Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10307
Total
705
Critical
2965
High
3260
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-45033 | UNKNOWN | — | GitHub Copilot CLI brings AI-powered coding assistance directly to your command line. Prior to 1.0.43, a security vulnerability has been identified in GitHub Copilot CLI … | May 13, 2026 |
| CVE-2026-45028 | UNKNOWN | — | Astro is a web framework. Astro versions prior to 6.1.10 used AES-GCM encryption to protect the confidentiality and integrity of server island props and slots … | May 13, 2026 |
| CVE-2026-44665 | MEDIUM | 6.1 | fast-xml-builder builds XML from JSON. Prior to 1.1.7, when an input data has quotes in attribute values but process entities is not enabled, it breaks … | May 13, 2026 |
| CVE-2026-44664 | MEDIUM | 6.1 | fast-xml-builder builds XML from JSON. In 1.1.5, the fix for CVE-2026-41650 in fast-xml-parser sanitizes -- sequences in XML comment content using .replace(/--/g, '- -'). This … | May 13, 2026 |
| CVE-2026-44572 | LOW | 3.7 | Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, an external client could send a x-nextjs-data header … | May 13, 2026 |
| CVE-2026-44479 | MEDIUM | 5.5 | Vercel’s AI Cloud is a unified platform for building modern applications. From 50.16.0 to 52.0.0, hen the Vercel CLI runs in non-interactive mode (--non-interactive or … | May 13, 2026 |
| CVE-2026-44470 | UNKNOWN | — | The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. Prior to 1.3834.0, the CoworkVMService … | May 13, 2026 |
| CVE-2026-44467 | UNKNOWN | — | The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. From 1.2581.0 to before 1.4304.0, … | May 13, 2026 |
| CVE-2026-44459 | LOW | 3.8 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, improper validation of the JWT NumericDate claims exp, nbf, … | May 13, 2026 |
| CVE-2026-44458 | MEDIUM | 4.3 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, the JSX renderer escapes style attribute object values for … | May 13, 2026 |
| CVE-2026-44457 | MEDIUM | 5.3 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, Cache Middleware does not skip caching for responses that … | May 13, 2026 |
| CVE-2026-44456 | MEDIUM | 6.5 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, bodyLimit() does not reliably enforce maxSize for requests without … | May 13, 2026 |
| CVE-2026-44455 | MEDIUM | 4.7 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, Improper handling of JSX element tag names in hono/jsx … | May 13, 2026 |
| CVE-2026-44432 | UNKNOWN | — | urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) … | May 13, 2026 |
| CVE-2026-44431 | UNKNOWN | — | urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward … | May 13, 2026 |
| CVE-2026-44295 | HIGH | 8.7 | protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbjs static code generation could emit unsafe JavaScript identifiers derived from schema-controlled … | May 13, 2026 |
| CVE-2026-44294 | MEDIUM | 5.3 | protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript property accessors from schema-controlled field and oneof names. Certain … | May 13, 2026 |
| CVE-2026-44293 | HIGH | 8.8 | protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript for toObject conversion could include an unsafe expression derived … | May 13, 2026 |
| CVE-2026-44292 | MEDIUM | 5.3 | protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs generated message constructors copied enumerable properties from a provided properties object … | May 13, 2026 |
| CVE-2026-44291 | HIGH | 8.1 | protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs used plain objects with inherited prototypes for internal type lookup tables … | May 13, 2026 |
| CVE-2026-44290 | HIGH | 7.5 | protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs allowed certain schema option paths to traverse through inherited object properties … | May 13, 2026 |
| CVE-2026-44289 | HIGH | 7.5 | protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs could recurse without a depth limit while decoding nested protobuf data. … | May 13, 2026 |
| CVE-2026-44288 | MEDIUM | 5.3 | protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs includes a minimal UTF-8 decoder that accepted overlong UTF-8 byte sequences … | May 13, 2026 |
| CVE-2026-43489 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: liveupdate: luo_file: remember retrieve() status LUO keeps track of successful retrieve attempts on a LUO … | May 13, 2026 |
| CVE-2026-43488 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Prevent interrupt storm on host controller error (HCE) The xHCI controller reports a … | May 13, 2026 |