VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
222167 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2026-6321 | redhat_vex | fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies | fixed: 286 known affected: 32 known not affected: 611 | 2026-07-16T06:11:09+00:00 | Vulnerability · Source |
| CVE-2026-15809 | redhat_vex | github.com/cri-o/cri-o: Fix Bypass for CVE-2022-4318 — /etc/passwd Injection via HOME env | known affected: 5 | 2026-07-16T05:40:56+00:00 | Vulnerability · Source |
| CVE-2026-40898 | redhat_vex | github.com/quic-go/quic-go: quic-go: Denial of Service via excessive memory allocation in HTTP/3 trailers | fixed: 6 known affected: 14 known not affected: 10 | 2026-07-16T04:58:47+00:00 | Vulnerability · Source |
| CVE-2026-11525 | redhat_vex | undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header | fixed: 196 known affected: 47 | 2026-07-16T04:58:41+00:00 | Vulnerability · Source |
| CVE-2026-5078 | redhat_vex | morgan: morgan: Log forgery due to unneutralized control characters | fixed: 4 known affected: 18 known not affected: 1 under investigation: 8 | 2026-07-16T04:58:29+00:00 | Vulnerability · Source |
| CVE-2026-42587 | redhat_vex | netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression | fixed: 26 known affected: 44 known not affected: 145 | 2026-07-16T04:35:55+00:00 | Vulnerability · Source |
| CVE-2026-44431 | redhat_vex | urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers | fixed: 95 known affected: 136 known not affected: 510 | 2026-07-16T03:44:02+00:00 | Vulnerability · Source |
| CVE-2026-42257 | redhat_vex | net-imap: Net::IMAP: Arbitrary IMAP command injection via CRLF sequences in unvalidated input | fixed: 12 known affected: 133 | 2026-07-16T03:44:00+00:00 | Vulnerability · Source |
| CVE-2026-48524 | redhat_vex | python-pyjwt: PyJWT: Denial of Service via unverified JSON Web Token key IDs | known affected: 182 known not affected: 7 | 2026-07-16T02:56:00+00:00 | Vulnerability · Source |
| CVE-2026-42258 | redhat_vex | ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments | fixed: 1909 known affected: 4 known not affected: 11 under investigation: 9 | 2026-07-16T02:51:58+00:00 | Vulnerability · Source |
| CVE-2026-39820 | redhat_vex | net/mail: golang: Go net/mail: Denial of Service via crafted email inputs | fixed: 96 known affected: 143 known not affected: 246 under investigation: 132 | 2026-07-16T02:31:03+00:00 | Vulnerability · Source |
| CVE-2025-68121 | redhat_vex | crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption | fixed: 6920 known affected: 203 known not affected: 3906 under investigation: 42 | 2026-07-16T02:26:41+00:00 | Vulnerability · Source |
| CVE-2026-42499 | redhat_vex | net/mail: golang: net/mail: Denial of Service via pathological email address parsing | fixed: 96 known affected: 157 known not affected: 247 under investigation: 117 | 2026-07-16T02:22:14+00:00 | Vulnerability · Source |
| CVE-2026-53550 | redhat_vex | js-yaml: js-yaml: Denial of Service via crafted YAML merge keys | fixed: 8 known affected: 136 known not affected: 51 | 2026-07-16T02:22:08+00:00 | Vulnerability · Source |
| CVE-2026-48523 | redhat_vex | python-pyjwt: PyJWT: Verifier-side algorithm bypass leads to unauthorized information access | known affected: 179 known not affected: 19 | 2026-07-16T02:17:40+00:00 | Vulnerability · Source |
| CVE-2026-53606 | redhat_vex | apostrophecms sanitize-html: sanitize-html: Cross-Site Scripting (XSS) via insufficient URI scheme validation | known affected: 18 under investigation: 2 | 2026-07-16T02:11:57+00:00 | Vulnerability · Source |
| CVE-2026-48525 | redhat_vex | python-pyjwt: PyJWT: Denial of Service via processing of crafted detached JWS tokens | known affected: 191 known not affected: 7 | 2026-07-16T02:11:56+00:00 | Vulnerability · Source |
| CVE-2026-44990 | redhat_vex | sanitize-html: `sanitize-html`: Stored Cross-Site Scripting via HTML sanitizer bypass | fixed: 19 known affected: 12 known not affected: 572 | 2026-07-16T02:11:49+00:00 | Vulnerability · Source |
| CVE-2026-53537 | redhat_vex | multipart: Python-Multipart: Information disclosure via header parsing discrepancy | known affected: 51 known not affected: 3 | 2026-07-16T02:10:14+00:00 | Vulnerability · Source |
| CVE-2026-6733 | redhat_vex | undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery. | fixed: 200 known affected: 46 | 2026-07-16T02:10:10+00:00 | Vulnerability · Source |
| CVE-2026-45409 | redhat_vex | python-idna: idna: Denial of Service via specially crafted long inputs | fixed: 10 known affected: 322 known not affected: 56 | 2026-07-16T02:10:09+00:00 | Vulnerability · Source |
| CVE-2026-48817 | redhat_vex | starlette: Starlette: Information disclosure and unintended method execution via non-standard HTTP methods | known affected: 71 known not affected: 3 | 2026-07-16T02:10:07+00:00 | Vulnerability · Source |
| CVE-2026-53539 | redhat_vex | python-multipart: Python-Multipart: Denial of Service via crafted form-urlencoded bodies | known affected: 9 known not affected: 3 | 2026-07-16T02:10:06+00:00 | Vulnerability · Source |
| CVE-2026-9679 | redhat_vex | undici: undici vulnerable to HTTP header injection via Set-Cookie percent-decoding | fixed: 8 known affected: 72 | 2026-07-16T02:09:55+00:00 | Vulnerability · Source |
| CVE-2026-9678 | redhat_vex | undici: Undici: Information disclosure due to improper cache-control header parsing | fixed: 204 known affected: 37 known not affected: 8 | 2026-07-16T02:09:52+00:00 | Vulnerability · Source |
| CVE-2026-54283 | redhat_vex | starlette: Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS | fixed: 3 known affected: 59 known not affected: 12 | 2026-07-16T02:06:47+00:00 | Vulnerability · Source |
| CVE-2026-6734 | redhat_vex | undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing | fixed: 176 known affected: 20 known not affected: 151 | 2026-07-16T02:04:18+00:00 | Vulnerability · Source |
| CVE-2022-41723 | redhat_vex | golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding | fixed: 1546 known affected: 288 known not affected: 11950 | 2026-07-16T02:02:52+00:00 | Vulnerability · Source |
| CVE-2026-44432 | redhat_vex | urllib3: urllib3: Denial of Service due to excessive HTTP response decompression | fixed: 126 known affected: 62 known not affected: 694 | 2026-07-16T01:40:58+00:00 | Vulnerability · Source |
| CVE-2026-59831 | microsoft_vex | GitHub CLI `gh codespace jupyter` could allow remote code execution when connecting to a malicious Codespace | fixed: 1 known affected: 1 | 2026-07-16T01:39:07+00:00 | Vulnerability · Source |
| CVE-2026-1609 | redhat_vex | org.keycloak/keycloak-quarkus-server: Keycloak: Unauthorized Access via JWT authorization grant with disabled users | known not affected: 6 | 2026-07-16T01:05:52+00:00 | Vulnerability · Source |
| CVE-2026-48863 | redhat_vex | libsolv: Stack-based buffer overflow in libsolv EdDSA PGP signature verification allows denial of service | known not affected: 29 | 2026-07-16T01:05:50+00:00 | Vulnerability · Source |
| CVE-2026-3842 | redhat_vex | qemu-kvm: hyperv/syndbg: missing mapped-length guard after cpu_physical_memory_map causes host OOB write | known not affected: 82 | 2026-07-16T01:05:49+00:00 | Vulnerability · Source |
| CVE-2026-23538 | redhat_vex | feast: Resource exhaustion via WebSocket endpoint | known not affected: 14 | 2026-07-16T01:05:46+00:00 | Vulnerability · Source |
| CVE-2026-45292 | redhat_vex | opentelemetry-java: opentelemetry-api: opentelemetry-extension-trace-propagators: OpenTelemetry Java: Denial of Service due to unbounded memory allocation when parsing oversized baggage | fixed: 10 known affected: 30 known not affected: 85 under investigation: 17 | 2026-07-16T00:40:49+00:00 | Vulnerability · Source |
| CVE-2026-46385 | redhat_vex | github.com/hamba/avro/v2: github.com/linkedin/goavro/v2: CPU Exhaustion in Avro Decoder via Unbounded Block-Count Iteration | fixed: 8 known affected: 3 known not affected: 353 | 2026-07-16T00:09:04+00:00 | Vulnerability · Source |
| CVE-2026-46384 | redhat_vex | github.com/hamba/avro/v2: github.com/linkedin/goavro/v2: Integer Overflow in Avro Decoder | fixed: 8 known affected: 3 known not affected: 353 | 2026-07-16T00:08:58+00:00 | Vulnerability · Source |
| CVE-2026-21721 | redhat_vex | grafana/grafana/pkg/services/dashboards: Grafana Dashboard Permissions Scope Bypass Enables Cross‑Dashboard Privilege Escalation | fixed: 80 known affected: 10 known not affected: 519 | 2026-07-16T00:07:58+00:00 | Vulnerability · Source |
| CVE-2025-9288 | redhat_vex | sha.js: Missing type checks leading to hash rewind and passing on crafted data | fixed: 71 known affected: 15 known not affected: 1305 | 2026-07-16T00:07:58+00:00 | Vulnerability · Source |
| CVE-2026-25639 | redhat_vex | axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig | fixed: 170 known affected: 34 known not affected: 3907 | 2026-07-16T00:07:58+00:00 | Vulnerability · Source |
| CVE-2026-48801 | redhat_vex | linkify-it: linkify-it: Denial of Service via algorithmic complexity vulnerability | fixed: 4 known affected: 20 under investigation: 8 | 2026-07-15T23:36:38+00:00 | Vulnerability · Source |
| CVE-2026-53486 | redhat_vex | decompress: @xhmikosr/decompress: Decompress: Arbitrary file read/write via crafted archive extraction | fixed: 3 known affected: 3 | 2026-07-15T21:56:40+00:00 | Vulnerability · Source |
| CVE-2026-47241 | redhat_vex | net-imap: rubygem-net-imap: Net::IMAP: Denial of Service via malformed command input | fixed: 12 known not affected: 133 | 2026-07-15T21:43:19+00:00 | Vulnerability · Source |
| CVE-2026-47240 | redhat_vex | net-imap: Net::IMAP: Command injection via non-synchronizing literals | fixed: 8 known affected: 124 known not affected: 10 | 2026-07-15T21:43:19+00:00 | Vulnerability · Source |
| CVE-2026-48935 | redhat_vex | nodejs: Node.js: Unauthorized file metadata modification | fixed: 212 known affected: 14 | 2026-07-15T20:47:30+00:00 | Vulnerability · Source |
| CVE-2026-32281 | redhat_vex | crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation | fixed: 1129 known affected: 259 known not affected: 1130 | 2026-07-15T20:42:13+00:00 | Vulnerability · Source |
| CVE-2025-47907 | redhat_vex | database/sql: Postgres Scan Race Condition | fixed: 5222 known affected: 165 known not affected: 2217 | 2026-07-15T20:42:05+00:00 | Vulnerability · Source |
| CVE-2026-48934 | redhat_vex | nodejs: Node.js: Certification validation bypass in TLS host verification | fixed: 212 known affected: 14 | 2026-07-15T20:41:17+00:00 | Vulnerability · Source |
| CVE-2026-48930 | redhat_vex | nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling | fixed: 212 known affected: 14 | 2026-07-15T20:41:12+00:00 | Vulnerability · Source |
| CVE-2026-48928 | redhat_vex | Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency | fixed: 212 known affected: 14 | 2026-07-15T20:41:09+00:00 | Vulnerability · Source |