insecure file upload In modsecurity-crs
8.1
High
Ecosystem: Debian
Package: modsecurity-crs
FLAT-3GDS9 (CVE-2026-31934)
Improper resource allocation In suricata
6.3
Medium
Ecosystem: Debian
Package: suricata
FLAT-PZIH8 (CVE-2026-31935)
Asymmetric denial of service In suricata
7.7
High
Ecosystem: Debian
Package: suricata
FLAT-R3XUJ (CVE-2026-31937)
Asymmetric denial of service In suricata
7.7
High
Ecosystem: Debian
Package: suricata
FLAT-WTMG8 (CVE-2026-31932)
Asymmetric denial of service In suricata
6.6
Medium
Ecosystem: Debian
Package: suricata
FLAT-IGQAM (CVE-2026-31933)
Asymmetric denial of service In suricata
4.6
Medium
Ecosystem: Debian
Package: suricata
FLAT-P8KFN (CVE-2026-31931)
Asymmetric denial of service In suricata
7.7
High
Ecosystem: Debian
Package: suricata
FLAT-N3GBE (GHSA-h8r8-wccr-v5f2)
Reflected cross-site scripting (XSS) In dompurify
2.7
Low
Ecosystem: Npm
Package: dompurify
FLAT-JLN3O (MAL-2026-2234)
Use of software with malware In security-install-analytics
5.2
Medium
Ecosystem: Npm
Package: security-install-analytics
FLAT-DRUWZ (CVE-2026-33634)
Use of software with malware In github.com/aquasecurity/trivy
7.7
High
Ecosystem: Go
Package: github.com/aquasecurity/trivy
FLAT-QIEA7 (MAL-2026-2083)
Use of software with malware In anduril-sdk
5.2
Medium
Ecosystem: PyPI
Package: anduril-sdk
FLAT-L08SS (CVE-2026-22732)
Server-side request forgery (SSRF) In org.springframework.security:spring-security-web
6.5
Medium
Ecosystem: Maven
Package: org.springframework.security:spring-security-web
FLAT-SD35J (MAL-2026-1851)
Use of software with malware In snort-security-tool
5.2
Medium
Ecosystem: Npm
Package: snort-security-tool
FLAT-7R0OW (MAL-2026-1733)
Use of software with malware In express-security-suite-2024
5.2
Medium
Ecosystem: Npm
Package: express-security-suite-2024
FLAT-GV05W (MAL-2026-1662)
Use of software with malware In blob-internal-security-test-f63eabf7
5.2
Medium
Ecosystem: Npm
Package: blob-internal-security-test-f63eabf7
FLAT-SEESA (MAL-2026-1659)
Use of software with malware In bcp-security-updates
5.2
Medium
Ecosystem: Npm
Package: bcp-security-updates
FLAT-MW7TE (MAL-2026-1658)
Use of software with malware In bcp-security-update
5.2
Medium
Ecosystem: Npm
Package: bcp-security-update
FLAT-APFEU (MAL-2026-1466)
Use of software with malware In supplychain-security-demo
5.2
Medium
Ecosystem: Npm
Package: supplychain-security-demo
FLAT-8IVXL (CVE-2026-32600)
Missing subresource integrity check In simplesamlphp/xml-security
8.1
High
Ecosystem: Packagist
Package: simplesamlphp/xml-security
FLAT-2UQB5 (MAL-2026-1416)
Use of software with malware In twitch-security
5.2
Medium
Ecosystem: Npm
Package: twitch-security
FLAT-KV3OA (CVE-2026-30241)
Authentication mechanism absence or evasion In mercurius
2.7
Low
Ecosystem: Npm
Package: mercurius
FLAT-H09AC (CVE-2025-64166)
Cross-site request forgery In mercurius
1.3
Low
Ecosystem: Npm
Package: mercurius
FLAT-V6BX7 (CVE-2026-0540)
Reflected cross-site scripting (XSS) In dompurify
1.2
Low
Ecosystem: Npm
Package: dompurify
FLAT-MBX0F (CVE-2025-15599)
Reflected cross-site scripting (XSS) In dompurify
1.2
Low
Ecosystem: Npm
Package: dompurify
FLAT-3J38F (GHSA-gj6x-q8rh-wj6x)
Technical information leak - Logs In github.com/filecoin-project/curio
4.9
Medium
Ecosystem: Go
Package: github.com/filecoin-project/curio
FLAT-X3OL3 (MAL-2026-997)
Use of software with malware In npm-security-testing
5.2
Medium
Ecosystem: Npm
Package: npm-security-testing
FLAT-YB7XS (DLA-4488-1)
Server-side request forgery (SSRF) In modsecurity-crs
6.7
Medium
Ecosystem: Debian
Package: modsecurity-crs
FLAT-FAF4W (CVE-2026-21218)
Use of software with malware In system.security.cryptography.cose
6.6
Medium
Ecosystem: NuGet
Package: system.security.cryptography.cose
FLAT-X5TFI (CVE-2026-23906)
Authentication mechanism absence or evasion In org.apache.druid.extensions:druid-basic-security
8.1
High
Ecosystem: Maven
Package: org.apache.druid.extensions:druid-basic-security
FLAT-ZR5TF (DLA-4471-1)
Non-upgradable dependencies In debian-security-support
0.6
Low
Ecosystem: Debian
Package: debian-security-support
FLAT-HKHZM (CVE-2018-1199)
Lack of data validation In org.springframework.security:spring-security-web
2.7
Low
Ecosystem: Maven
Package: org.springframework.security:spring-security-web
FLAT-9WY0E (CVE-2016-9879)
Security controls bypass or absence In org.springframework.security:spring-security-web
0.6
Low
Ecosystem: Maven
Package: org.springframework.security:spring-security-web
FLAT-PJMSS (CVE-2026-22264)
Out-of-bounds read In suricata
6.7
Medium
Ecosystem: Debian
Package: suricata
FLAT-LW492 (CVE-2026-22263)
Asymmetric denial of service - ReDoS In suricata
1.7
Low
Ecosystem: Debian
Package: suricata
FLAT-B06OJ (CVE-2026-22262)
Improper resource allocation - Buffer overflow In suricata
6.4
Medium
Ecosystem: Debian
Package: suricata
FLAT-QKGDO (CVE-2026-22261)
Asymmetric denial of service In suricata
1.7
Low
Ecosystem: Debian
Package: suricata
FLAT-YFI63 (CVE-2026-22260)
Asymmetric denial of service In suricata
6.3
Medium
Ecosystem: Debian
Package: suricata
FLAT-YHEJN (CVE-2026-22259)
Asymmetric denial of service In suricata
6.3
Medium
Ecosystem: Debian
Package: suricata
FLAT-R3PR7 (CVE-2026-22258)
Asymmetric denial of service In suricata
4.6
Medium
Ecosystem: Debian
Package: suricata
FLAT-6MLRH (CVE-2025-22234)
Lack of data validation - Path Traversal In org.springframework.security:spring-security-core
1.7
Low
Ecosystem: Maven
Package: org.springframework.security:spring-security-core
FLAT-55HN8 (MAL-2026-440)
Use of software with malware In anduril-lattice-sdk-grpc-python
5.2
Medium
Ecosystem: PyPI
Package: anduril-lattice-sdk-grpc-python
FLAT-UGX80 (DSA-6105-1)
Server-side request forgery (SSRF) In modsecurity-crs
6.7
Medium
Ecosystem: Debian
Package: modsecurity-crs
FLAT-6TT81 (MAL-2026-344)
Use of software with malware In ofjaaah-security-lib
5.2
Medium
Ecosystem: Npm
Package: ofjaaah-security-lib