NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID Description Published Base Score Attack Vector Severity Actions
CVE-2026-50021 pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's tarball extraction worker skips integrity verification when the integrity field is abse... 2026-06-25 6.8 NETWORK MEDIUM NVD
CVE-2026-50017 pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm can send user-level unscoped npm authentication credentials to a registry chosen by a rep... 2026-06-25 6.5 NETWORK MEDIUM NVD
CVE-2026-50016 pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm allows a transitive dependency alias from registry package metadata to contain path trave... 2026-06-25 8.8 NETWORK HIGH NVD
CVE-2026-50015 pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's patch application pipeline (@pnpm/patch-package) performs no path validation on file pa... 2026-06-25 7.3 NETWORK HIGH NVD
CVE-2026-50014 pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm passes the lockfile-controlled git resolution.commit value to git fetch without a -- sepa... 2026-06-25 6.4 NETWORK MEDIUM NVD
CVE-2026-49839 jq is a command-line JSON processor. Prior to 1.8.2,` jq --rawfile` can turn a handled oversized-string error into invalid-state reuse and a real heap... 2026-06-25 7.1 LOCAL HIGH NVD
CVE-2026-48995 pnpm is a package manager. Prior to 10.33.4 and 11.0.7, a malicious codeload.github.com server can serve whatever tarball it wants and pnpm will insta... 2026-06-25 7.5 NETWORK HIGH NVD
CVE-2026-47770 jq is a command-line JSON processor. Prior to 1.8.2, comparing two sufficiently deeply nested arrays with the == operator exhausts the C stack on jq's... 2026-06-25 5.5 LOCAL MEDIUM NVD
CVE-2026-11999 X.509 trust-chain bypass (path-depth exhaustion) in the OpenSSL compatibility certificate verifier (wolfSSL_X509_verify_cert()). This affects only bui... 2026-06-25 7.5 NETWORK HIGH NVD
CVE-2026-9800 A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, s... 2026-06-25 8.1 NETWORK HIGH NVD
CVE-2026-9799 A flaw was found in org.keycloak.authorization. An authenticated user with a granted User-Managed Access (UMA) permission ticket for one resource can ... 2026-06-25 4.6 NETWORK MEDIUM NVD
CVE-2026-9705 A flaw was found in Keycloak's client registration service. A remote attacker, possessing a previously issued Registration Access Token (RAT), could e... 2026-06-25 6.5 NETWORK MEDIUM NVD
CVE-2026-9099 A flaw was found in Keycloak. A missing authorization check in the GroupResource.addChild() endpoint within the Admin REST API allows an authenticated... 2026-06-25 7.7 NETWORK HIGH NVD
CVE-2026-9086 A flaw was found in Keycloak. A remote attacker with administrative privileges, specifically those with `manage-client` permission or access to client... 2026-06-25 7.3 NETWORK HIGH NVD
CVE-2026-9083 A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem ... 2026-06-25 4.9 NETWORK MEDIUM NVD