VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
222141 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2026-25681 | redhat_vex | golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting | fixed: 290 known affected: 414 known not affected: 523 under investigation: 2 | 2026-07-16T08:32:08+00:00 | Vulnerability · Source |
| CVE-2026-25679 | redhat_vex | net/url: Incorrect parsing of IPv6 host literals in net/url | fixed: 8880 known affected: 164 known not affected: 4255 under investigation: 1 | 2026-07-16T08:31:39+00:00 | Vulnerability · Source |
| CVE-2025-61728 | redhat_vex | golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip | fixed: 6567 known affected: 110 known not affected: 4103 | 2026-07-16T08:26:39+00:00 | Vulnerability · Source |
| CVE-2025-58183 | redhat_vex | golang: archive/tar: Unbounded allocation when parsing GNU sparse map | fixed: 8840 known affected: 129 known not affected: 8191 | 2026-07-16T08:26:35+00:00 | Vulnerability · Source |
| CVE-2026-14380 | redhat_vex | DBI: DBI: Arbitrary code execution via caller-influenced Profile attribute | known affected: 10 | 2026-07-16T08:26:32+00:00 | Vulnerability · Source |
| CVE-2026-33186 | redhat_vex | google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation | fixed: 2477 known affected: 409 known not affected: 27387 under investigation: 1 | 2026-07-16T08:25:49+00:00 | Vulnerability · Source |
| CVE-2025-66506 | redhat_vex | github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token | fixed: 320 known affected: 66 known not affected: 1247 | 2026-07-16T08:25:43+00:00 | Vulnerability · Source |
| CVE-2025-66418 | redhat_vex | urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion | fixed: 1933 known affected: 421 known not affected: 2586 under investigation: 1 | 2026-07-16T08:25:31+00:00 | Vulnerability · Source |
| CVE-2025-64756 | redhat_vex | glob: glob: Command Injection Vulnerability via Malicious Filenames | fixed: 171 known affected: 145 known not affected: 1097 | 2026-07-16T08:25:25+00:00 | Vulnerability · Source |
| CVE-2025-61729 | redhat_vex | crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate | fixed: 7443 known affected: 439 known not affected: 4614 under investigation: 2 | 2026-07-16T08:25:16+00:00 | Vulnerability · Source |
| CVE-2025-52881 | redhat_vex | runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects | fixed: 2379 known affected: 45 known not affected: 4060 | 2026-07-16T08:25:06+00:00 | Vulnerability · Source |
| CVE-2025-30204 | redhat_vex | golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing | fixed: 3038 known affected: 78 known not affected: 11728 | 2026-07-16T08:25:03+00:00 | Vulnerability · Source |
| CVE-2025-22869 | redhat_vex | golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh | fixed: 2719 known affected: 55 known not affected: 6259 under investigation: 1 | 2026-07-16T08:25:00+00:00 | Vulnerability · Source |
| CVE-2025-22868 | redhat_vex | golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws | fixed: 1876 known affected: 95 known not affected: 8426 | 2026-07-16T08:25:00+00:00 | Vulnerability · Source |
| CVE-2026-9698 | redhat_vex | DBI: DBI: Buffer overflow in error handling can lead to arbitrary code execution | fixed: 52 known affected: 4 | 2026-07-16T08:21:22+00:00 | Vulnerability · Source |
| CVE-2026-50589 | redhat_vex | openstack-ironic: OpenStack Ironic: Denial of Service via crafted JSON string | known not affected: 14 | 2026-07-16T08:21:21+00:00 | Vulnerability · Source |
| CVE-2024-24786 | redhat_vex | golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON | fixed: 2012 known affected: 115 known not affected: 11938 under investigation: 58 | 2026-07-16T08:17:29+00:00 | Vulnerability · Source |
| CVE-2024-24784 | redhat_vex | golang: net/mail: comments in display names are incorrectly handled | fixed: 1678 known affected: 56 known not affected: 714 | 2026-07-16T08:17:27+00:00 | Vulnerability · Source |
| CVE-2022-41715 | redhat_vex | golang: regexp/syntax: limit memory used by parsing regexps | fixed: 2994 known affected: 91 known not affected: 2693 under investigation: 1 | 2026-07-16T08:17:22+00:00 | Vulnerability · Source |
| CVE-2022-30631 | redhat_vex | golang: compress/gzip: stack exhaustion in Reader.Read | fixed: 4253 known affected: 91 known not affected: 2159 | 2026-07-16T08:17:22+00:00 | Vulnerability · Source |
| CVE-2026-59198 | redhat_vex | Pillow: Pillow: Information disclosure via TGA RLE encoder out-of-bounds read | known affected: 66 under investigation: 25 | 2026-07-16T08:17:21+00:00 | Vulnerability · Source |
| CVE-2026-59886 | redhat_vex | pyasn1: pyasn1: Denial of Service via crafted ASN.1 REAL values | known affected: 56 known not affected: 1 under investigation: 79 | 2026-07-16T08:12:33+00:00 | Vulnerability · Source |
| CVE-2021-20329 | redhat_vex | mongo-go-driver: specific cstrings input may not be properly validated | fixed: 252 known affected: 69 known not affected: 3782 | 2026-07-16T08:09:53+00:00 | Vulnerability · Source |
| CVE-2026-50144 | redhat_vex | ncnn: ncnn: Out-of-bounds write allows arbitrary code execution | known not affected: 1 | 2026-07-16T08:08:10+00:00 | Vulnerability · Source |
| CVE-2026-27136 | redhat_vex | golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via HTML parsing bypass | fixed: 218 known affected: 417 known not affected: 173 under investigation: 2 | 2026-07-16T08:08:08+00:00 | Vulnerability · Source |
| CVE-2025-40026 | redhat_vex | kernel: KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O | known affected: 260 known not affected: 14 | 2026-07-16T08:08:05+00:00 | Vulnerability · Source |
| CVE-2023-39325 | redhat_vex | golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) | fixed: 4761 known affected: 244 known not affected: 30354 | 2026-07-16T08:05:10+00:00 | Vulnerability · Source |
| CVE-2025-61726 | redhat_vex | golang: net/url: Memory exhaustion in query parameter parsing in net/url | fixed: 10108 known affected: 453 known not affected: 16781 | 2026-07-16T08:04:37+00:00 | Vulnerability · Source |
| CVE-2026-42582 | redhat_vex | netty: io.netty/netty-codec-http3: Netty: Denial of Service due to improper length validation in header block decoding | known affected: 1 | 2026-07-16T08:04:32+00:00 | Vulnerability · Source |
| CVE-2026-15075 | redhat_vex | vertx-core: Eclipse Vert.x: Information disclosure via improper handling of HTTP 30x redirects | known affected: 17 under investigation: 11 | 2026-07-16T08:02:19+00:00 | Vulnerability · Source |
| CVE-2026-39830 | redhat_vex | golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses | fixed: 605 known affected: 187 known not affected: 508 under investigation: 4 | 2026-07-16T08:02:05+00:00 | Vulnerability · Source |
| CVE-2026-34986 | redhat_vex | github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object | fixed: 1888 known affected: 171 known not affected: 10842 under investigation: 1 | 2026-07-16T08:01:57+00:00 | Vulnerability · Source |
| CVE-2026-12382 | redhat_vex | aap-gateway: missing requestHeadersToRemove allows mTLS bypass via Subject header spoofing | fixed: 1 known affected: 1 known not affected: 323 | 2026-07-16T07:56:12+00:00 | Vulnerability · Source |
| CVE-2026-54512 | redhat_vex | jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass | fixed: 1 known affected: 87 known not affected: 79 under investigation: 3 | 2026-07-16T07:55:37+00:00 | Vulnerability · Source |
| CVE-2026-55204 | redhat_vex | haproxy: HAProxy: Denial of Service via HPACK dynamic table insertions | known affected: 27 | 2026-07-16T07:54:18+00:00 | Vulnerability · Source |
| CVE-2026-42508 | redhat_vex | golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey | fixed: 505 known affected: 47 known not affected: 468 under investigation: 3 | 2026-07-16T07:48:28+00:00 | Vulnerability · Source |
| CVE-2026-55203 | redhat_vex | haproxy: HAProxy: Response smuggling due to integer overflow in FastCGI record length handling | known affected: 27 | 2026-07-16T07:46:30+00:00 | Vulnerability · Source |
| CVE-2026-59733 | redhat_vex | rclone: Rclone: Unauthorized access to private repositories via directory traversal | known not affected: 1 | 2026-07-16T07:41:40+00:00 | Vulnerability · Source |
| CVE-2026-49458 | redhat_vex | dompurify: DOMPurify: Cross-site scripting due to improper sanitization of DOM nodes | known affected: 13 under investigation: 35 | 2026-07-16T07:31:18+00:00 | Vulnerability · Source |
| CVE-2026-49459 | redhat_vex | dompurify: DOMPurify: Cross-site scripting bypass allows arbitrary script execution | known affected: 13 under investigation: 35 | 2026-07-16T07:26:17+00:00 | Vulnerability · Source |
| CVE-2026-48125 | redhat_vex | ua-parser-js: UAParser.js: Denial of Service via crafted Client Hints header | known affected: 19 known not affected: 1 | 2026-07-16T07:26:08+00:00 | Vulnerability · Source |
| CVE-2026-46209 | redhat_vex | kernel: drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs() | fixed: 884 known affected: 22 known not affected: 42 | 2026-07-16T07:25:04+00:00 | Vulnerability · Source |
| CVE-2026-43027 | redhat_vex | kernel: netfilter: nf_conntrack_helper: pass helper to expect cleanup | fixed: 1930 known affected: 36 known not affected: 28 | 2026-07-16T07:25:03+00:00 | Vulnerability · Source |
| CVE-2026-53166 | redhat_vex | kernel: futex/requeue: Prevent NULL pointer dereference in remove_waiter() on self-deadlock | fixed: 1487 known affected: 50 known not affected: 14 | 2026-07-16T07:25:00+00:00 | Vulnerability · Source |
| CVE-2026-46189 | redhat_vex | kernel: RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path | fixed: 1623 known affected: 50 known not affected: 14 | 2026-07-16T07:24:58+00:00 | Vulnerability · Source |
| CVE-2026-31408 | redhat_vex | kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold | fixed: 1980 known affected: 64 | 2026-07-16T07:24:49+00:00 | Vulnerability · Source |
| CVE-2026-31613 | redhat_vex | kernel: smb: client: fix OOB reads parsing symlink error response | fixed: 884 known affected: 22 known not affected: 42 | 2026-07-16T07:24:49+00:00 | Vulnerability · Source |
| CVE-2025-68183 | redhat_vex | kernel: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr | fixed: 1930 known affected: 33 known not affected: 31 | 2026-07-16T07:24:49+00:00 | Vulnerability · Source |
| CVE-2026-43499 | redhat_vex | kernel: rtmutex: Use waiter::task instead of current in remove_waiter() | fixed: 1487 known affected: 64 | 2026-07-16T07:24:49+00:00 | Vulnerability · Source |
| CVE-2026-15697 | redhat_vex | svg.js: svg.js: Remote object prototype pollution | under investigation: 2 | 2026-07-16T07:01:34+00:00 | Vulnerability · Source |