VEX records

Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.

Reset

222161 VEX records

API response
Vulnerability Source Title Product status Imported Links
CVE-2026-45409 redhat_vex python-idna: idna: Denial of Service via specially crafted long inputs fixed: 10 known affected: 322 known not affected: 56 2026-07-16T02:10:09+00:00 Vulnerability · Source
CVE-2026-48817 redhat_vex starlette: Starlette: Information disclosure and unintended method execution via non-standard HTTP methods known affected: 71 known not affected: 3 2026-07-16T02:10:07+00:00 Vulnerability · Source
CVE-2026-53539 redhat_vex python-multipart: Python-Multipart: Denial of Service via crafted form-urlencoded bodies known affected: 9 known not affected: 3 2026-07-16T02:10:06+00:00 Vulnerability · Source
CVE-2026-9679 redhat_vex undici: undici vulnerable to HTTP header injection via Set-Cookie percent-decoding fixed: 8 known affected: 72 2026-07-16T02:09:55+00:00 Vulnerability · Source
CVE-2026-9678 redhat_vex undici: Undici: Information disclosure due to improper cache-control header parsing fixed: 204 known affected: 37 known not affected: 8 2026-07-16T02:09:52+00:00 Vulnerability · Source
CVE-2026-54283 redhat_vex starlette: Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS fixed: 3 known affected: 59 known not affected: 12 2026-07-16T02:06:47+00:00 Vulnerability · Source
CVE-2026-12151 redhat_vex undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames fixed: 299 known affected: 38 known not affected: 110 2026-07-16T02:04:22+00:00 Vulnerability · Source
CVE-2026-6734 redhat_vex undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing fixed: 176 known affected: 20 known not affected: 151 2026-07-16T02:04:18+00:00 Vulnerability · Source
CVE-2026-9697 redhat_vex undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy fixed: 176 known affected: 21 known not affected: 150 2026-07-16T02:04:17+00:00 Vulnerability · Source
CVE-2022-41723 redhat_vex golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding fixed: 1546 known affected: 288 known not affected: 11950 2026-07-16T02:02:52+00:00 Vulnerability · Source
CVE-2026-44432 redhat_vex urllib3: urllib3: Denial of Service due to excessive HTTP response decompression fixed: 126 known affected: 62 known not affected: 694 2026-07-16T01:40:58+00:00 Vulnerability · Source
CVE-2026-59831 microsoft_vex GitHub CLI `gh codespace jupyter` could allow remote code execution when connecting to a malicious Codespace fixed: 1 known affected: 1 2026-07-16T01:39:07+00:00 Vulnerability · Source
CVE-2026-1609 redhat_vex org.keycloak/keycloak-quarkus-server: Keycloak: Unauthorized Access via JWT authorization grant with disabled users known not affected: 6 2026-07-16T01:05:52+00:00 Vulnerability · Source
CVE-2026-48863 redhat_vex libsolv: Stack-based buffer overflow in libsolv EdDSA PGP signature verification allows denial of service known not affected: 29 2026-07-16T01:05:50+00:00 Vulnerability · Source
CVE-2026-3842 redhat_vex qemu-kvm: hyperv/syndbg: missing mapped-length guard after cpu_physical_memory_map causes host OOB write known not affected: 82 2026-07-16T01:05:49+00:00 Vulnerability · Source
CVE-2026-23538 redhat_vex feast: Resource exhaustion via WebSocket endpoint known not affected: 14 2026-07-16T01:05:46+00:00 Vulnerability · Source
CVE-2026-45292 redhat_vex opentelemetry-java: opentelemetry-api: opentelemetry-extension-trace-propagators: OpenTelemetry Java: Denial of Service due to unbounded memory allocation when parsing oversized baggage fixed: 10 known affected: 30 known not affected: 85 under investigation: 17 2026-07-16T00:40:49+00:00 Vulnerability · Source
CVE-2026-46385 redhat_vex github.com/hamba/avro/v2: github.com/linkedin/goavro/v2: CPU Exhaustion in Avro Decoder via Unbounded Block-Count Iteration fixed: 8 known affected: 3 known not affected: 353 2026-07-16T00:09:04+00:00 Vulnerability · Source
CVE-2026-46384 redhat_vex github.com/hamba/avro/v2: github.com/linkedin/goavro/v2: Integer Overflow in Avro Decoder fixed: 8 known affected: 3 known not affected: 353 2026-07-16T00:08:58+00:00 Vulnerability · Source
CVE-2026-44496 redhat_vex axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name fixed: 115 known affected: 37 known not affected: 3204 2026-07-16T00:08:39+00:00 Vulnerability · Source
CVE-2026-44495 redhat_vex axios: Axios: Information disclosure due to prototype pollution vulnerability fixed: 110 known affected: 38 known not affected: 2704 2026-07-16T00:08:29+00:00 Vulnerability · Source
CVE-2026-44494 redhat_vex axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution fixed: 123 known affected: 38 known not affected: 4393 2026-07-16T00:08:27+00:00 Vulnerability · Source
CVE-2026-44488 redhat_vex axios: Axios: Denial of Service due to unenforced request and response size limits fixed: 113 known affected: 35 known not affected: 2700 2026-07-16T00:08:21+00:00 Vulnerability · Source
CVE-2026-44492 redhat_vex axios: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization fixed: 112 known affected: 37 known not affected: 3160 2026-07-16T00:08:19+00:00 Vulnerability · Source
CVE-2026-44486 redhat_vex axios: Axios: Information disclosure of proxy credentials via HTTP redirects fixed: 108 known affected: 38 known not affected: 3160 2026-07-16T00:08:17+00:00 Vulnerability · Source
CVE-2026-44487 redhat_vex axios: Axios: Information disclosure of proxy credentials via redirect flows fixed: 115 known affected: 35 known not affected: 3292 2026-07-16T00:08:13+00:00 Vulnerability · Source
CVE-2026-21721 redhat_vex grafana/grafana/pkg/services/dashboards: Grafana Dashboard Permissions Scope Bypass Enables Cross‑Dashboard Privilege Escalation fixed: 80 known affected: 10 known not affected: 519 2026-07-16T00:07:58+00:00 Vulnerability · Source
CVE-2025-13465 redhat_vex lodash: prototype pollution in _.unset and _.omit functions fixed: 434 known affected: 307 known not affected: 12159 2026-07-16T00:07:58+00:00 Vulnerability · Source
CVE-2025-9288 redhat_vex sha.js: Missing type checks leading to hash rewind and passing on crafted data fixed: 71 known affected: 15 known not affected: 1305 2026-07-16T00:07:58+00:00 Vulnerability · Source
CVE-2026-22029 redhat_vex @remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects fixed: 293 known affected: 63 known not affected: 8623 2026-07-16T00:07:58+00:00 Vulnerability · Source
CVE-2026-25639 redhat_vex axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig fixed: 170 known affected: 34 known not affected: 3907 2026-07-16T00:07:58+00:00 Vulnerability · Source
CVE-2026-48801 redhat_vex linkify-it: linkify-it: Denial of Service via algorithmic complexity vulnerability fixed: 4 known affected: 20 under investigation: 8 2026-07-15T23:36:38+00:00 Vulnerability · Source
CVE-2026-53486 redhat_vex decompress: @xhmikosr/decompress: Decompress: Arbitrary file read/write via crafted archive extraction fixed: 3 known affected: 3 2026-07-15T21:56:40+00:00 Vulnerability · Source
CVE-2026-47241 redhat_vex net-imap: rubygem-net-imap: Net::IMAP: Denial of Service via malformed command input fixed: 12 known not affected: 133 2026-07-15T21:43:19+00:00 Vulnerability · Source
CVE-2026-47240 redhat_vex net-imap: Net::IMAP: Command injection via non-synchronizing literals fixed: 8 known affected: 124 known not affected: 10 2026-07-15T21:43:19+00:00 Vulnerability · Source
CVE-2026-48935 redhat_vex nodejs: Node.js: Unauthorized file metadata modification fixed: 212 known affected: 14 2026-07-15T20:47:30+00:00 Vulnerability · Source
CVE-2026-32281 redhat_vex crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation fixed: 1129 known affected: 259 known not affected: 1130 2026-07-15T20:42:13+00:00 Vulnerability · Source
CVE-2025-47907 redhat_vex database/sql: Postgres Scan Race Condition fixed: 5222 known affected: 165 known not affected: 2217 2026-07-15T20:42:05+00:00 Vulnerability · Source
CVE-2026-48934 redhat_vex nodejs: Node.js: Certification validation bypass in TLS host verification fixed: 212 known affected: 14 2026-07-15T20:41:17+00:00 Vulnerability · Source
CVE-2026-48930 redhat_vex nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling fixed: 212 known affected: 14 2026-07-15T20:41:12+00:00 Vulnerability · Source
CVE-2026-48928 redhat_vex Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency fixed: 212 known affected: 14 2026-07-15T20:41:09+00:00 Vulnerability · Source
CVE-2026-48619 redhat_vex nodejs: Node.js: Denial of Service via unlimited HTTP/2 ORIGIN frames fixed: 212 known affected: 14 2026-07-15T20:41:06+00:00 Vulnerability · Source
CVE-2026-48615 redhat_vex nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling fixed: 250 known affected: 14 2026-07-15T20:41:04+00:00 Vulnerability · Source
CVE-2026-32282 redhat_vex golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root fixed: 1170 known affected: 190 known not affected: 1824 2026-07-15T20:36:12+00:00 Vulnerability · Source
CVE-2026-33810 redhat_vex crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application fixed: 119 known affected: 149 known not affected: 939 2026-07-15T20:30:25+00:00 Vulnerability · Source
CVE-2026-29063 redhat_vex immutable-js: Immutable.js: Arbitrary code execution via Prototype Pollution fixed: 254 known affected: 38 known not affected: 11825 2026-07-15T20:30:10+00:00 Vulnerability · Source
CVE-2026-27145 redhat_vex crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries fixed: 174 known affected: 110 known not affected: 334 under investigation: 38 2026-07-15T20:29:57+00:00 Vulnerability · Source
CVE-2026-15685 redhat_vex Ollama: Ollama: Denial of Service via improper array index validation in downloadBlob function known not affected: 4 2026-07-15T20:23:47+00:00 Vulnerability · Source
CVE-2026-39821 redhat_vex golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing fixed: 637 known affected: 255 known not affected: 1151 under investigation: 5 2026-07-15T20:22:54+00:00 Vulnerability · Source
CVE-2026-15308 redhat_vex python: Python: CPU Denial of Service in HTML parser via repeated unterminated markup declarations fixed: 302 known affected: 63 known not affected: 34 2026-07-15T20:20:03+00:00 Vulnerability · Source