How should we interpret CVSS severity scores?

CVSS estimates technical severity, but it does not automatically equal business risk. Prioritize using context like internet exposure, asset criticality, known exploitation, and whether compensating controls exist. A Medium CVSS on an exposed production system can be more urgent than a Critical on an isolated non-production host.

Vulnerability Database

Q: What is a Vulnerability (CVE) and why does it matter?

A security vulnerability is a weakness in software, hardware, or configuration that can be exploited to compromise confidentiality, integrity, or availability. Many vulnerabilities are tracked as CVEs (Common Vulnerabilities and Exposures), which provide a standardized identifier so teams can coordinate patching, mitigation, and risk assessment across tools and vendors.

Q: What's the difference between a vulnerability, an exploit, and a zero-day?

A vulnerability is the underlying weakness. An exploit is the method or code used to take advantage of it. A zero-day is a vulnerability that is unknown to the vendor or has no publicly available fix when attackers begin using it. Risk increases sharply when exploitation becomes reliable or widespread.

Q: Why do vulnerabilities keep reappearing in our environment?

Recurring findings usually come from incomplete asset discovery, inconsistent patch management, inherited images, and configuration drift. In modern environments, you also need to watch the software supply chain: dependencies, containers, build pipelines, and third-party services can reintroduce the same weakness even after you patch a single host.

Q: How do we prioritize remediation without burning out the team?

Use a repeatable triage model: focus first on externally exposed assets, high-value systems (identity, VPN, email, production), vulnerabilities with known exploits, and issues that enable remote code execution or privilege escalation. Then enforce patch SLAs and track progress so remediation is steady, not reactive.

Q: How can SynScan help reduce vulnerability risk over time?

SynScan combines attack surface monitoring and continuous security auditing to keep your inventory current, flag high-impact vulnerabilities early, and help you turn raw findings into a practical remediation plan.

352,427

Total vulnerabilities in the database

Vulnerabilities for products matching "core"

Found 69 matching products. Filters apply to all results.

You can search for specific versions with /product/core/1.2.3

ractf / core

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2020-15235	Medium		October 5, 2020 10/5/20	<= 41edf92

mobileiron / core

7 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2020-15505	Critical	July 7, 2020 7/7/20	>= 10.6.0.0 < 10.6.0.1 >= 10.5.2.0 < 10.5.2.1 >= 10.4.0.0 < 10.4.0.4 < 10.3.0.4 >= 10.5.1.0 < 10.5.1.1
CVE-2020-15506	Critical	July 7, 2020 7/7/20	<= 10.6
CVE-2020-15507	High	July 7, 2020 7/7/20	<= 10.6

formtools / core

3 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2021-38143	Medium	August 31, 2021 8/31/21	<= 3.0.20
CVE-2021-38144	Medium	August 31, 2021 8/31/21	<= 3.0.20
CVE-2021-38145	Critical	August 31, 2021 8/31/21	<= 3.0.20

onlyoffice / core

2 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2022-29776	Critical		June 2, 2022 6/2/22	<= 6.1.0.26
CVE-2022-29777	Critical		June 2, 2022 6/2/22	<= 6.1.0.26

@babel / core

2 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2026-49356	Low		June 15, 2026 6/15/26	>= 8.0.0-alpha.0 < 8.0.0-rc.6 < 7.29.6

@nestjs / core

2 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2026-35515	Medium		April 6, 2026 4/6/26	< 11.1.18
CVE-2023-26108	Medium		March 6, 2023 3/6/23	< 9.0.5

drupal / core

259 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2026-9082	Critical	May 20, 2026 5/20/26	>= 8.9.0 < 10.4.10 >= 10.5.0 < 10.5.10 >= 10.6.0 < 10.6.9 >= 11.0.0 < 11.1.10 >= 11.2.0 < 11.2.12 >= 11.3.0 < 11.3.10
CVE-2026-6365	Medium	May 20, 2026 5/20/26	>= 8.0.0 < 10.5.9 >= 10.6.0 < 10.6.7 >= 11.0.0 < 11.2.11 >= 11.3.0 < 11.3.7
CVE-2026-6366	Medium	May 20, 2026 5/20/26	>= 8.0.0 < 10.5.9 >= 10.6.0 < 10.6.7 >= 11.0.0 < 11.2.11 >= 11.3.0 < 11.3.7
CVE-2026-6367	Medium	May 20, 2026 5/20/26	>= 11.3.0 < 11.3.7
CVE-2025-13082	Low	November 18, 2025 11/18/25	>= 8.0.0 < 10.4.9 >= 10.5.0 < 10.5.6 >= 11.0.0 < 11.1.9 >= 11.2.0 < 11.2.8
CVE-2025-13083	Low	November 18, 2025 11/18/25	>= 8.0.0 < 10.4.9 >= 10.5.0 < 10.5.6 >= 11.0.0 < 11.1.9 >= 11.2.0 < 11.2.8 >= 7.0 < 7.103
CVE-2025-13080	Low	November 18, 2025 11/18/25	>= 8.0.0 < 10.4.9 >= 10.5.0 < 10.5.6 >= 11.0.0 < 11.1.9 >= 11.2.0 < 11.2.8
CVE-2025-13081	Medium	November 18, 2025 11/18/25	>= 8.0.0 < 10.4.9 >= 10.5.0 < 10.5.6 >= 11.0.0 < 11.1.9 >= 11.2.0 < 11.2.8
CVE-2025-3057	Medium	March 31, 2025 3/31/25	>= 8.0.0 < 10.3.13 >= 10.4.0 < 10.4.3 >= 11.0.0 < 11.0.12 >= 11.1.0 < 11.1.3
CVE-2025-31675	Low	March 31, 2025 3/31/25	>= 8.0.0 < 10.3.14 >= 10.4.0 < 10.4.5 >= 11.0.0 < 11.0.13 >= 11.1.0 < 11.1.5
CVE-2025-31673	Medium	March 31, 2025 3/31/25	>= 8.0.0 < 10.3.13 >= 10.4.0 < 10.4.3 >= 11.0.0 < 11.0.12 >= 11.1.0 < 11.1.3
CVE-2025-31674	Medium	March 31, 2025 3/31/25	>= 8.0.0 < 10.3.13 >= 10.4.0 < 10.4.3 >= 11.0.0 < 11.0.12 >= 11.1.0 < 11.1.3
CVE-2024-12393	Medium	December 10, 2024 12/10/24	>= 8.8.0 < 10.2.11 >= 10.3.0 < 10.3.9 >= 11.0.0 < 11.0.8
CVE-2024-55634	Medium	December 10, 2024 12/10/24	>= 8.0.0 < 10.2.11 >= 10.3.0 < 10.3.9 >= 11.0.0 < 11.0.8
CVE-2024-55636	Low	December 10, 2024 12/10/24	>= 8.8.0 < 10.2.11 >= 10.3.0 < 10.3.9 >= 11.0.0 < 11.0.8
CVE-2024-55637	High	December 10, 2024 12/10/24	>= 8.8.0 < 10.2.11 >= 10.3.0 < 10.3.9 >= 11.0.0 < 11.0.8
CVE-2024-55638	High	December 10, 2024 12/10/24	>= 8.8.0 < 10.2.11 >= 10.3.0 < 10.3.9 >= 7.0 < 7.102
CVE-2024-11941	High	December 5, 2024 12/5/24	>= 10.1.0 < 10.1.8 >= 10.2.0 < 10.2.2
CVE-2024-11942	Medium	December 5, 2024 12/5/24	>= 10.0.0 < 10.2.10
CVE-2024-45440	Medium	August 29, 2024 8/29/24	>= 10.3.0 < 10.3.6 >= 11.0.0 < 11.0.5 >= 8.0.0 < 10.2.9
Drupal core Cross-Site Scripting (XSS) vulnerabilities	Medium	May 15, 2024 5/15/24	>= 8.0.0 < 8.9.18 >= 9.1.0 < 9.1.12 >= 9.2.0 < 9.2.4
Drupal core Arbitrary PHP code execution	High	May 15, 2024 5/15/24	>= 7.0.0 < 7.75 >= 8.0.0 < 8.8.12 >= 8.9.0 < 8.9.10 >= 9.0.0 < 9.0.9
Drupal core Open Redirect vulnerability	Medium	May 15, 2024 5/15/24	>= 7.0.0 < 7.70
Drupal core uses a vulnerable Third-party library CKEditor	Medium	May 15, 2024 5/15/24	>= 8.0.0 < 8.7.12 >= 8.8.0 < 8.8.4
Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar	High	May 15, 2024 5/15/24	>= 7.0.0 < 7.69 >= 8.0.0 < 8.7.11 >= 8.8.0 < 8.8.1
Drupal core Access bypass	Medium	May 15, 2024 5/15/24	>= 8.0.0 < 8.7.11 >= 8.8.0 < 8.8.1
Drupal core unrestricted file upload	Medium	May 15, 2024 5/15/24	>= 8.0.0 < 8.7.11 >= 8.8.0 < 8.8.1
Drupal core Denial of Service	Medium	May 15, 2024 5/15/24	>= 8.0.0 < 8.7.11 >= 8.8.0 < 8.8.1
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution	Critical	May 15, 2024 5/15/24	>= 8.0.0 < 8.5.8 >= 8.6.0 < 8.6.2
Drupal core Remote Code Execution	Critical	May 15, 2024 5/15/24	>= 7.0 < 7.60 >= 8.0.0 < 8.5.8 >= 8.6.0 < 8.6.2
Drupal Anonymous Open Redirect	Medium	May 15, 2024 5/15/24	>= 8.0.0 < 8.5.8 >= 8.6.0 < 8.6.2
Drupal External URL injection through URL aliases leading to Open Redirect	Medium	May 15, 2024 5/15/24	>= 7.0 < 7.60 >= 8.0.0 < 8.5.8 >= 8.6.0 < 8.6.2
Drupal Content moderation Access bypass	Medium	May 15, 2024 5/15/24	>= 8.0.0 < 8.5.8 >= 8.6.0 < 8.6.2
Drupal core Denial of Service vulnerability	Medium	February 12, 2024 2/12/24	>= 8.0.0 < 10.1.8 >= 10.2.0 < 10.2.2
CVE-2024-22362	Medium	January 16, 2024 1/16/24	== 9.3.6
CVE-2023-5256	Critical	September 28, 2023 9/28/23	>= 8.7.0 < 9.5.11 >= 10.0.0 < 10.0.11 >= 10.1.0 < 10.1.4
CVE-2023-31250	Critical	April 26, 2023 4/26/23	>= 10.0.0 < 10.0.8 >= 9.5.0 < 9.5.8 >= 9.0.0 < 9.4.14 >= 7.0.0 < 7.96
CVE-2022-25277	High	April 26, 2023 4/26/23	>= 8.0.0 < 9.3.19 >= 9.4.0 < 9.4.3
CVE-2022-25278	Medium	April 26, 2023 4/26/23	>= 8.0.0 < 9.3.19 >= 9.4.0 < 9.4.3
CVE-2022-25276	Medium	April 26, 2023 4/26/23	>= 8.0.0 < 9.3.19 >= 9.4.0 < 9.4.3
CVE-2022-25275	High	April 26, 2023 4/26/23	>= 7.0.0 < 7.91 >= 8.0.0 < 9.3.19 >= 9.4.0 < 9.4.3
CVE-2022-25274	Medium	April 26, 2023 4/26/23	>= 9.3.0 < 9.3.12
CVE-2022-25273	High	April 26, 2023 4/26/23	>= 8.0.0 < 9.2.18 >= 9.3.0 < 9.3.12
CVE-2022-25270	Medium	February 17, 2022 2/17/22	>= 9.3.0 < 9.3.6 >= 8.0.0 < 9.2.13
CVE-2022-25271	High	February 16, 2022 2/16/22	>= 9.3.0 < 9.3.6 >= 8.0.0 < 9.2.13 >= 7.0.0 < 7.88
CVE-2020-13668	Medium	February 11, 2022 2/11/22	>= 8.0.0 < 8.8.10 >= 8.9.0 < 8.9.6 >= 9.0.0 < 9.0.6
CVE-2020-13669	Medium	February 11, 2022 2/11/22	>= 8.0.0 < 8.8.10 >= 8.9.0 < 8.9.6 >= 9.0.0 < 9.0.6
CVE-2020-13670	High	February 11, 2022 2/11/22	>= 8.0.0 < 8.8.10 >= 8.9.0 < 8.9.6 >= 9.0.0 < 9.0.6
CVE-2020-13672	Medium	February 11, 2022 2/11/22	>= 7.0.0 < 7.80 >= 8.0.0 < 8.9.14 >= 9.0.0 < 9.0.12 >= 9.1.0 < 9.1.7
CVE-2020-13674	Medium	February 11, 2022 2/11/22	>= 8.0.0 < 8.9.19 >= 9.1.0 < 9.1.13 >= 9.2.0 < 9.2.6

shopware / core

98 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2026-48013	Medium	June 4, 2026 6/4/26	>= 6.7.0.0 < 6.7.10.1
CVE-2026-48015	Medium	June 4, 2026 6/4/26	>= 6.7.0.0 < 6.7.10.1 < 6.6.10.18
CVE-2026-48016	Medium	June 4, 2026 6/4/26	>= 6.7.0.0 < 6.7.10.1 < 6.6.10.18
CVE-2026-48014	Medium	June 4, 2026 6/4/26	>= 6.7.0.0 < 6.7.10.1 < 6.6.10.18
CVE-2026-48012	Medium	June 4, 2026 6/4/26	>= 6.7.3.0 < 6.7.10.1
CVE-2026-48011	Low	June 4, 2026 6/4/26	>= 6.7.0.0 < 6.7.10.1 < 6.6.10.18
CVE-2026-48010	Medium	June 4, 2026 6/4/26	>= 6.7.0.0 < 6.7.10.1 < 6.6.10.18
CVE-2026-48009	Medium	June 4, 2026 6/4/26	>= 6.7.0.0 < 6.7.10.1 < 6.6.10.18
CVE-2026-48008	Medium	June 4, 2026 6/4/26	>= 6.7.0.0 < 6.7.10.1 < 6.6.10.18
CVE-2026-31889	High	March 11, 2026 3/11/26	>= 6.7.0.0 < 6.7.8.1 < 6.6.10.15
CVE-2026-31888	Medium	March 11, 2026 3/11/26	>= 6.7.0.0 < 6.7.8.1 < 6.6.10.15
CVE-2026-31887	High	March 11, 2026 3/11/26	>= 6.7.0.0 < 6.7.8.1 < 6.6.10.15
CVE-2026-23498	High	January 14, 2026 1/14/26	>= 6.7.0.0 < 6.7.6.1
Shopware 6's password recovery link does not expire after email change	Medium	November 14, 2025 11/14/25	< 6.6.10.9 >= 6.7.0.0 < 6.7.4.1
Shopware Customer Orders can be canceled, even if refunds are disabled	Medium	October 21, 2025 10/21/25	>= 6.7.0.0 < 6.7.3.1 < 6.6.10.7
Shopware exposes sensitive user information via CSV export mapping	Medium	October 21, 2025 10/21/25	>= 6.7.0.0 < 6.7.3.1 < 6.6.10.7
Shopware vulnerable to Server-Side Request Forgery (SSRF) – order invoice	Low	October 21, 2025 10/21/25	>= 6.7.0.0 < 6.7.3.1 < 6.6.10.7
Shopware vulnerable to path traversal via Plugin upload	Low	October 21, 2025 10/21/25	>= 6.7.0.0 < 6.7.3.1 < 6.6.10.7
Shopware vulnerable to MediaVisibilityRestrictionSubscriber bypass when reading media entities by aggregating fields individually	Medium	October 21, 2025 10/21/25	>= 6.7.0.0 < 6.7.3.1 < 6.6.10.7
Shopware: Reflective Cross Site-Scripting (XSS) in CMS components	High	September 10, 2025 9/10/25	>= 6.7.0.0 < 6.7.2.1
CVE-2025-27892	High	April 15, 2025 4/15/25	>= 6.6.0.0 < 6.6.10.3 >= 6.7.0.0-rc1 < 6.7.0.0-rc2 == 6.7.0.0-rc1 < 6.5.8.18
CVE-2025-32378	Low	April 9, 2025 4/9/25	>= 6.6.0.0-rc1 < 6.6.10.3 >= 6.7.0.0-rc1 < 6.7.0.0-rc2 < 6.5.8.17
Shopware Broken ACL on Document retrieval to access other customers documents	Medium	April 8, 2025 4/8/25	>= 6.6.0.0 < 6.6.10.3 >= 6.7.0.0-rc1 < 6.7.0.0-rc2 < 6.5.8.17
CVE-2025-30151	High	April 8, 2025 4/8/25	>= 6.6.0.0 < 6.6.10.3 >= 6.7.0.0-rc1 < 6.7.0.0-rc2 < 6.5.8.17
CVE-2025-30150	Medium	April 8, 2025 4/8/25	>= 6.6.0.0 < 6.6.10.3 >= 6.7.0.0-rc1 < 6.7.0.0-rc2 == 6.7.0.0-rc1 < 6.5.8.18
CVE-2024-42357	Medium	August 8, 2024 8/8/24	< 6.5.8.13 >= 6.6.0.0 < 6.6.5.1
CVE-2024-42356	High	August 8, 2024 8/8/24	< 6.5.8.13 >= 6.6.0.0 < 6.6.5.1
CVE-2024-42355	High	August 8, 2024 8/8/24	< 6.5.8.13 >= 6.6.0.0 < 6.6.5.1
CVE-2024-42354	Medium	August 8, 2024 8/8/24	< 6.5.8.13 >= 6.6.0.0 < 6.6.5.1
CVE-2024-31447	Medium	April 8, 2024 4/8/24	>= 6.3.5.0 < 6.5.8.8 >= 6.6.0.0-rc1 < 6.6.1.0
CVE-2024-22407	Medium	January 16, 2024 1/16/24	< 6.5.7.4
CVE-2024-22406	Critical	January 16, 2024 1/16/24	< 6.5.7.4
CVE-2023-2017	High	April 17, 2023 4/17/23	< 6.4.20.1
CVE-2023-22734	Medium	January 17, 2023 1/17/23	< 6.4.18.1
CVE-2023-22733	Low	January 17, 2023 1/17/23	< 6.4.18.1
CVE-2023-22732	Low	January 17, 2023 1/17/23	< 6.4.18.1
CVE-2023-22731	Critical	January 17, 2023 1/17/23	< 6.4.18.1
CVE-2023-22730	Medium	January 17, 2023 1/17/23	< 6.4.18.1
CVE-2022-24872	High	April 20, 2022 4/20/22	< 6.4.10.1
CVE-2022-24871	High	April 20, 2022 4/20/22	< 6.4.10.1
CVE-2022-24746	Medium	March 9, 2022 3/9/22	< 6.4.8.1
CVE-2022-24747	Medium	March 9, 2022 3/9/22	< 6.4.8.2
CVE-2022-24748	Medium	March 9, 2022 3/9/22	< 6.4.8.2
CVE-2022-24744	Low	March 9, 2022 3/9/22	< 6.4.8.1
Webcache Poisoning in shopware/platform and shopware/core	Critical	November 24, 2021 11/24/21	< 6.4.6.1
CVE-2021-37711	High	August 16, 2021 8/16/21	< 6.4.3.1
CVE-2021-37710	High	August 16, 2021 8/16/21	< 6.4.3.1
CVE-2021-37709	Medium	August 16, 2021 8/16/21	< 6.4.3.1
CVE-2021-37708	High	August 16, 2021 8/16/21	< 6.4.3.1
CVE-2021-37707	Medium	August 16, 2021 8/16/21	< 6.4.3.1

mautic / core

91 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2026-3105	High	February 25, 2026 2/25/26	>= 2.10.0 < 5.2.10 >= 6.0.0-alpha < 6.0.8 >= 7.0.0-alpha < 7.0.1
CVE-2025-13828	Critical	December 2, 2025 12/2/25	>= 4.0.0 < 4.4.18 >= 5.0.0 < 5.2.9 >= 6.0.0 < 6.0.7
CVE-2025-9824	Medium	September 3, 2025 9/3/25	>= 4.4.0 < 4.4.17 >= 5.0.0-alpha < 5.2.8 >= 6.0.0-alpha < 6.0.5
CVE-2025-9823	Medium	September 3, 2025 9/3/25	>= 4.4.0 < 4.4.17 >= 5.0.0-alpha < 5.2.8 >= 6.0.0-alpha < 6.0.5
CVE-2025-9822	Medium	September 3, 2025 9/3/25	>= 4.4.0 < 4.4.17 >= 5.0.0-alpha < 5.2.8 >= 6.0.0-alpha < 6.0.5
CVE-2025-9821	Low	September 3, 2025 9/3/25	>= 4.4.0 < 4.4.17 >= 5.0.0-alpha < 5.2.8 >= 6.0.0-alpha < 6.0.5
CVE-2025-5256	Medium	May 28, 2025 5/28/25	>= 1.0.0 < 4.4.16 >= 5.0.0-alpha < 5.2.6 >= 6.0.0-alpha < 6.0.2
CVE-2024-47057	Medium	May 28, 2025 5/28/25	>= 1.0.0 < 4.4.16 >= 5.0.0-alpha < 5.2.6 >= 6.0.0-alpha < 6.0.2
CVE-2024-47055	Medium	May 28, 2025 5/28/25	>= 5.0.0-alpha < 5.2.6 >= 6.0.0-alpha < 6.0.2
CVE-2025-5257	Medium	May 28, 2025 5/28/25	>= 4.0.0 < 4.4.16 >= 5.0.0-alpha < 5.2.6 >= 6.0.0-alpha < 6.0.2
CVE-2024-47056	Medium	May 28, 2025 5/28/25	>= 4.4.0 < 4.4.16 >= 5.0.0-alpha < 5.2.6 >= 6.0.0-alpha < 6.0.2
CVE-2024-47053	High	February 26, 2025 2/26/25	>= 1.0.1 < 5.2.3
CVE-2024-47051	Critical	February 26, 2025 2/26/25	< 5.2.3
CVE-2022-25773	Medium	February 26, 2025 2/26/25	< 5.2.3
CVE-2024-47059	Medium	September 18, 2024 9/18/24	>= 5.1.0 < 5.1.1
CVE-2021-27917	Medium	September 18, 2024 9/18/24	>= 1.0.0-beta4 < 4.4.13 >= 5.0.0-alpha < 5.1.1
CVE-2022-25770	Medium	September 18, 2024 9/18/24	>= 1.0.0-beta3 < 4.4.13 >= 5.0.0-alpha < 5.1.1
CVE-2024-47050	Medium	September 18, 2024 9/18/24	>= 2.6.0 < 4.4.13 >= 5.0.0-alpha < 5.1.1
CVE-2024-47058	Medium	September 18, 2024 9/18/24	>= 5.0.0-alpha < 5.1.1 >= 1.0.0-beta < 4.4.13
CVE-2022-25768	High	September 18, 2024 9/18/24	>= 1.1.3 < 4.4.13 >= 5.0.0-alpha < 5.1.1
CVE-2022-25777	Medium	September 18, 2024 9/18/24	>= 1.0.0-beta4 < 4.4.12 >= 5.0.0-alpha < 5.0.4
CVE-2022-25769	Medium	September 18, 2024 9/18/24	< 3.3.5 >= 4.0.0 < 4.2.0
CVE-2022-25774	Medium	September 18, 2024 9/18/24	< 4.4.12
CVE-2022-25775	Medium	September 18, 2024 9/18/24	>= 2.14.1 < 4.4.12 >= 5.0.0-alpha < 5.0.4
CVE-2022-25776	High	September 18, 2024 9/18/24	>= 1.0.2 < 4.4.12 >= 5.0.0-alpha < 5.0.4
CVE-2021-27916	High	September 17, 2024 9/17/24	>= 3.3.0 < 4.4.12 >= 5.0.0-alpha < 5.0.4
CVE-2021-27915	High	September 17, 2024 9/17/24	>= 1.0.0-beta2 < 4.4.12
CVE-2022-25772	Critical	June 20, 2022 6/20/22	< 4.3.0
CVE-2021-27909	Medium	August 30, 2021 8/30/21	< 3.3.4 >= 4.0.0-alpha1 < 4.0.0
CVE-2021-27910	High	August 30, 2021 8/30/21	< 3.3.4 >= 4.0.0-alpha1 < 4.0.0
CVE-2021-27911	High	August 30, 2021 8/30/21	< 3.3.4 >= 4.0.0-alpha1 < 4.0.0
CVE-2021-27912	High	August 30, 2021 8/30/21	< 3.3.4 >= 4.0.0-alpha1 < 4.0.0
CVE-2021-27913	Low	August 30, 2021 8/30/21	< 3.3.4 >= 4.0.0-alpha1 < 4.0.0
CVE-2021-27908	Medium	March 23, 2021 3/23/21	< 3.3.2
CVE-2020-35125	Critical	February 9, 2021 2/9/21	< 2.16.5 >= 3.0.0 < 3.2.4
CVE-2021-3142	High	January 29, 2021 1/29/21	>= 3.0.0 < 3.2.4 >= 2.0.0 < 2.16.5
CVE-2020-35124	Critical	January 28, 2021 1/28/21	>= 3.0.0 < 3.2.4 >= 2.0.0 < 2.16.5
CVE-2020-35128	Critical	January 19, 2021 1/19/21	>= 3.2.0 < 3.2.4 >= 2.0.0 < 2.16.5
CVE-2020-35129	Critical	January 19, 2021 1/19/21	< 3.2.4
CVE-2018-11200	Medium	September 20, 2019 9/20/19	< 2.14.0
CVE-2018-11198	Medium	September 6, 2019 9/6/19	== 2.13.1 >= 2.13.1 < 2.14.0
CVE-2018-8071	Medium	April 18, 2018 4/18/18	< 2.13.0
CVE-2018-8092	Medium	April 18, 2018 4/18/18	< 2.13.0
CVE-2018-10189	High	April 17, 2018 4/17/18	< 2.13.0
CVE-2017-1000506	Medium	February 9, 2018 2/9/18	< 2.14.2
CVE-2017-1000489	High	January 3, 2018 1/3/18	>= 2.0.0 < 2.12.0
CVE-2017-1000490	Medium	January 3, 2018 1/3/18	>= 1.0.0 < 2.12.0
CVE-2017-1000488	Medium	January 3, 2018 1/3/18	>= 2.1.0 < 2.12.0
CVE-2017-1000046	High	July 17, 2017 7/17/17	< 2.1.1
CVE-2017-8874	High	May 10, 2017 5/10/17	== 1.4.1

bolt / core

2 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2021-40219	High		April 11, 2022 4/11/22	<= 4.2
CVE-2021-27367	High		February 17, 2021 2/17/21	< 4.1.13

ibexa / core

8 vulnerabilities found

Title	Severity	Date	Affected Version
Ibexa Kernel's files with blacklisted extensions can be still saved to drafts	Medium	March 20, 2024 3/20/24	>= 4.5.0 < 4.5.6 >= 4.6.0 < 4.6.2
Ibexa DXP Download route allows filename change	Low	November 3, 2023 11/3/23	>= 4.5.0 < 4.5.4
Ibexa DXP users with the Company admin role can assign any role to any user	Critical	November 10, 2022 11/10/22	>= 4.2.0 < 4.2.3
Login timing attack in ibexa/core	Critical	June 2, 2022 6/2/22	>= 4.0.0 < 4.0.7 >= 4.1.0 < 4.1.4
Object state limitation has no effect	Critical	April 29, 2022 4/29/22	>= 4.0.0 < 4.0.5 >= 4.1.0 < 4.1.2

s-cart / core

2 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2025-57407	Low		September 23, 2025 9/23/25	<= 9.0.5
CVE-2022-21149	Medium		May 1, 2022 5/1/22	< 6.9

@angular / core

32 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2026-50557	Medium	June 15, 2026 6/15/26	>= 21.0.0-next.0 < 21.2.15 >= 22.0.0-next.0 < 22.0.0-rc.2 >= 20.0.0-next.0 < 20.3.22 >= 19.0.0-next.0 < 19.2.22 <= 18.2.14
CVE-2026-52725	Medium	June 15, 2026 6/15/26	>= 21.0.0-next.0 < 21.2.15 >= 22.0.0-next.0 < 22.0.0-rc.2 >= 19.0.0-next.0 < 19.2.23 <= 18.2.14 >= 20.0.0-next.0 < 20.3.22
CVE-2026-54267	High	June 15, 2026 6/15/26	>= 22.0.0-next.0 < 22.0.1 >= 21.0.0-next.0 < 21.2.17 >= 20.0.0-next.0 < 20.3.25 <= 19.2.25
CVE-2026-32635	High	March 13, 2026 3/13/26	>= 22.0.0-next.0 < 22.0.0-next.3 >= 21.0.0-next.0 < 21.2.4 >= 20.0.0-next.0.0.0 < 20.3.18 >= 19.0.0-next.0 < 19.2.20 >= 17.0.0-next.0 <= 18.2.14
CVE-2026-27970	High	February 27, 2026 2/27/26	>= 21.2.0-next.0 < 21.2.0 >= 21.0.0-next.0 < 21.1.6 >= 20.0.0-next.0 < 20.3.17 >= 19.0.0-next.0 < 19.2.19 <= 18.2.14
CVE-2026-22610	High	January 9, 2026 1/9/26	>= 21.1.0-next.0 < 21.1.0-rc.0 >= 21.0.0-next.0 < 21.0.7 >= 20.0.0-next.0 < 20.3.16 >= 19.0.0-next.0 < 19.2.18 <= 18.2.14
CVE-2021-4231	Medium	May 26, 2022 5/26/22	>= 11.1.0-next.0 < 11.1.0-next.3 >= 11.0.0 < 11.0.5 < 10.2.5

concrete5 / core

12 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2022-30120	Low	June 24, 2022 6/24/22	>= 9.0.0 < 9.1.0 < 8.5.8
CVE-2022-21829	High	June 24, 2022 6/24/22	>= 9.0.0 < 9.1.0 < 8.5.8
CVE-2022-30117	Critical	June 24, 2022 6/24/22	>= 9.0.0 < 9.1.0 < 8.5.8
CVE-2021-22951	Medium	November 19, 2021 11/19/21	< 8.5.7
CVE-2021-22966	High	November 19, 2021 11/19/21	< 8.5.7
CVE-2021-22967	Medium	November 19, 2021 11/19/21	< 8.5.7
CVE-2021-22968	High	November 19, 2021 11/19/21	< 8.5.7
CVE-2021-22969	Medium	November 19, 2021 11/19/21	< 8.5.7
CVE-2021-22970	Medium	November 19, 2021 11/19/21	< 8.5.7

@actions / core

2 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2022-35954	Medium		August 15, 2022 8/15/22	< 1.9.1
CVE-2020-15228	Low		October 1, 2020 10/1/20	< 1.2.6

@keystone-6 / core

6 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2026-33326	Medium	March 19, 2026 3/19/26	< 6.5.2
CVE-2025-46720	Low	May 5, 2025 5/5/25	< 6.5.0
CVE-2023-40027	Medium	August 15, 2023 8/15/23	< 5.5.1
@keystone-6/core's bundled cuid package known to be insecure	Low	June 12, 2023 6/12/23	<= 5.3.1
CVE-2022-39382	Critical	November 3, 2022 11/3/22	>= 3.0.0 < 3.0.2
CVE-2022-39322	Critical	October 25, 2022 10/25/22	>= 2.2.0 < 2.3.1

badaso / core

3 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2025-52353	High	August 26, 2025 8/26/25	<= 2.9.11
CVE-2022-41705	Critical	November 25, 2022 11/25/22	< 2.7.0
CVE-2022-41711	Critical	October 25, 2022 10/25/22	< 2.6.1

flarum / core

10 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2026-41887	Medium	April 22, 2026 4/22/26	< 1.8.16 >= 2.0.0-beta.1 < 2.0.0-rc.1
CVE-2025-27794	Medium	March 12, 2025 3/12/25	< 1.8.10
CVE-2024-21641	Medium	January 5, 2024 1/5/24	< 1.8.5
CVE-2023-40033	High	August 16, 2023 8/16/23	< 1.8.0
CVE-2023-27577	Medium	March 10, 2023 3/10/23	< 1.7.0
CVE-2023-22489	Low	January 13, 2023 1/13/23	>= 1.3.0 < 1.6.3
CVE-2023-22488	Medium	January 12, 2023 1/12/23	< 1.6.3
CVE-2022-41938	Critical	November 19, 2022 11/19/22	>= 1.5.0 < 1.6.2
CVE-2021-32671	Critical	June 7, 2021 6/7/21	>= 1.0.0 < 1.0.2

@sequelize / core

3 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2023-22580	Medium	February 16, 2023 2/16/23	< 7.0.0-alpha.20
CVE-2023-22579	Critical	February 16, 2023 2/16/23	< 7.0.0-alpha.20
CVE-2023-22578	Critical	February 16, 2023 2/16/23	< 7.0.0-alpha.20

api-platform / core

14 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2025-31485	High	April 3, 2025 4/3/25	>= 4.0.0-alpha.1 < 4.0.22 < 3.4.17 >= 4.1.0-alpha.1 < 4.1.5
CVE-2025-31481	High	April 3, 2025 4/3/25	>= 4.0.0-alpha.1 < 4.0.22 < 3.4.17 >= 4.1.0-alpha.1 < 4.1.5
CVE-2023-47639	Medium	April 3, 2025 4/3/25	>= 3.2.0 < 3.2.5
CVE-2025-23204	Medium	March 24, 2025 3/24/25	>= 3.3.8 < 3.3.15
CVE-2023-25575	High	February 28, 2023 2/28/23	>= 3.0.0 < 3.0.12 >= 3.1.0 < 3.1.3 >= 2.6.0 < 2.7.10
CVE-2019-1000011	Medium	February 4, 2019 2/4/19	>= 2.2.0 < 2.2.10 >= 2.3.0 < 2.3.6 >= 2.2.0 <= 2.3.5

@sap-cloud-sdk / core

2 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2021-41251	Medium		November 5, 2021 11/5/21	< 1.52.0
Improper Authorization in @sap-cloud-sdk/core	High		September 3, 2020 9/3/20	>= 1.19.0 < 1.21.2

@ionic / core

4 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
Cross-Site Scripting in @ionic/core	High		September 3, 2020 9/3/20	< 4.0.3 >= 4.1.0 < 4.1.3 >= 4.2.0 < 4.2.1 >= 4.3.0 < 4.3.1

@tsed / core

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2020-7748	Medium		October 20, 2020 10/20/20	< 5.65.7

mediawiki / core

86 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2023-45363	High	October 9, 2023 10/9/23	< 1.35.12 >= 1.36.0 < 1.39.5 == 1.40.0 >= 1.40.0 < 1.40.1
CVE-2023-29141	Critical	March 31, 2023 3/31/23	>= 1.39.0 < 1.39.3 >= 1.38.0 < 1.38.6 < 1.35.10
CVE-2021-41800	Medium	October 11, 2021 10/11/21	< 1.36.2
CVE-2020-25812	Medium	September 27, 2020 9/27/20	>= 1.34.0 < 1.34.3 >= 1.35.0-rc.0 < 1.35.0
CVE-2020-25813	Medium	September 27, 2020 9/27/20	>= 1.31.0 < 1.31.9 >= 1.32.0 < 1.34.3
CVE-2020-25814	Medium	September 27, 2020 9/27/20	>= 1.31.0 < 1.31.9 >= 1.32.0 < 1.34.3 >= 1.35.0-rc.0 < 1.35.0
CVE-2020-25815	Medium	September 27, 2020 9/27/20	>= 1.32.0 < 1.34.3 >= 1.35.0-rc.0 < 1.35.0
CVE-2020-25827	High	September 27, 2020 9/27/20	>= 1.31.0 < 1.31.9 >= 1.32.0 < 1.34.3
CVE-2020-25828	Medium	September 27, 2020 9/27/20	>= 1.31.0 < 1.31.9 >= 1.32.0 < 1.34.3 >= 1.35.0-rc.0 < 1.35.0
CVE-2020-15005	Medium	June 24, 2020 6/24/20	< 1.31.8 >= 1.32.0 < 1.33.4 >= 1.34.0 < 1.34.2
CVE-2020-10959	Medium	June 2, 2020 6/2/20	< 1.34.0-rc.0
CVE-2020-10960	Medium	April 3, 2020 4/3/20	>= 1.31.0 < 1.31.7 >= 1.33.0 < 1.33.3 >= 1.34.0 < 1.34.1
CVE-2019-19709	Medium	December 11, 2019 12/11/19	>= 1.31.0 < 1.31.6 >= 1.32.0 < 1.32.6 >= 1.33.0 < 1.33.2 >= 1.33.99 < 1.34.0
CVE-2019-16738	Medium	September 26, 2019 9/26/19	>= 1.31.0 < 1.31.4 >= 1.32.0 < 1.32.4 >= 1.33.0 < 1.33.1
CVE-2019-12469	Medium	July 10, 2019 7/10/19	>= 1.27.0 < 1.27.6 >= 1.30.0 < 1.30.2 >= 1.31.0 < 1.31.2 >= 1.32.0 < 1.32.2
CVE-2019-12470	Medium	July 10, 2019 7/10/19	>= 1.27.0 < 1.27.6 >= 1.30.0 < 1.30.2 >= 1.31.0 < 1.31.2 >= 1.32.0 < 1.32.2
CVE-2019-12466	High	July 10, 2019 7/10/19	>= 1.27.0 < 1.27.6 >= 1.30.0 < 1.30.2 >= 1.31.0 < 1.31.2 >= 1.32.0 < 1.32.2
CVE-2019-12471	Medium	July 10, 2019 7/10/19	>= 1.27.0 < 1.27.6 >= 1.30.0 < 1.30.2 >= 1.31.0 < 1.31.2
CVE-2019-12472	High	July 10, 2019 7/10/19	>= 1.18.0 < 1.27.6 >= 1.30.0 < 1.30.2 >= 1.31.0 < 1.31.2 >= 1.32.0 < 1.32.2
CVE-2019-12473	High	July 10, 2019 7/10/19	>= 1.27.0 < 1.27.6 >= 1.30.0 < 1.30.2 >= 1.31.0 < 1.31.2 >= 1.32.0 < 1.32.2
CVE-2019-12474	High	July 10, 2019 7/10/19	>= 1.27.0 < 1.27.6 >= 1.30.0 < 1.30.2 >= 1.31.0 < 1.31.2 >= 1.32.0 < 1.32.2
CVE-2019-12467	Medium	July 10, 2019 7/10/19	< 1.27.6 >= 1.30.0 < 1.30.2 >= 1.31.0 < 1.31.2 >= 1.32.0 < 1.32.2
CVE-2019-12468	Critical	July 10, 2019 7/10/19	>= 1.27.0 < 1.27.6 >= 1.30.0 < 1.30.2 >= 1.31.0 < 1.31.2 >= 1.32.0 < 1.32.2
CVE-2018-0503	Medium	October 4, 2018 10/4/18	>= 1.27.0 < 1.27.5 >= 1.29.0 < 1.29.3 >= 1.30.0 < 1.30.1 >= 1.31.0 < 1.31.1
CVE-2018-0504	Medium	October 4, 2018 10/4/18	>= 1.27.0 < 1.27.5 >= 1.29.0 < 1.29.3 >= 1.30.0 < 1.30.1 >= 1.31.0 < 1.31.1
CVE-2018-0505	Medium	October 4, 2018 10/4/18	>= 1.27.0 < 1.27.5 >= 1.29.0 < 1.29.3 >= 1.30.0 < 1.30.1 >= 1.31.0 < 1.31.1
CVE-2018-13258	Medium	October 4, 2018 10/4/18	>= 1.31.0 < 1.31.1
CVE-2014-2853	Medium	April 29, 2014 4/29/14	< 1.21.9 >= 1.22.0 < 1.22.6

@vendure / core

6 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2026-40887	Critical	April 14, 2026 4/14/26	>= 3.0.0 < 3.5.7 >= 3.6.0 < 3.6.2 >= 1.7.4 < 2.3.4
CVE-2026-25050	Low	January 30, 2026 1/30/26	< 3.5.3
@vendure/core's insecure currencyCode handling allows wrong payment amounts	Medium	November 17, 2023 11/17/23	< 2.1.3
Vendure Cross Site Request Forgery vulnerability impacting all API requests	Low	July 11, 2023 7/11/23	< 2.0.3

pimcore / core

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2023-5192	Medium		September 27, 2023 9/27/23	< 10.3.0

@scrypted / core

2 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
GitHub Security Lab (GHSL) Vulnerability Report, scrypted: `GHSL-2023-218`, `GHSL-2023-219`	High		February 16, 2024 2/16/24	<= 0.1.142
CVE-2023-47623	Medium		December 13, 2023 12/13/23	<= 0.1.142

fuel / core

2 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
fuel/core Crypt encryption compromised.	Medium		May 15, 2024 5/15/24	< 1.8.1
fuel/core ImageMagick driver does not escape all shell arguments.	High		May 15, 2024 5/15/24	< 1.8.0.4

org.verapdf / core

2 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2024-52800	Low		November 29, 2024 11/29/24	< 1.26.2
CVE-2024-28109	High		March 28, 2024 3/28/24	< 1.24.2

contao / core

12 vulnerabilities found

Title	Severity	Date	Affected Version
contao/core PHP object injection vulnerability allows for arbitrary code execution	High	May 15, 2024 5/15/24	>= 2.0.0 < 2.11.14 >= 3.0.0 < 3.2.5
contao/core Insufficient input validation allows for code injection and remote execution	Critical	May 15, 2024 5/15/24	>= 2.0.0 < 2.11.17 >= 3.0.0 < 3.2.9
CVE-2018-5478	Medium	September 21, 2023 9/21/23	>= 3.0.0 < 3.5.32
CVE-2018-10125	Medium	March 16, 2020 3/16/20	>= 3.0.0 < 3.5.35
CVE-2012-4383	High	January 29, 2020 1/29/20	< 2.11.4
CVE-2019-10641	Critical	April 17, 2019 4/17/19	>= 3.0.0 < 3.5.39
CVE-2017-10993	High	July 21, 2017 7/21/17	>= 3.0.0 < 3.5.28
CVE-2015-0269	Medium	May 26, 2017 5/26/17	>= 3.4.0 < 3.4.4 >= 2.0.0 < 3.2.19
CVE-2016-4567	Medium	May 22, 2016 5/22/16	>= 3.0.0 < 3.5.15

@janhq / core

3 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2024-37273	Critical	June 4, 2024 6/4/24	<= 0.1.11
CVE-2024-36858	Critical	June 4, 2024 6/4/24	<= 0.1.11
CVE-2024-36857	High	June 4, 2024 6/4/24	<= 0.1.11

@zenuml / core

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2024-38527	Medium		June 26, 2024 6/26/24	< 3.23.25

@zag-js / core

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2024-57079	High		February 5, 2025 2/5/25	< 0.82.2

@intlify / core

6 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2025-53892	Medium	July 16, 2025 7/16/25	>= 9.0.0 < 9.14.5 >= 10.0.0 < 10.0.8 >= 11.0.0 < 11.1.10
CVE-2025-27597	High	March 7, 2025 3/7/25	>= 9.1.0 < 9.1.11
CVE-2024-52809	Medium	November 29, 2024 11/29/24	>= 9.3.0 < 9.14.2 >= 10.0.0 < 10.0.5

@pkgr / core

2 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2025-54313	High		July 19, 2025 7/19/25	== 0.2.8 >= 0.2.8 < 0.2.9

com.ritense.valtimo / core

2 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2025-58059	Critical		August 28, 2025 8/28/25	< 12.16.0.RELEASE >= 13.0.0.RELEASE < 13.1.2.RELEASE

gp247 / core

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2025-57407	Low		September 23, 2025 9/23/25	< 1.1.24

@strapi / core

3 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2025-25298	Medium	October 16, 2025 10/16/25	< 5.10.3
CVE-2025-53092	High	October 16, 2025 10/16/25	< 5.20.0
CVE-2024-56143	High	October 16, 2025 10/16/25	>= 5.0.0 < 5.5.2

@hpke / core

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2025-64767	Critical		November 21, 2025 11/21/25	< 1.7.5

@orval / core

4 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2026-25141	Critical		January 30, 2026 1/30/26	>= 7.19.0 < 7.21.0 >= 8.0.0 < 8.2.0
CVE-2026-23947	Critical		January 21, 2026 1/21/26	>= 8.0.0-rc.0 < 8.0.2 < 7.19.0

@enclave-vm / core

2 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2026-27597	Critical		February 25, 2026 2/25/26	< 2.11.1
CVE-2026-25533	Medium		February 5, 2026 2/5/26	< 2.10.1

@farmfe / core

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2025-56647	Medium		February 12, 2026 2/12/26	< 1.7.6

typicms / core

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2026-27621	Medium		February 25, 2026 2/25/26	< 16.1.7

@workflow / core

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
Vercel Workflow Allows Webhook Creation with Predictable User-Specified Tokens	Medium		March 6, 2026 3/6/26	< 4.2.0-beta.64

@dicebear / core

5 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2026-33311	Medium		March 19, 2026 3/19/26	>= 5.0.0 < 5.4.4 >= 6.0.0 < 6.1.4 >= 7.0.0 < 7.1.4 >= 8.0.0 < 8.0.3 >= 9.0.0 < 9.4.1

@mikro-orm / core

4 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2026-34221	High		March 29, 2026 3/29/26	< 6.6.10 >= 7.0.0-dev.0 < 7.0.6
CVE-2026-34220	Critical		March 29, 2026 3/29/26	< 6.6.10 >= 7.0.0-dev.0 < 7.0.6

@adonisjs / core

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2026-40255	Medium		April 14, 2026 4/14/26	< 7.3.1

adonisjs / core

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2026-40255	Medium		April 14, 2026 4/14/26	<= 7.3.0

org.geysermc.geyser / core

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2026-42188	Low		May 5, 2026 5/5/26	< 2.9.3

flightphp / core

5 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2026-42552	High	May 6, 2026 5/6/26	< 3.18.1
CVE-2026-42551	High	May 6, 2026 5/6/26	< 3.18.1
CVE-2026-42550	High	May 6, 2026 5/6/26	< 3.18.1
CVE-2026-42549	Medium	May 6, 2026 5/6/26	< 3.18.1
CVE-2026-42548	High	May 6, 2026 5/6/26	< 3.18.1

magento / core

24 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2020-9664	Critical	July 22, 2020 7/22/20	<= 1.9.4.5
CVE-2020-9665	Medium	July 22, 2020 7/22/20	<= 1.9.4.5
CVE-2020-9583	Critical	June 26, 2020 6/26/20	< 1.9.4.5
CVE-2020-9584	Medium	June 26, 2020 6/26/20	< 1.9.4.5
CVE-2020-9585	Critical	June 26, 2020 6/26/20	< 1.9.4.5
CVE-2020-9587	High	June 26, 2020 6/26/20	< 1.9.4.5
CVE-2020-9588	High	June 26, 2020 6/26/20	< 1.9.4.5
CVE-2020-9591	High	June 26, 2020 6/26/20	< 1.9.4.5
CVE-2020-9630	Critical	June 26, 2020 6/26/20	< 1.9.4.5
CVE-2020-9631	Critical	June 26, 2020 6/26/20	< 1.9.4.5
CVE-2020-9632	Critical	June 26, 2020 6/26/20	< 1.9.4.5
CVE-2020-9576	Critical	June 26, 2020 6/26/20	< 1.9.4.5
CVE-2020-9577	Medium	June 26, 2020 6/26/20	< 1.9.4.5
CVE-2020-9578	Critical	June 26, 2020 6/26/20	< 1.9.4.5
CVE-2020-9579	Critical	June 26, 2020 6/26/20	< 1.9.4.5
CVE-2020-9580	Critical	June 26, 2020 6/26/20	< 1.9.4.5
CVE-2020-9581	Medium	June 26, 2020 6/26/20	< 1.9.4.5
CVE-2020-9582	Critical	June 26, 2020 6/26/20	< 1.9.4.5
CVE-2020-3719	High	January 29, 2020 1/29/20	< 1.9.4.4
CVE-2020-3715	Medium	January 29, 2020 1/29/20	< 1.9.4.4
CVE-2015-6497	High	January 15, 2020 1/15/20	< 1.9.2.1
CVE-2019-8230	High	November 6, 2019 11/6/19	< 1.9.4.3
CVE-2019-8231	High	November 6, 2019 11/6/19	< 1.9.4.3
CVE-2019-8227	Medium	November 6, 2019 11/6/19	< 1.9.4.3

magneto / core

2 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2020-3758	Medium		January 29, 2020 1/29/20	< 1.9.4.4
CVE-2020-3718	Critical		January 29, 2020 1/29/20	< 1.9.4.4

kohana / core

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2014-8684	Critical		September 19, 2017 9/19/17	< 3.3.3

@rspack / core

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
DOM Clobbering Gadget found in Rspack's AutoPublicPathRuntimeModule that leads to XSS	Medium		September 19, 2024 9/19/24	< 1.0.0-rc.1

@langchain / core

2 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2025-68665	High		December 23, 2025 12/23/25	>= 1.0.0 < 1.1.8 < 0.3.80

@agenticmail / core

2 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
AgenticMail: Unauthenticated inbound mail triggers bypassPermissions resume of the operator's Claude Code session (bridge-wake)	High		June 18, 2026 6/18/26	< 0.9.43
CVE-2026-47255	High		May 29, 2026 5/29/26	< 0.9.10

@opentelemetry / core

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2026-54285	Medium		June 15, 2026 6/15/26	< 2.8.0

@kozou / core

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
Kozou: Unauthenticated MCP HTTP server and bundled dev-stack hardening (DNS-rebinding, request-body limits, read-only reads, default network exposure)	High		June 19, 2026 6/19/26	< 1.8.1

Showing vulnerabilities for 69 products matching "core". Each product has independent pagination.

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo

Frequently Asked Questions

What is a Vulnerability (CVE) and why does it matter?

A security vulnerability is a weakness in software, hardware, or configuration that can be exploited to compromise confidentiality, integrity, or availability. Many vulnerabilities are tracked as CVEs (Common Vulnerabilities and Exposures), which provide a standardized identifier so teams can coordinate patching, mitigation, and risk assessment across tools and vendors.

CVSS (Common Vulnerability Scoring System) estimates technical severity, but it doesn't automatically equal business risk. Prioritize using context like internet exposure, affected asset criticality, known exploitation (proof-of-concept or in-the-wild), and whether compensating controls exist. A "Medium" CVSS on an exposed, production system can be more urgent than a "Critical" on an isolated, non-production host.

A vulnerability is the underlying weakness. An exploit is the method or code used to take advantage of it. A zero-day is a vulnerability that is unknown to the vendor or has no publicly available fix when attackers begin using it. In practice, risk increases sharply when exploitation becomes reliable or widespread.

Recurring findings usually come from incomplete Asset Discovery, inconsistent patch management, inherited images, and configuration drift. In modern environments, you also need to watch the software supply chain: dependencies, containers, build pipelines, and third-party services can reintroduce the same weakness even after you patch a single host. Unknown or unmanaged assets (often called Shadow IT) are a common reason the same issues resurface.

Use a simple, repeatable triage model: focus first on externally exposed assets, high-value systems (identity, VPN, email, production), vulnerabilities with known exploits, and issues that enable remote code execution or privilege escalation. Then enforce patch SLAs and track progress using consistent metrics so remediation is steady, not reactive.

SynScan combines attack surface monitoring and continuous security auditing to keep your inventory current, flag high-impact vulnerabilities early, and help you turn raw findings into a practical remediation plan.