NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID Description Published Base Score Attack Vector Severity Actions
CVE-2026-54298 Astro is a web framework. Prior to 6.4.6, the spreadAttributes function in Astro's server-side rendering pipeline iterates over object keys and passes... 2026-06-22 4.2 NETWORK MEDIUM NVD
CVE-2026-54293 NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Lang... 2026-06-22 7.5 NETWORK HIGH NVD
CVE-2026-53663 React Router is a router for React. From 7.12.0 until 7.15.1, certain CSRF checks in React Router v7 Framework Mode were insufficient and run on POST ... 2026-06-22 3.1 NETWORK LOW NVD
CVE-2026-50146 Astro is a web framework. Prior to 6.3.3, when a component uses a client:* directive, Astro inserts named slot content into a data-astro-template attr... 2026-06-22 7.1 NETWORK HIGH NVD
CVE-2026-11834 A command injection vulnerability has been identified in the DHCP option processing logic in multiple TP-Link router models, due to insufficient valid... 2026-06-22 8.7 ADJACENT HIGH NVD
CVE-2026-56109 The Advanced Linux Sound Architecture (ALSA) library before 1.2.16.1 contains a double-free vulnerability in parse_def() in src/conf.c that allows att... 2026-06-22 6.8 LOCAL MEDIUM NVD
CVE-2026-55602 http-proxy-middleware is node.js http-proxy middleware. From 0.16.0 until 2.0.10, 3.0.6, and 4.1.0, http-proxy-middleware documents router proxy-table... 2026-06-22 8.6 NETWORK HIGH NVD
CVE-2026-54285 opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 2.8.0, W3CBaggagePropagator.extract() in @opentelemetry/core does not enforce size l... 2026-06-22 5.3 NETWORK MEDIUM NVD
CVE-2026-54283 Starlette is a lightweight ASGI framework/toolkit. From 0.4.1 until 1.3.1, request.form() accepts max_fields and max_part_size to bound resource consu... 2026-06-22 7.5 NETWORK HIGH NVD
CVE-2026-54282 Starlette is a lightweight ASGI framework/toolkit. Prior to 1.3.0, the HTTP request path is not validated before being used to reconstruct request.url... 2026-06-22 3.7 NETWORK LOW NVD
CVE-2026-54280 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, payload resources are not closed correctly when a cli... 2026-06-22 7.5 NETWORK HIGH NVD
CVE-2026-54279 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, host-only cookies that are saved with CookieJar.save(... 2026-06-22 7.5 NETWORK HIGH NVD
CVE-2026-54278 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, during cleanup it is possible for a compressed reques... 2026-06-22 7.5 NETWORK HIGH NVD
CVE-2026-54277 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, it is possible to bypass the max_line_size check in p... 2026-06-22 6.6 NETWORK MEDIUM NVD
CVE-2026-54276 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, DigestAuthMiddleware can send an authentication respo... 2026-06-22 6.3 NETWORK MEDIUM NVD