How should we interpret CVSS severity scores?

CVSS estimates technical severity, but it does not automatically equal business risk. Prioritize using context like internet exposure, asset criticality, known exploitation, and whether compensating controls exist. A Medium CVSS on an exposed production system can be more urgent than a Critical on an isolated non-production host.

Vulnerability Database

Q: What is a Vulnerability (CVE) and why does it matter?

A security vulnerability is a weakness in software, hardware, or configuration that can be exploited to compromise confidentiality, integrity, or availability. Many vulnerabilities are tracked as CVEs (Common Vulnerabilities and Exposures), which provide a standardized identifier so teams can coordinate patching, mitigation, and risk assessment across tools and vendors.

Q: What's the difference between a vulnerability, an exploit, and a zero-day?

A vulnerability is the underlying weakness. An exploit is the method or code used to take advantage of it. A zero-day is a vulnerability that is unknown to the vendor or has no publicly available fix when attackers begin using it. Risk increases sharply when exploitation becomes reliable or widespread.

Q: Why do vulnerabilities keep reappearing in our environment?

Recurring findings usually come from incomplete asset discovery, inconsistent patch management, inherited images, and configuration drift. In modern environments, you also need to watch the software supply chain: dependencies, containers, build pipelines, and third-party services can reintroduce the same weakness even after you patch a single host.

Q: How do we prioritize remediation without burning out the team?

Use a repeatable triage model: focus first on externally exposed assets, high-value systems (identity, VPN, email, production), vulnerabilities with known exploits, and issues that enable remote code execution or privilege escalation. Then enforce patch SLAs and track progress so remediation is steady, not reactive.

Q: How can SynScan help reduce vulnerability risk over time?

SynScan combines attack surface monitoring and continuous security auditing to keep your inventory current, flag high-impact vulnerabilities early, and help you turn raw findings into a practical remediation plan.

328,409

Total vulnerabilities in the database

Vulnerabilities for products matching "core"

Found 55 matching products. Filters apply to all results.

You can search for specific versions with /product/core/1.2.3

ractf / core

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2020-15235	Medium		October 5, 2020 10/5/20	<= 41edf92

mobileiron / core

3 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2020-15505	Critical	July 7, 2020 7/7/20	>= 10.6.0.0 < 10.6.0.1 >= 10.5.2.0 < 10.5.2.1 >= 10.4.0.0 < 10.4.0.4 < 10.3.0.4 >= 10.5.1.0 < 10.5.1.1
CVE-2020-15506	Critical	July 7, 2020 7/7/20	<= 10.6
CVE-2020-15507	High	July 7, 2020 7/7/20	<= 10.6

formtools / core

3 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2021-38143	Medium	August 31, 2021 8/31/21	<= 3.0.20
CVE-2021-38144	Medium	August 31, 2021 8/31/21	<= 3.0.20
CVE-2021-38145	Critical	August 31, 2021 8/31/21	<= 3.0.20

onlyoffice / core

2 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2022-29776	Critical		June 2, 2022 6/2/22	<= 6.1.0.26
CVE-2022-29777	Critical		June 2, 2022 6/2/22	<= 6.1.0.26

@nestjs / core

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2023-26108	Low		March 6, 2023 3/6/23	< 9.0.5

drupal / core

38 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2025-3057	Medium	March 31, 2025 3/31/25	>= 8.0.0 < 10.3.13 >= 10.4.0 < 10.4.3 >= 11.0.0 < 11.0.12 >= 11.1.0 < 11.1.3
CVE-2025-31675	Medium	March 31, 2025 3/31/25	>= 8.0.0 < 10.3.14 >= 10.4.0 < 10.4.5 >= 11.0.0 < 11.0.13 >= 11.1.0 < 11.1.5
CVE-2025-31674	High	March 31, 2025 3/31/25	>= 8.0.0 < 10.3.13 >= 10.4.0 < 10.4.3 >= 11.0.0 < 11.0.12 >= 11.1.0 < 11.1.3
CVE-2025-31673	Low	March 31, 2025 3/31/25	>= 8.0.0 < 10.3.13 >= 10.4.0 < 10.4.3 >= 11.0.0 < 11.0.12 >= 11.1.0 < 11.1.3
Drupal core Cross-Site Scripting (XSS) vulnerabilities	Medium	May 15, 2024 5/15/24	>= 8.0.0 < 8.9.18 >= 9.1.0 < 9.1.12 >= 9.2.0 < 9.2.4
Drupal core Arbitrary PHP code execution	High	May 15, 2024 5/15/24	>= 7.0.0 < 7.75 >= 8.0.0 < 8.8.12 >= 8.9.0 < 8.9.10 >= 9.0.0 < 9.0.9
Drupal core Open Redirect vulnerability	Medium	May 15, 2024 5/15/24	>= 7.0.0 < 7.70
Drupal core uses a vulnerable Third-party library CKEditor	Medium	May 15, 2024 5/15/24	>= 8.0.0 < 8.7.12 >= 8.8.0 < 8.8.4
Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar	High	May 15, 2024 5/15/24	>= 7.0.0 < 7.69 >= 8.0.0 < 8.7.11 >= 8.8.0 < 8.8.1
Drupal core Access bypass	Medium	May 15, 2024 5/15/24	>= 8.0.0 < 8.7.11 >= 8.8.0 < 8.8.1
Drupal core unrestricted file upload	Medium	May 15, 2024 5/15/24	>= 8.0.0 < 8.7.11 >= 8.8.0 < 8.8.1
Drupal core Denial of Service	Medium	May 15, 2024 5/15/24	>= 8.0.0 < 8.7.11 >= 8.8.0 < 8.8.1
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution	Critical	May 15, 2024 5/15/24	>= 8.0.0 < 8.5.8 >= 8.6.0 < 8.6.2
Drupal core Remote Code Execution	Critical	May 15, 2024 5/15/24	>= 7.0 < 7.60 >= 8.0.0 < 8.5.8 >= 8.6.0 < 8.6.2
Drupal Anonymous Open Redirect	Medium	May 15, 2024 5/15/24	>= 8.0.0 < 8.5.8 >= 8.6.0 < 8.6.2
Drupal External URL injection through URL aliases leading to Open Redirect	Medium	May 15, 2024 5/15/24	>= 7.0 < 7.60 >= 8.0.0 < 8.5.8 >= 8.6.0 < 8.6.2
Drupal Content moderation Access bypass	Medium	May 15, 2024 5/15/24	>= 8.0.0 < 8.5.8 >= 8.6.0 < 8.6.2
Drupal core Denial of Service vulnerability	Medium	February 12, 2024 2/12/24	>= 8.0.0 < 10.1.8 >= 10.2.0 < 10.2.2
CVE-2024-22362	High	January 16, 2024 1/16/24	== 9.3.6
CVE-2023-5256	High	September 28, 2023 9/28/23	>= 8.7.0 < 9.5.11 >= 10.0.0 < 10.0.11 >= 10.1.0 < 10.1.4
CVE-2023-31250	Medium	April 26, 2023 4/26/23	>= 10.0.0 < 10.0.8 >= 9.5.0 < 9.5.8 >= 9.0.0 < 9.4.14 >= 7.0.0 < 7.96
CVE-2022-25277	High	April 26, 2023 4/26/23	>= 8.0.0 < 9.3.19 >= 9.4.0 < 9.4.3
CVE-2022-25278	Medium	April 26, 2023 4/26/23	>= 8.0.0 < 9.3.19 >= 9.4.0 < 9.4.3
CVE-2022-25276	Medium	April 26, 2023 4/26/23	>= 8.0.0 < 9.3.19 >= 9.4.0 < 9.4.3
CVE-2022-25275	High	April 26, 2023 4/26/23	>= 7.0.0 < 7.91 >= 8.0.0 < 9.3.19 >= 9.4.0 < 9.4.3
CVE-2022-25274	Medium	April 26, 2023 4/26/23	>= 9.3.0 < 9.3.12
CVE-2022-25273	High	April 26, 2023 4/26/23	>= 8.0.0 < 9.2.18 >= 9.3.0 < 9.3.12
CVE-2022-25270	Medium	February 17, 2022 2/17/22	>= 9.3.0 < 9.3.6 >= 8.0.0 < 9.2.13
CVE-2022-25271	High	February 16, 2022 2/16/22	>= 9.3.0 < 9.3.6 >= 8.0.0 < 9.2.13 >= 7.0.0 < 7.88
CVE-2020-13674	Medium	February 11, 2022 2/11/22	>= 8.0.0 < 8.9.19 >= 9.1.0 < 9.1.13 >= 9.2.0 < 9.2.6
CVE-2020-13668	Medium	February 11, 2022 2/11/22	>= 8.0.0 < 8.8.10 >= 8.9.0 < 8.9.6 >= 9.0.0 < 9.0.6
CVE-2020-13670	High	February 11, 2022 2/11/22	>= 8.0.0 < 8.8.10 >= 8.9.0 < 8.9.6 >= 9.0.0 < 9.0.6
CVE-2020-13676	Medium	February 11, 2022 2/11/22	>= 8.0.0 < 8.9.19 >= 9.1.0 < 9.1.13 >= 9.2.0 < 9.2.6
CVE-2020-13675	Critical	February 11, 2022 2/11/22	>= 8.0.0 < 8.9.19 >= 9.1.0 < 9.1.13 >= 9.2.0 < 9.2.6
CVE-2020-13671	High	November 20, 2020 11/20/20	>= 9.0.0 < 9.0.8 >= 8.9.0 < 8.9.9 >= 8.0.0 < 8.8.11 >= 7.0 < 7.74
CVE-2019-6342	Critical	May 28, 2020 5/28/20	== 8.7.4 >= 8.7.4 < 8.7.5
CVE-2017-6923	Low	January 22, 2019 1/22/19	>= 8.0 < 8.3.7
CVE-2018-7602	Critical	July 19, 2018 7/19/18	>= 7.0 < 7.59 >= 8.0 < 8.4.8 >= 8.5 < 8.5.3

shopware / core

55 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2026-31889	High	March 11, 2026 3/11/26	>= 6.7.0.0 < 6.7.8.1 < 6.6.10.15
CVE-2026-31888	Medium	March 11, 2026 3/11/26	>= 6.7.0.0 < 6.7.8.1 < 6.6.10.15
CVE-2026-31887	High	March 11, 2026 3/11/26	>= 6.7.0.0 < 6.7.8.1 < 6.6.10.15
CVE-2026-23498	High	January 14, 2026 1/14/26	>= 6.7.0.0 < 6.7.6.1
Shopware 6's password recovery link does not expire after email change	Medium	November 14, 2025 11/14/25	< 6.6.10.9 >= 6.7.0.0 < 6.7.4.1
Shopware Customer Orders can be canceled, even if refunds are disabled	Medium	October 21, 2025 10/21/25	>= 6.7.0.0 < 6.7.3.1 < 6.6.10.7
Shopware exposes sensitive user information via CSV export mapping	Medium	October 21, 2025 10/21/25	>= 6.7.0.0 < 6.7.3.1 < 6.6.10.7
Shopware vulnerable to Server-Side Request Forgery (SSRF) – order invoice	Low	October 21, 2025 10/21/25	>= 6.7.0.0 < 6.7.3.1 < 6.6.10.7
Shopware vulnerable to path traversal via Plugin upload	Low	October 21, 2025 10/21/25	>= 6.7.0.0 < 6.7.3.1 < 6.6.10.7
Shopware vulnerable to MediaVisibilityRestrictionSubscriber bypass when reading media entities by aggregating fields individually	Medium	October 21, 2025 10/21/25	>= 6.7.0.0 < 6.7.3.1 < 6.6.10.7
Shopware: Reflective Cross Site-Scripting (XSS) in CMS components	High	September 10, 2025 9/10/25	>= 6.7.0.0 < 6.7.2.1
CVE-2025-27892	Medium	April 15, 2025 4/15/25	>= 6.6.0.0 < 6.6.10.3 >= 6.7.0.0-rc1 < 6.7.0.0-rc2 == 6.7.0.0-rc1 < 6.5.8.18
CVE-2025-32378	Medium	April 9, 2025 4/9/25	>= 6.6.0.0-rc1 < 6.6.10.3 >= 6.7.0.0-rc1 < 6.7.0.0-rc2 < 6.5.8.17
Shopware Broken ACL on Document retrieval to access other customers documents	Medium	April 8, 2025 4/8/25	>= 6.6.0.0 < 6.6.10.3 >= 6.7.0.0-rc1 < 6.7.0.0-rc2 < 6.5.8.17
CVE-2025-30151	High	April 8, 2025 4/8/25	>= 6.6.0.0 < 6.6.10.3 >= 6.7.0.0-rc1 < 6.7.0.0-rc2 < 6.5.8.17
CVE-2025-30150	Medium	April 8, 2025 4/8/25	>= 6.6.0.0 < 6.6.10.3 >= 6.7.0.0-rc1 < 6.7.0.0-rc2 == 6.7.0.0-rc1 < 6.5.8.18
CVE-2024-42355	High	August 8, 2024 8/8/24	< 6.5.8.13 >= 6.6.0.0 < 6.6.5.1
CVE-2024-42356	High	August 8, 2024 8/8/24	< 6.5.8.13 >= 6.6.0.0 < 6.6.5.1
CVE-2024-42357	High	August 8, 2024 8/8/24	< 6.5.8.13 >= 6.6.0.0 < 6.6.5.1
CVE-2024-42354	Medium	August 8, 2024 8/8/24	< 6.5.8.13 >= 6.6.0.0 < 6.6.5.1
CVE-2024-31447	Medium	April 8, 2024 4/8/24	>= 6.3.5.0 < 6.5.8.8 >= 6.6.0.0-rc1 < 6.6.1.0
CVE-2024-22407	Low	January 16, 2024 1/16/24	< 6.5.7.4
CVE-2024-22406	Critical	January 16, 2024 1/16/24	< 6.5.7.4
CVE-2023-2017	High	April 17, 2023 4/17/23	< 6.4.20.1
CVE-2023-22734	Low	January 17, 2023 1/17/23	< 6.4.18.1
CVE-2023-22732	Low	January 17, 2023 1/17/23	< 6.4.18.1
CVE-2023-22733	Low	January 17, 2023 1/17/23	< 6.4.18.1
CVE-2023-22730	Medium	January 17, 2023 1/17/23	< 6.4.18.1
CVE-2023-22731	Critical	January 17, 2023 1/17/23	< 6.4.18.1
CVE-2022-24872	High	April 20, 2022 4/20/22	< 6.4.10.1
CVE-2022-24871	High	April 20, 2022 4/20/22	< 6.4.10.1
CVE-2022-24747	Medium	March 9, 2022 3/9/22	< 6.4.8.2
CVE-2022-24748	Medium	March 9, 2022 3/9/22	< 6.4.8.2
CVE-2022-24746	Medium	March 9, 2022 3/9/22	< 6.4.8.1
CVE-2022-24744	Low	March 9, 2022 3/9/22	< 6.4.8.1
Webcache Poisoning in shopware/platform and shopware/core	Critical	November 24, 2021 11/24/21	< 6.4.6.1
CVE-2021-37711	High	August 16, 2021 8/16/21	< 6.4.3.1
CVE-2021-37710	High	August 16, 2021 8/16/21	< 6.4.3.1
CVE-2021-37709	Medium	August 16, 2021 8/16/21	< 6.4.3.1
CVE-2021-37708	High	August 16, 2021 8/16/21	< 6.4.3.1
CVE-2021-37707	Medium	August 16, 2021 8/16/21	< 6.4.3.1
non-admin users can create integration role with administrator role	Medium	June 28, 2021 6/28/21	< 6.4.1.1
Internal hidden fields are visible on to many associations in admin api	Medium	June 28, 2021 6/28/21	< 6.4.1.1
Private files publicly accessible with Cloud Storage providers	High	June 28, 2021 6/28/21	< 6.4.1.1
Creation of order credits was not validated by acl in admin orders	Low	June 28, 2021 6/28/21	< 6.4.1.1
Canceling of orders not related to the logged-in user	Medium	June 28, 2021 6/28/21	< 6.4.1.1
After order payment process manipulation in shopware/platform and shopware/core	Critical	April 13, 2021 4/13/21	< 6.3.5.3
Leak of information via Store-API aggregations in shopware/platform and shopware/core	Critical	April 13, 2021 4/13/21	< 6.3.5.3
Authenticated Server Side Request Forgery	Low	December 21, 2020 12/21/20	< 6.3.4.1
Information exposure via query strings in URL	Low	December 21, 2020 12/21/20	< 6.3.4.1

mautic / core

37 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2026-3105	High	February 25, 2026 2/25/26	>= 2.10.0 < 5.2.10 >= 6.0.0-alpha < 6.0.8 >= 7.0.0-alpha < 7.0.1
CVE-2025-9824	Medium	September 3, 2025 9/3/25	>= 4.4.0 < 4.4.17 >= 5.0.0-alpha < 5.2.8 >= 6.0.0-alpha < 6.0.5
CVE-2025-9823	Medium	September 3, 2025 9/3/25	>= 4.4.0 < 4.4.17 >= 5.0.0-alpha < 5.2.8 >= 6.0.0-alpha < 6.0.5
CVE-2025-9822	Medium	September 3, 2025 9/3/25	>= 4.4.0 < 4.4.17 >= 5.0.0-alpha < 5.2.8 >= 6.0.0-alpha < 6.0.5
CVE-2025-9821	Low	September 3, 2025 9/3/25	>= 4.4.0 < 4.4.17 >= 5.0.0-alpha < 5.2.8 >= 6.0.0-alpha < 6.0.5
CVE-2025-5256	Medium	May 28, 2025 5/28/25	>= 1.0.0 < 4.4.16 >= 5.0.0-alpha < 5.2.6 >= 6.0.0-alpha < 6.0.2
CVE-2024-47057	Medium	May 28, 2025 5/28/25	>= 1.0.0 < 4.4.16 >= 5.0.0-alpha < 5.2.6 >= 6.0.0-alpha < 6.0.2
CVE-2024-47055	Low	May 28, 2025 5/28/25	>= 5.0.0-alpha < 5.2.6 >= 6.0.0-alpha < 6.0.2
CVE-2025-5257	Medium	May 28, 2025 5/28/25	>= 4.0.0 < 4.4.16 >= 5.0.0-alpha < 5.2.6 >= 6.0.0-alpha < 6.0.2
CVE-2024-47056	Medium	May 28, 2025 5/28/25	>= 4.4.0 < 4.4.16 >= 5.0.0-alpha < 5.2.6 >= 6.0.0-alpha < 6.0.2
CVE-2024-47053	High	February 26, 2025 2/26/25	>= 1.0.1 < 5.2.3
CVE-2024-47051	Critical	February 26, 2025 2/26/25	< 5.2.3
CVE-2022-25773	Low	February 26, 2025 2/26/25	< 5.2.3
CVE-2022-25777	Medium	September 18, 2024 9/18/24	>= 1.0.0-beta4 < 4.4.12 >= 5.0.0-alpha < 5.0.4
CVE-2022-25769	High	September 18, 2024 9/18/24	< 3.3.5 >= 4.0.0 < 4.2.0
CVE-2022-25774	Low	September 18, 2024 9/18/24	< 4.4.12
CVE-2022-25775	Medium	September 18, 2024 9/18/24	>= 2.14.1 < 4.4.12 >= 5.0.0-alpha < 5.0.4
CVE-2022-25776	High	September 18, 2024 9/18/24	>= 1.0.2 < 4.4.12 >= 5.0.0-alpha < 5.0.4
CVE-2021-27916	High	September 17, 2024 9/17/24	>= 3.3.0 < 4.4.12 >= 5.0.0-alpha < 5.0.4
CVE-2021-27915	High	September 17, 2024 9/17/24	>= 1.0.0-beta2 < 4.4.12
CVE-2022-25772	Critical	June 20, 2022 6/20/22	< 4.3.0
CVE-2021-27909	Medium	August 30, 2021 8/30/21	< 3.3.4
CVE-2021-27911	High	August 30, 2021 8/30/21	< 3.3.4
CVE-2021-27910	High	August 30, 2021 8/30/21	< 3.3.4
CVE-2021-27912	High	August 30, 2021 8/30/21	< 3.3.4
CVE-2021-27913	Low	August 30, 2021 8/30/21	< 3.3.4
CVE-2021-27908	Medium	March 23, 2021 3/23/21	< 3.3.2
CVE-2020-35125	Critical	February 9, 2021 2/9/21	< 2.16.5 >= 3.0.0 < 3.2.4
CVE-2020-35124	Critical	January 28, 2021 1/28/21	< 2.16.5 >= 3.0.0 < 3.2.4
CVE-2018-11200	Medium	September 20, 2019 9/20/19	< 2.14.0
CVE-2018-11198	Low	September 6, 2019 9/6/19	== 2.13.1 >= 2.13.1 < 2.14.0
CVE-2018-8092	High	April 18, 2018 4/18/18	< 2.13.0
CVE-2018-8071	Low	April 18, 2018 4/18/18	< 2.13.0
CVE-2018-10189	Medium	April 17, 2018 4/17/18	< 2.13.0
CVE-2017-1000489	Medium	January 3, 2018 1/3/18	>= 2.0.0 < 2.12.0
CVE-2017-1000490	Low	January 3, 2018 1/3/18	>= 1.0.0 < 2.12.0
CVE-2017-1000488	Low	January 3, 2018 1/3/18	>= 2.1.0 < 2.12.0

bolt / core

2 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2021-40219	High		April 11, 2022 4/11/22	<= 4.2
CVE-2021-27367	High		February 17, 2021 2/17/21	< 4.1.13

ibexa / core

5 vulnerabilities found

Title	Severity	Date	Affected Version
Ibexa Kernel's files with blacklisted extensions can be still saved to drafts	Medium	March 20, 2024 3/20/24	>= 4.5.0 < 4.5.6 >= 4.6.0 < 4.6.2
Ibexa DXP Download route allows filename change	Low	November 3, 2023 11/3/23	>= 4.5.0 < 4.5.4
Ibexa DXP users with the Company admin role can assign any role to any user	Critical	November 10, 2022 11/10/22	>= 4.2.0 < 4.2.3
Login timing attack in ibexa/core	Critical	June 2, 2022 6/2/22	>= 4.0.0 < 4.0.7 >= 4.1.0 < 4.1.4
Object state limitation has no effect	Critical	April 29, 2022 4/29/22	>= 4.0.0 < 4.0.5 >= 4.1.0 < 4.1.2

s-cart / core

2 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2025-57407	Medium		September 23, 2025 9/23/25	<= 9.0.5
CVE-2022-21149	Medium		May 1, 2022 5/1/22	< 6.9

@angular / core

4 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2026-32635	High	March 13, 2026 3/13/26	>= 22.0.0-next.0 < 22.0.0-next.3 >= 21.0.0-next.0 < 21.2.4 >= 20.0.0-next.0.0.0 < 20.3.18 >= 19.0.0.next.0 < 19.2.20 >= 17.0.0.next.0 <= 18.2.14
CVE-2026-27970	High	February 27, 2026 2/27/26	>= 21.2.0-next.0 < 21.2.0 >= 21.0.0-next.0 < 21.1.6 >= 20.0.0-next.0 < 20.3.17 >= 19.0.0-next.0 < 19.2.19 <= 18.2.14
CVE-2026-22610	High	January 9, 2026 1/9/26	>= 21.1.0-next.0 < 21.1.0-rc.0 >= 21.0.0-next.0 < 21.0.7 >= 20.0.0-next.0 < 20.3.16 >= 19.0.0-next.0 < 19.2.18 <= 18.2.14
CVE-2021-4231	Low	May 26, 2022 5/26/22	< 11.0.5 >= 11.1.0-next.0 < 11.1.0-next.3

concrete5 / core

9 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2022-30120	Medium	June 24, 2022 6/24/22	>= 9.0.0 < 9.1.0 < 8.5.8
CVE-2022-30117	Critical	June 24, 2022 6/24/22	>= 9.0.0 < 9.1.0 < 8.5.8
CVE-2022-21829	Critical	June 24, 2022 6/24/22	>= 9.0.0 < 9.1.0 < 8.5.8
CVE-2021-22968	High	November 19, 2021 11/19/21	< 8.5.7
CVE-2021-22970	High	November 19, 2021 11/19/21	< 8.5.7
CVE-2021-22966	High	November 19, 2021 11/19/21	< 8.5.7
CVE-2021-22967	High	November 19, 2021 11/19/21	< 8.5.7
CVE-2021-22969	Medium	November 19, 2021 11/19/21	< 8.5.7
CVE-2021-22951	High	November 19, 2021 11/19/21	< 8.5.7

@actions / core

2 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2022-35954	Medium		August 15, 2022 8/15/22	< 1.9.1
CVE-2020-15228	Low		October 1, 2020 10/1/20	< 1.2.6

@keystone-6 / core

5 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2025-46720	Low	May 5, 2025 5/5/25	< 6.5.0
CVE-2023-40027	Low	August 15, 2023 8/15/23	< 5.5.1
@keystone-6/core's bundled cuid package known to be insecure	Low	June 12, 2023 6/12/23	<= 5.3.1
CVE-2022-39382	Critical	November 3, 2022 11/3/22	>= 3.0.0 < 3.0.2
CVE-2022-39322	Critical	October 25, 2022 10/25/22	>= 2.2.0 < 2.3.1

badaso / core

3 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2025-52353	Critical	August 26, 2025 8/26/25	<= 2.9.11
CVE-2022-41705	Critical	November 25, 2022 11/25/22	< 2.7.0
CVE-2022-41711	Critical	October 25, 2022 10/25/22	< 2.6.1

flarum / core

8 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2025-27794	Medium	March 12, 2025 3/12/25	< 1.8.10
CVE-2024-21641	Medium	January 5, 2024 1/5/24	< 1.8.5
CVE-2023-40033	High	August 16, 2023 8/16/23	< 1.8.0
CVE-2023-27577	Medium	March 10, 2023 3/10/23	< 1.7.0
CVE-2023-22489	Low	January 13, 2023 1/13/23	>= 1.3.0 < 1.6.3
CVE-2023-22488	Medium	January 12, 2023 1/12/23	< 1.6.3
CVE-2022-41938	Critical	November 19, 2022 11/19/22	>= 1.5.0 < 1.6.2
CVE-2021-32671	Critical	June 7, 2021 6/7/21	>= 1.0.0 < 1.0.2

@sequelize / core

3 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2023-22580	Medium	February 16, 2023 2/16/23	< 7.0.0-alpha.20
CVE-2023-22578	Critical	February 16, 2023 2/16/23	< 7.0.0-alpha.20
CVE-2023-22579	Critical	February 16, 2023 2/16/23	< 7.0.0-alpha.20

api-platform / core

6 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2025-31485	High	April 3, 2025 4/3/25	>= 4.0.0-alpha.1 < 4.0.22 < 3.4.17 >= 4.1.0-alpha.1 < 4.1.5
CVE-2025-31481	High	April 3, 2025 4/3/25	>= 4.0.0-alpha.1 < 4.0.22 < 3.4.17 >= 4.1.0-alpha.1 < 4.1.5
CVE-2023-47639	Medium	April 3, 2025 4/3/25	>= 3.2.0 < 3.2.5
CVE-2025-23204	Low	March 24, 2025 3/24/25	>= 3.3.8 < 3.3.15
CVE-2023-25575	High	February 28, 2023 2/28/23	>= 3.0.0 < 3.0.12 >= 3.1.0 < 3.1.3 >= 2.6.0 < 2.7.10
CVE-2019-1000011	Medium	February 4, 2019 2/4/19	>= 2.2.0 < 2.2.10 >= 2.3.0 < 2.3.6 >= 2.2.0 <= 2.3.5

@sap-cloud-sdk / core

2 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2021-41251	Medium		November 5, 2021 11/5/21	< 1.52.0
Improper Authorization in @sap-cloud-sdk/core	High		September 3, 2020 9/3/20	>= 1.19.0 < 1.21.2

@ionic / core

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
Cross-Site Scripting in @ionic/core	High		September 3, 2020 9/3/20	< 4.0.3 >= 4.1.0 < 4.1.3 >= 4.2.0 < 4.2.1 >= 4.3.0 < 4.3.1

@tsed / core

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2020-7748	Medium		October 20, 2020 10/20/20	< 5.65.7

@vendure / core

3 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2026-25050	Low	January 30, 2026 1/30/26	< 3.5.3
@vendure/core's insecure currencyCode handling allows wrong payment amounts	Medium	November 17, 2023 11/17/23	< 2.1.3
Vendure Cross Site Request Forgery vulnerability impacting all API requests	Low	July 11, 2023 7/11/23	< 2.0.3

pimcore / core

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2023-5192	Medium		September 27, 2023 9/27/23	< 10.3.0

@scrypted / core

2 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
GitHub Security Lab (GHSL) Vulnerability Report, scrypted: `GHSL-2023-218`, `GHSL-2023-219`	High		February 16, 2024 2/16/24	<= 0.1.142
CVE-2023-47623	Medium		December 13, 2023 12/13/23	<= 0.1.142

fuel / core

2 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
fuel/core Crypt encryption compromised.	Medium		May 15, 2024 5/15/24	< 1.8.1
fuel/core ImageMagick driver does not escape all shell arguments.	High		May 15, 2024 5/15/24	< 1.8.0.4

org.verapdf / core

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2024-28109	High		March 28, 2024 3/28/24	< 1.24.2

contao / core

2 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
contao/core PHP object injection vulnerability allows for arbitrary code execution	High		May 15, 2024 5/15/24	>= 2.0.0 < 2.11.14 >= 3.0.0 < 3.2.5
contao/core Insufficient input validation allows for code injection and remote execution	Critical		May 15, 2024 5/15/24	>= 2.0.0 < 2.11.17 >= 3.0.0 < 3.2.9

@janhq / core

3 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2024-37273	Critical	June 4, 2024 6/4/24	<= 0.1.11
CVE-2024-36857	High	June 4, 2024 6/4/24	<= 0.1.11
CVE-2024-36858	Critical	June 4, 2024 6/4/24	<= 0.1.11

@zenuml / core

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2024-38527	Medium		June 26, 2024 6/26/24	< 3.23.25

@zag-js / core

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2024-57079	High		February 5, 2025 2/5/25	< 0.82.2

@intlify / core

2 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2025-53892	Medium		July 16, 2025 7/16/25	>= 9.0.0 < 9.14.5 >= 10.0.0 < 10.0.8 >= 11.0.0 < 11.1.10
CVE-2025-27597	High		March 7, 2025 3/7/25	>= 9.1.0 < 9.1.11

@pkgr / core

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2025-54313	High		July 19, 2025 7/19/25	== 0.2.8 >= 0.2.8 < 0.2.9

com.ritense.valtimo / core

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2025-58059	Critical		August 28, 2025 8/28/25	< 12.16.0.RELEASE >= 13.0.0.RELEASE < 13.1.2.RELEASE

gp247 / core

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2025-57407	Medium		September 23, 2025 9/23/25	< 1.1.24

@strapi / core

3 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2025-25298	Medium	October 16, 2025 10/16/25	< 5.10.3
CVE-2025-53092	Medium	October 16, 2025 10/16/25	< 5.20.0
CVE-2024-56143	High	October 16, 2025 10/16/25	>= 5.0.0 < 5.5.2

@hpke / core

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2025-64767	Critical		November 21, 2025 11/21/25	< 1.7.5

@orval / core

2 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2026-25141	Critical		January 30, 2026 1/30/26	>= 7.19.0 < 7.21.0 >= 8.0.0 < 8.2.0
CVE-2026-23947	Critical		January 21, 2026 1/21/26	>= 8.0.0-rc.0 < 8.0.2 < 7.19.0

@enclave-vm / core

2 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2026-27597	Critical		February 25, 2026 2/25/26	< 2.11.1
CVE-2026-25533	Medium		February 5, 2026 2/5/26	< 2.10.1

@farmfe / core

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2025-56647	Medium		February 12, 2026 2/12/26	< 1.7.6

typicms / core

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2026-27621	Medium		February 25, 2026 2/25/26	< 16.1.7

@workflow / core

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
Vercel Workflow Allows Webhook Creation with Predictable User-Specified Tokens	Medium		March 6, 2026 3/6/26	< 4.2.0-beta.64

Showing vulnerabilities for 55 products matching "core". Each product has independent pagination.

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo

Frequently Asked Questions

What is a Vulnerability (CVE) and why does it matter?

A security vulnerability is a weakness in software, hardware, or configuration that can be exploited to compromise confidentiality, integrity, or availability. Many vulnerabilities are tracked as CVEs (Common Vulnerabilities and Exposures), which provide a standardized identifier so teams can coordinate patching, mitigation, and risk assessment across tools and vendors.

CVSS (Common Vulnerability Scoring System) estimates technical severity, but it doesn't automatically equal business risk. Prioritize using context like internet exposure, affected asset criticality, known exploitation (proof-of-concept or in-the-wild), and whether compensating controls exist. A "Medium" CVSS on an exposed, production system can be more urgent than a "Critical" on an isolated, non-production host.

A vulnerability is the underlying weakness. An exploit is the method or code used to take advantage of it. A zero-day is a vulnerability that is unknown to the vendor or has no publicly available fix when attackers begin using it. In practice, risk increases sharply when exploitation becomes reliable or widespread.

Recurring findings usually come from incomplete Asset Discovery, inconsistent patch management, inherited images, and configuration drift. In modern environments, you also need to watch the software supply chain: dependencies, containers, build pipelines, and third-party services can reintroduce the same weakness even after you patch a single host. Unknown or unmanaged assets (often called Shadow IT) are a common reason the same issues resurface.

Use a simple, repeatable triage model: focus first on externally exposed assets, high-value systems (identity, VPN, email, production), vulnerabilities with known exploits, and issues that enable remote code execution or privilege escalation. Then enforce patch SLAs and track progress using consistent metrics so remediation is steady, not reactive.

SynScan combines attack surface monitoring and continuous security auditing to keep your inventory current, flag high-impact vulnerabilities early, and help you turn raw findings into a practical remediation plan.