Browse and filter security vulnerabilities across ecosystems
Browse and filter security vulnerabilities across ecosystems
Claude Desktop: Local Privilege Escalation via Directory Junction in CoworkVMService
Claude Desktop: SSH Host Key Verification Bypass Allows Man-in-the-Middle Attack on Remote Sessions
Malicious code in @b2bneo-rest/api-csf (npm)
CVE-2026-44007
vm2 NodeVM `nesting: true` bypasses `require: false` allowing sandbox escape and arbitrary OS command execution
CVE-2026-43998
vm2 has a NodeVM require.root bypass via symlink traversal that allows sandbox escape
CVE-2026-44003
vm2's Transformer Fast-Path Bypass Exposes Internal State Variable
CVE-2026-44002
vm2 is Vulnerable to Host File Path Disclosure via Stack Trace Information Leak
CVE-2026-44000
vm2 Host Promise Resolution Preserves Object Identity Across Sandbox Boundary
CVE-2026-44004
vm2 Sandbox Access to Host Buffer.alloc Allows timeout Bypass Resulting in Memory Exhaustion
CVE-2026-44001
vm2 has a Sandbox Escape via Promise Constructor Unhandled Rejection (Process Crash DoS)
CVE-2026-43999
vm2 has a NodeVM builtin allowlist bypass via `module` builtin's `Module._load` that allows sandbox escape
CVE-2026-44005
vm2: Mutable Proxies for Host Intrinsic Prototypes Allows Sandbox Escape
CVE-2026-43997
vm2 Access to Host Object Enables Sandbox Escape
Malicious code in mrdaa-frontend (npm)
CVE-2026-44006
vm2 has a Sandbox Escape Vulnerability
CVE-2026-44503
Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect
Malicious code in 24712-pl5006 (npm)
CVE-2026-44479
Vercel: Non-interactive mode includes CLI arguments in suggested command output
CVE-2026-44456
Hono: bodyLimit() can be bypassed for chunked / unknown-length requests
CVE-2026-44455
hono/jsx has Unvalidated JSX Tag Names that May Allow HTML Injection
Showing 1 - 20 of 1,000+ results