FLAT-X3XG5 (MAL-2026-5263)
Use of software with malware In node-env-resolver-aws
5.2
Medium
Ecosystem: Npm
Package: node-env-resolver-aws
FLAT-GFE8N (MAL-2026-5214)
Use of software with malware In autotel-aws
5.2
Medium
Ecosystem: Npm
Package: autotel-aws
FLAT-1BCMQ (CVE-2026-49143)
Server side template injection In browserstack-runner
6.3
Medium
Ecosystem: Npm
Package: browserstack-runner
FLAT-6A1S9 (CVE-2026-49144)
Lack of data validation - Path Traversal In browserstack-runner
4.9
Medium
Ecosystem: Npm
Package: browserstack-runner
FLAT-0YK21 (CVE-2026-10768)
Enabled default configuration In drupal/localgov_workflows
2.7
Low
Ecosystem: Packagist
Package: drupal/localgov_workflows
FLAT-R2HS0 (CVE-2026-47428)
Reflected cross-site scripting (XSS) In @vitest/browser
5.8
Medium
Ecosystem: Npm
Package: @vitest/browser
FLAT-NR1B9 (MAL-2026-5101)
Use of software with malware In @antoncallahan/aws-user-helper
5.2
Medium
Ecosystem: Npm
Package: @antoncallahan/aws-user-helper
FLAT-AGPDC (CVE-2026-47074)
Insecure digital certificates In ex_aws_sns
6.6
Medium
Ecosystem: Hex
Package: ex_aws_sns
FLAT-YAB2V (MAL-2026-4822)
Use of software with malware In loadtest-browser-lib
5.2
Medium
Ecosystem: Npm
Package: loadtest-browser-lib
FLAT-U73CU (MAL-2026-4355)
Use of software with malware In mistral-workflows-plugins-webhook
5.2
Medium
Ecosystem: PyPI
Package: mistral-workflows-plugins-webhook
FLAT-CO0NR (MAL-2026-4354)
Use of software with malware In mistral-workflows-plugins-mistralai
5.2
Medium
Ecosystem: PyPI
Package: mistral-workflows-plugins-mistralai
FLAT-0RYD9 (MAL-2026-4353)
Use of software with malware In mistral-workflows
5.2
Medium
Ecosystem: PyPI
Package: mistral-workflows
FLAT-AXR2P (GHSA-qqqm-5547-774x)
Lack of data validation - Path Traversal In github.com/gtsteffaniak/filebrowser/backend
8.0
High
Ecosystem: Go
Package: github.com/gtsteffaniak/filebrowser/backend
FLAT-1KS41 (GHSA-vrxg-gm77-7q5g)
Authentication mechanism absence or evasion In windows-mcp
8.1
High
Ecosystem: PyPI
Package: windows-mcp
FLAT-DX7HX (CVE-2026-46410)
Business information leak In github.com/gtsteffaniak/filebrowser
6.6
Medium
Ecosystem: Go
Package: github.com/gtsteffaniak/filebrowser
FLAT-KT5BV (CVE-2026-35433)
Lack of data validation In microsoft.windowsdesktop.app.runtime.win-arm64
7.1
High
Ecosystem: NuGet
Package: microsoft.windowsdesktop.app.runtime.win-arm64
FLAT-8ZKBM (CVE-2026-45736)
Sensitive information sent insecurely In ws
3.6
Low
Ecosystem: Npm
Package: ws
FLAT-6P7YH (CVE-2026-45727)
Lack of data validation - Path Traversal In cloakbrowser
6.7
Medium
Ecosystem: PyPI
Package: cloakbrowser
FLAT-U9RE5 (CVE-2026-8503)
Insecure generation of random numbers In libapache-session-browseable-perl
2.7
Low
Ecosystem: Debian
Package: libapache-session-browseable-perl
FLAT-152JX (MAL-2026-3786)
Use of software with malware In browser-interaction-time-utils
5.2
Medium
Ecosystem: Npm
Package: browser-interaction-time-utils
FLAT-360KK (MAL-2026-3785)
Use of software with malware In browser-interaction-time-demo
5.2
Medium
Ecosystem: Npm
Package: browser-interaction-time-demo
FLAT-C1QPV (MAL-2026-3612)
Use of software with malware In jwscube
5.2
Medium
Ecosystem: Npm
Package: jwscube
FLAT-DXO2L (MAL-2026-3565)
Use of software with malware In @uipath/packager-tool-workflowcompiler-browser
5.2
Medium
Ecosystem: Npm
Package: @uipath/packager-tool-workflowcompiler-browser
FLAT-NF99C (CVE-2026-25244)
Remote command execution In @wdio/browserstack-service
5.9
Medium
Ecosystem: Npm
Package: @wdio/browserstack-service
FLAT-NZIHE (MAL-2026-3422)
Use of software with malware In rsflows-pexml
5.2
Medium
Ecosystem: Npm
Package: rsflows-pexml
FLAT-NRR79 (MAL-2026-3419)
Use of software with malware In msal-browser-1p
5.2
Medium
Ecosystem: Npm
Package: msal-browser-1p
FLAT-C5N7Z (GHSA-v7qw-hx66-4w9x)
Server side cross-site scripting In netbox-data-flows
5.7
Medium
Ecosystem: PyPI
Package: netbox-data-flows
FLAT-LUV0J (GHSA-mmpx-jh39-wrv6)
Server side cross-site scripting In github.com/gtsteffaniak/filebrowser
1.1
Low
Ecosystem: Go
Package: github.com/gtsteffaniak/filebrowser
FLAT-QLDIW (CVE-2026-44542)
Lack of data validation - Path Traversal In github.com/gtsteffaniak/filebrowser
6.7
Medium
Ecosystem: Go
Package: github.com/gtsteffaniak/filebrowser
FLAT-K9XIG (GHSA-fc67-c4hg-q653)
OS Command Injection In github.com/aws/amazon-ecs-agent
5.9
Medium
Ecosystem: Go
Package: github.com/aws/amazon-ecs-agent
FLAT-JZD26 (CVE-2026-44308)
Insufficient data authenticity validation In io.awspring.cloud:spring-cloud-aws-sns
1.7
Low
Ecosystem: Maven
Package: io.awspring.cloud:spring-cloud-aws-sns
FLAT-EP9P9 (CVE-2026-42295)
Weak credential policy In github.com/argoproj/argo-workflows/v4
6.0
Medium
Ecosystem: Go
Package: github.com/argoproj/argo-workflows/v4
FLAT-QC6RS (CVE-2026-42296)
Authentication mechanism absence or evasion In github.com/argoproj/argo-workflows/v4
6.0
Medium
Ecosystem: Go
Package: github.com/argoproj/argo-workflows/v4
FLAT-CHMBZ (CVE-2026-42294)
Inadequate file size control In github.com/argoproj/argo-workflows/v4
4.6
Medium
Ecosystem: Go
Package: github.com/argoproj/argo-workflows/v4
FLAT-OUBBP (CVE-2026-42183)
Asymmetric denial of service In github.com/argoproj/argo-workflows/v4
0.6
Low
Ecosystem: Go
Package: github.com/argoproj/argo-workflows/v4
FLAT-7JDPO (CVE-2026-42297)
Improper authorization control for web services In github.com/argoproj/argo-workflows/v4
5.8
Medium
Ecosystem: Go
Package: github.com/argoproj/argo-workflows/v4
FLAT-YDCXR (MAL-2026-3314)
Use of software with malware In update-browserslist
5.2
Medium
Ecosystem: Npm
Package: update-browserslist
FLAT-Q5YD9 (MAL-2026-3307)
Use of software with malware In browserslist-db
5.2
Medium
Ecosystem: Npm
Package: browserslist-db
FLAT-TUBRD (CVE-2026-6550)
Insecure encryption algorithm In aws-encryption-sdk
1.9
Low
Ecosystem: PyPI
Package: aws-encryption-sdk
FLAT-3KX0Q (CVE-2026-42190)
Cross-site request forgery In rwsdk
3.8
Low
Ecosystem: Npm
Package: rwsdk
FLAT-AHQ3J (CVE-2026-41173)
Improper resource allocation In opentelemetry.sampler.aws
6.3
Medium
Ecosystem: NuGet
Package: opentelemetry.sampler.aws
FLAT-IPC6A (CVE-2026-40886)
Lack of data validation In github.com/argoproj/argo-workflows/v4
5.7
Medium
Ecosystem: Go
Package: github.com/argoproj/argo-workflows/v4
FLAT-V2I2E (CVE-2026-6437)
Insecure functionality In github.com/kubernetes-sigs/aws-efs-csi-driver
3.6
Low
Ecosystem: Go
Package: github.com/kubernetes-sigs/aws-efs-csi-driver
FLAT-2LZSZ (MAL-2026-2785)
Use of software with malware In nemo-jaws
5.2
Medium
Ecosystem: Npm
Package: nemo-jaws
FLAT-NR0FJ (MAL-2026-2776)
Use of software with malware In int-browsing-gateway
5.2
Medium
Ecosystem: Npm
Package: int-browsing-gateway
FLAT-WWGNA (MAL-2026-2730)
Use of software with malware In browserstack-utils
5.2
Medium
Ecosystem: Npm
Package: browserstack-utils
FLAT-8C599 (CVE-2026-5059)
OS Command Injection In aws-mcp
9.1
Critical
Ecosystem: PyPI
Package: aws-mcp
FLAT-O0VXW (GHSA-xmrv-pmrh-hhx2)
Lack of data validation In github.com/aws/aws-sdk-go-v2/service/bedrockagentcore
6.3
Medium
Ecosystem: Go
Package: github.com/aws/aws-sdk-go-v2/service/bedrockagentcore
FLAT-UFECT (CVE-2026-39371)
Cross-site request forgery In rwsdk
3.8
Low
Ecosystem: Npm
Package: rwsdk
FLAT-29EZ1 (CVE-2026-35607)
Excessive privileges In github.com/filebrowser/filebrowser/v2
8.3
High
Ecosystem: Go
Package: github.com/filebrowser/filebrowser/v2
FLAT-6H7RU (CVE-2026-35606)
Improper authorization control for web services In github.com/filebrowser/filebrowser/v2
1.3
Low
Ecosystem: Go
Package: github.com/filebrowser/filebrowser/v2
FLAT-34YBC (CVE-2026-35604)
Authentication mechanism absence or evasion In github.com/filebrowser/filebrowser/v2
4.6
Medium
Ecosystem: Go
Package: github.com/filebrowser/filebrowser/v2
FLAT-H3V80 (CVE-2026-35605)
Lack of data validation - Path Traversal In github.com/filebrowser/filebrowser/v2
1.7
Low
Ecosystem: Go
Package: github.com/filebrowser/filebrowser/v2
FLAT-ZFMFB (CVE-2026-35585)
OS Command Injection In github.com/filebrowser/filebrowser/v2
4.8
Medium
Ecosystem: Go
Package: github.com/filebrowser/filebrowser/v2
FLAT-1NK9Q (CVE-2026-32761)
Improper authorization control for web services In github.com/filebrowser/filebrowser
2.3
Low
Ecosystem: Go
Package: github.com/filebrowser/filebrowser
FLAT-LPTQW (CVE-2020-11054)
Insecure functionality In qutebrowser
0.4
Low
Ecosystem: Alpm
Package: qutebrowser
FLAT-ZQE26 (CVE-2018-1000559)
Reflected cross-site scripting (XSS) In qutebrowser
1.3
Low
Ecosystem: Alpm
Package: qutebrowser
FLAT-5HK5D (CVE-2021-37746)
Lack of data validation In claws-mail
1.2
Low
Ecosystem: Alpm
Package: claws-mail
FLAT-YMXNT (CVE-2020-35176)
Lack of data validation - Path Traversal In awstats
2.7
Low
Ecosystem: Alpm
Package: awstats
FLAT-DGXLJ (CVE-2018-10895)
Cross-site request forgery In qutebrowser
6.3
Medium
Ecosystem: Alpm
Package: qutebrowser
FLAT-HNGBL (CVE-2026-34530)
Server side cross-site scripting In github.com/filebrowser/filebrowser/v2
3.8
Low
Ecosystem: Go
Package: github.com/filebrowser/filebrowser/v2
FLAT-BB8KZ (CVE-2026-34528)
Excessive privileges In github.com/filebrowser/filebrowser/v2
8.4
High
Ecosystem: Go
Package: github.com/filebrowser/filebrowser/v2
FLAT-PL6GW (CVE-2026-34529)
Server side cross-site scripting In github.com/filebrowser/filebrowser/v2
5.7
Medium
Ecosystem: Go
Package: github.com/filebrowser/filebrowser/v2
FLAT-A2M2V (GHSA-mvm6-f9r3-fgfx)
Lack of data validation In awssdk.cloudfront
4.4
Medium
Ecosystem: NuGet
Package: awssdk.cloudfront
FLAT-KWOCV (GHSA-443w-3rq3-5m5h)
Lack of data validation In software.amazon.awssdk:cloudfront
4.4
Medium
Ecosystem: Maven
Package: software.amazon.awssdk:cloudfront
FLAT-Q8SBU (GHSA-27qh-8cxx-2cr5)
Lack of data validation In aws/aws-sdk-php
4.4
Medium
Ecosystem: Packagist
Package: aws/aws-sdk-php
FLAT-Q13DC (MAL-2026-2243)
Use of software with malware In browserstack-electron-forge-include-package-plugin
5.2
Medium
Ecosystem: Npm
Package: browserstack-electron-forge-include-package-plugin
FLAT-2TIS6 (CVE-2026-32760)
Excessive privileges In github.com/filebrowser/filebrowser
9.1
Critical
Ecosystem: Go
Package: github.com/filebrowser/filebrowser
FLAT-ZE3BV (CVE-2026-32759)
Out-of-bounds read In github.com/filebrowser/filebrowser
1.3
Low
Ecosystem: Go
Package: github.com/filebrowser/filebrowser
FLAT-87R7T (CVE-2026-32758)
Lack of data validation - Path Traversal In github.com/filebrowser/filebrowser
5.7
Medium
Ecosystem: Go
Package: github.com/filebrowser/filebrowser
FLAT-0QV6O (DLA-4509-1)
Insecure HTTP methods enabled In awstats
1.3
Low
Ecosystem: Debian
Package: awstats
FLAT-OA2W7 (GHSA-7789-65hx-f26w)
Lack of data validation - Path Traversal In github.com/gtsteffaniak/filebrowser/backend
1.7
Low
Ecosystem: Go
Package: github.com/gtsteffaniak/filebrowser/backend
FLAT-NDL11 (MAL-2026-2015)
Use of software with malware In lingewindows
5.2
Medium
Ecosystem: Npm
Package: lingewindows
FLAT-DYOOP (CVE-2025-63261)
OS Command Injection In awstats
5.7
Medium
Ecosystem: Debian
Package: awstats
FLAT-CLTXO (CVE-2026-4428)
Insecure digital certificates In aws-lc-fips-sys
6.5
Medium
Ecosystem: Cargo
Package: aws-lc-fips-sys
FLAT-CB21R (GHSA-9f94-5g5w-gf6r)
Insecure digital certificates In aws-lc-sys
8.1
High
Ecosystem: Cargo
Package: aws-lc-sys
FLAT-MX707 (GHSA-394x-vwmw-crm3)
Insecure digital certificates In aws-lc-sys
4.6
Medium
Ecosystem: Cargo
Package: aws-lc-sys
FLAT-YBVY7 (MAL-2026-1971)
Use of software with malware In trex-proxy-browser-extension-sdk
5.2
Medium
Ecosystem: Npm
Package: trex-proxy-browser-extension-sdk
FLAT-N00LA (MAL-2026-1578)
Use of software with malware In browser-gaming-client
5.2
Medium
Ecosystem: Npm
Package: browser-gaming-client
FLAT-ZLZFH (MAL-2026-1665)
Use of software with malware In browser-compat-data
5.2
Medium
Ecosystem: Npm
Package: browser-compat-data
FLAT-LV33S (CVE-2026-4270)
Server-side request forgery (SSRF) In awslabs-aws-api-mcp-server
4.3
Medium
Ecosystem: PyPI
Package: awslabs-aws-api-mcp-server
FLAT-ZOI11 (CVE-2026-32265)
Business information leak In craftcms/aws-s3
2.7
Low
Ecosystem: Packagist
Package: craftcms/aws-s3
FLAT-KQWWT (CVE-2026-31892)
Authentication mechanism absence or evasion In github.com/argoproj/argo-workflows/v2
6.0
Medium
Ecosystem: Go
Package: github.com/argoproj/argo-workflows/v2
FLAT-YA3JW (CVE-2026-28229)
Business information leak In github.com/argoproj/argo-workflows/v2
7.7
High
Ecosystem: Go
Package: github.com/argoproj/argo-workflows/v2
FLAT-94UUL (CVE-2026-29188)
Improper authorization control for web services In github.com/filebrowser/filebrowser
2.3
Low
Ecosystem: Go
Package: github.com/filebrowser/filebrowser
FLAT-VUXH5 (CVE-2026-28492)
Unauthorized access to screen In github.com/filebrowser/filebrowser
4.9
Medium
Ecosystem: Go
Package: github.com/filebrowser/filebrowser
FLAT-FPSJO (CVE-2026-30934)
Server side cross-site scripting In github.com/gtsteffaniak/filebrowser
7.3
High
Ecosystem: Go
Package: github.com/gtsteffaniak/filebrowser
FLAT-3FBG1 (CVE-2026-30933)
Security controls bypass or absence In github.com/gtsteffaniak/filebrowser/backend
5.0
Medium
Ecosystem: Go
Package: github.com/gtsteffaniak/filebrowser/backend
FLAT-8IEEH (GHSA-hfpc-8r3f-gw53)
Lack of data validation In aws-lc-sys
7.7
High
Ecosystem: Cargo
Package: aws-lc-sys
FLAT-J7DRC (CVE-2026-3338)
Lack of data validation In aws-lc-sys
7.7
High
Ecosystem: Cargo
Package: aws-lc-sys
FLAT-UVX4S (GHSA-65p9-r9h6-22vj)
Lack of data validation - Path Traversal In aws-lc-sys
4.6
Medium
Ecosystem: Cargo
Package: aws-lc-sys
FLAT-N566R (CVE-2026-3337)
Security controls bypass or absence In aws-lc-fips-sys
4.6
Medium
Ecosystem: Cargo
Package: aws-lc-fips-sys
FLAT-8NTUG (CVE-2026-3336)
Insecure digital certificates In aws-lc-sys
6.6
Medium
Ecosystem: Cargo
Package: aws-lc-sys
FLAT-RXXSU (GHSA-vw5v-4f2q-w9xf)
Insecure digital certificates In aws-lc-sys
6.6
Medium
Ecosystem: Cargo
Package: aws-lc-sys
FLAT-Y6ECG (GHSA-5whh-4q9j-7v28)
Improper resource allocation - Buffer overflow In aws-kms-tls-auth
6.3
Medium
Ecosystem: Cargo
Package: aws-kms-tls-auth
FLAT-91AQC (GHSA-747p-wmpv-9c78)
Excessive privileges In awscli
0.4
Low
Ecosystem: PyPI
Package: awscli
FLAT-3U8Q1 (MAL-2026-1057)
Use of software with malware In windowston
5.2
Medium
Ecosystem: Npm
Package: windowston
FLAT-P75XE (CVE-2026-27611)
Sensitive information sent insecurely In github.com/gtsteffaniak/filebrowser/backend
5.0
Medium
Ecosystem: Go
Package: github.com/gtsteffaniak/filebrowser/backend
FLAT-A7W8B (MAL-2026-1042)
Use of software with malware In trae-browser-inspect
5.2
Medium
Ecosystem: Npm
Package: trae-browser-inspect
FLAT-DGUCT (CVE-2025-13590)
Insecure file upload In org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.impl
5.9
Medium
Ecosystem: Maven
Package: org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.impl