Total CVEs

141,292

Critical Severity

3,799

High Severity

13,738

Last 7 Days

1,848
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 2,881 - 2,900 of 37,697 CVEs
CVE-2026-54074 HIGH - 7.8

@tinacms/cli: Remote Code Execution in @tinacms/cli via Forestry migration โ€” unsanitised __TINA_INTERNAL__ marker in user-controlled YAML labels

Vendor: npm
Product: @tinacms/cli
Published: Jun 19, 2026
Source: GitHub
CVE-2026-55691 HIGH - 8.6

StarCitizenWiki Extension Embed Video: Stored XSS via unsanitized class passed to template

Vendor: composer
Product: starcitizenwiki/embedvideo
Published: Jun 19, 2026
Source: GitHub
CVE-2026-55690 HIGH - 7.5

StarCitizenWiki Extension Embed Video: Stored XSS via unsanitized service name in exception text

Vendor: composer
Product: starcitizenwiki/embedvideo
Published: Jun 19, 2026
Source: GitHub
CVE-2026-55091 HIGH - 7.5

flat-to-nested: Prototype pollution in flat-to-nested convert() via __proto__ parent/id key

Vendor: npm
Product: flat-to-nested
Published: Jun 19, 2026
Source: GitHub

@cyclonedx/cyclonedx-npm: Shell Injection via Unsanitized --workspace Argument

Vendor: npm
Product: @cyclonedx/cyclonedx-npm
Published: Jun 19, 2026
Source: GitHub
CVE-2026-54911 MEDIUM - 6.5

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.13.0, ujson.dumps() (or ujson.dump() or ujson.encode()) have a reject_bytes=False option. When set, they may accept malformed or truncated UTF-8 byte sequences, silently rewriting them into diffe...

Vendor: pip
Product: ujson
Published: Jun 19, 2026
Source: GitHub

concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReadWriteLock#release_write_lock does not verify that the calling thread acquired the write lock. Any thread with access to the lock object can release an active write lock held by another thread. A second writer can...

Vendor: rubygems
Product: concurrent-ruby
Published: Jun 19, 2026
Source: GitHub

concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReentrantReadWriteLock can incorrectly grant a write lock after one thread acquires the read lock 32,768 times. The lock stores a thread's local read and write hold counts in one integer. The low 15 bits are use...

Vendor: rubygems
Product: concurrent-ruby
Published: Jun 19, 2026
Source: GitHub
CVE-2026-54904 HIGH - 7.5

concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::AtomicReference#update can enter a permanent busy retry loop when the current value is Float::NAN. The issue is caused by the interaction between AtomicReference#update, which retries until compare_and_set(old_value,...

Vendor: rubygems
Product: concurrent-ruby
Published: Jun 19, 2026
Source: GitHub

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj.load is vulnerable to heap corruption when parsing a JSON string longer than 2 GB. An integer overflow in buf_append_string (buf.h:61) converts the string length to a large negative siz...

Vendor: rubygems
Product: oj
Published: Jun 19, 2026
Source: GitHub

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, is vulnerable to Use-After-Free when in SAJ mode. The Oj::Parser does not protect cached object keys (โ‰ฅ 35 bytes) from garbage collection, and a Ruby callback that triggers GC inside hash_end ...

Vendor: rubygems
Product: oj
Published: Jun 19, 2026
Source: GitHub

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj::Parser in usual mode does not mark array_class and hash_class references during garbage collection, leading to Use-After-Free. If GC runs after the class is assigned but before a parse...

Vendor: rubygems
Product: oj
Published: Jun 19, 2026
Source: GitHub

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in usual mode with create_id enabled, Oj::Parser#parse is vulnerable to heap corruption via a negative-size memcpy. When a JSON object key is exactly 65,535 bytes long, an integer tru...

Vendor: rubygems
Product: oj
Published: Jun 19, 2026
Source: GitHub
CVE-2026-54784 HIGH - 7.4

CoreWCF: SPNEGO SecurityContextToken proof key wrapped without confidentiality

Vendor: nuget
Product: CoreWCF.Primitives
Published: Jun 19, 2026
Source: GitHub
CVE-2026-54783 HIGH - 7.4

CoreWCF: XML Signature Wrapping in WS-Security endorsing/supporting signature verification allows replay of captured signed messages

Vendor: nuget
Product: CoreWCF.Primitives
Published: Jun 19, 2026
Source: GitHub
CVE-2026-54782 CRITICAL - 10.0

CoreWCF: Authentication bypass in CoreWCF SAML 1.1 / 2.0 token signature validation

Vendor: nuget
Product: CoreWCF.Primitives
Published: Jun 19, 2026
Source: GitHub
CVE-2026-54781 HIGH - 7.4

CoreWCF: SAML SubjectConfirmation methods and holder-of-key proof keys are not enforced

Vendor: nuget
Product: CoreWCF.Primitives
Published: Jun 19, 2026
Source: GitHub

CoreWCF: WS-Security Reference DigestMethod Algorithm-Suite Bypass

Vendor: nuget
Product: CoreWCF.Primitives
Published: Jun 19, 2026
Source: GitHub
CVE-2026-54779 MEDIUM - 5.9

CoreWCF: SAML token replay protection is inoperative

Vendor: nuget
Product: CoreWCF.Primitives
Published: Jun 19, 2026
Source: GitHub
CVE-2026-54778 MEDIUM - 6.2

CoreWCF: UnixDomainSocket Non-Reentrant POSIX Identity Resolution

Vendor: nuget
Product: CoreWCF.UnixDomainSocket
Published: Jun 19, 2026
Source: GitHub