VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
221665 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2026-48806 | redhat_vex | twig/twig: Twig: Information disclosure and limited data modification via sandbox bypass | known not affected: 1 | 2026-07-15T12:29:14+00:00 | Vulnerability · Source |
| CVE-2026-46633 | redhat_vex | twig/twig: Twig: Arbitrary code execution via crafted template name | known not affected: 1 | 2026-07-15T12:29:13+00:00 | Vulnerability · Source |
| CVE-2026-49981 | redhat_vex | twig/twig: Twig: Information disclosure via sandbox bypass | known not affected: 1 | 2026-07-15T12:28:51+00:00 | Vulnerability · Source |
| CVE-2026-46639 | redhat_vex | twig/twig: Twig: Sandbox bypass allows information disclosure and method invocation | known not affected: 1 | 2026-07-15T12:27:46+00:00 | Vulnerability · Source |
| CVE-2026-47428 | redhat_vex | vitest: Vitest: Arbitrary code execution via crafted browser-runner URL | known affected: 1 known not affected: 7 | 2026-07-15T12:27:34+00:00 | Vulnerability · Source |
| CVE-2026-49477 | redhat_vex | soupsieve: Soupsieve: Denial of Service via crafted CSS selector strings | known affected: 29 under investigation: 10 | 2026-07-15T12:26:58+00:00 | Vulnerability · Source |
| CVE-2026-33186 | redhat_vex | google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation | fixed: 2457 known affected: 409 known not affected: 27379 under investigation: 1 | 2026-07-15T12:26:53+00:00 | Vulnerability · Source |
| CVE-2025-61729 | redhat_vex | crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate | fixed: 7441 known affected: 440 known not affected: 4587 under investigation: 2 | 2026-07-15T12:26:40+00:00 | Vulnerability · Source |
| CVE-2026-47429 | redhat_vex | vitest: Vitest: Arbitrary code execution and information disclosure via path traversal | known affected: 1 known not affected: 9 | 2026-07-15T12:26:19+00:00 | Vulnerability · Source |
| CVE-2026-54283 | redhat_vex | starlette: Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS | fixed: 3 known affected: 61 known not affected: 10 | 2026-07-15T12:25:33+00:00 | Vulnerability · Source |
| CVE-2026-46638 | redhat_vex | twig/twig: Twig: Security bypass allows unauthorized template execution | known not affected: 1 | 2026-07-15T12:25:18+00:00 | Vulnerability · Source |
| CVE-2026-46640 | redhat_vex | twig/twig: Twig: Arbitrary code execution via improper handling of dynamic attributes | known not affected: 1 | 2026-07-15T12:24:57+00:00 | Vulnerability · Source |
| CVE-2026-48807 | redhat_vex | twig/twig: Twig: Sandbox bypass allows information disclosure | known not affected: 1 | 2026-07-15T12:24:43+00:00 | Vulnerability · Source |
| CVE-2026-47732 | redhat_vex | twig/twig: Twig: Security policy bypass leads to information disclosure | known not affected: 1 | 2026-07-15T12:24:34+00:00 | Vulnerability · Source |
| CVE-2026-8177 | redhat_vex | perl-XML-LibXML: XML::LibXML: Denial of Service via truncated UTF-8 in XML node names | fixed: 39 known affected: 2 known not affected: 1 | 2026-07-15T12:23:45+00:00 | Vulnerability · Source |
| CVE-2026-34881 | redhat_vex | openstack-glance: OpenStack Glance: Server-Side Request Forgery leading to unauthorized internal network access | fixed: 3 known affected: 6 | 2026-07-15T12:23:36+00:00 | Vulnerability · Source |
| CVE-2025-61726 | redhat_vex | golang: net/url: Memory exhaustion in query parameter parsing in net/url | fixed: 10108 known affected: 454 known not affected: 16780 | 2026-07-15T12:21:19+00:00 | Vulnerability · Source |
| CVE-2026-42790 | redhat_vex | erlang: Erlang OTP public_key: Certificate validation bypass allows hostname spoofing | fixed: 30 known affected: 40 | 2026-07-15T12:20:32+00:00 | Vulnerability · Source |
| CVE-2026-42789 | redhat_vex | erlang: Erlang OTP public_key: Certificate chain forgery via improper trust chain validation | fixed: 30 known affected: 40 | 2026-07-15T12:20:28+00:00 | Vulnerability · Source |
| CVE-2026-43001 | redhat_vex | OpenStack Keystone: OpenStack Keystone: Unauthorized cross-project access due to improper validation in EC2 credential creation | fixed: 3 known affected: 5 known not affected: 4 | 2026-07-15T12:11:28+00:00 | Vulnerability · Source |
| CVE-2026-27137 | redhat_vex | crypto/x509: Incorrect enforcement of email constraints in crypto/x509 | fixed: 329 known affected: 134 known not affected: 1117 | 2026-07-15T12:07:23+00:00 | Vulnerability · Source |
| CVE-2026-33810 | redhat_vex | crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application | fixed: 117 known affected: 149 known not affected: 913 | 2026-07-15T12:01:55+00:00 | Vulnerability · Source |
| CVE-2023-39325 | redhat_vex | golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) | fixed: 4761 known affected: 244 known not affected: 30354 | 2026-07-15T11:51:23+00:00 | Vulnerability · Source |
| CVE-2026-12143 | redhat_vex | form-data: form-data: Form field override via CRLF injection | fixed: 97 known affected: 50 known not affected: 157 under investigation: 108 | 2026-07-15T11:34:25+00:00 | Vulnerability · Source |
| CVE-2025-66506 | redhat_vex | github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token | fixed: 320 known affected: 66 known not affected: 1247 | 2026-07-15T11:34:10+00:00 | Vulnerability · Source |
| CVE-2025-66471 | redhat_vex | urllib3: urllib3 Streaming API improperly handles highly compressed data | fixed: 1948 known affected: 359 known not affected: 3318 under investigation: 1 | 2026-07-15T11:33:56+00:00 | Vulnerability · Source |
| CVE-2025-66418 | redhat_vex | urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion | fixed: 1933 known affected: 421 known not affected: 2586 under investigation: 1 | 2026-07-15T11:33:37+00:00 | Vulnerability · Source |
| CVE-2025-64756 | redhat_vex | glob: glob: Command Injection Vulnerability via Malicious Filenames | fixed: 171 known affected: 145 known not affected: 1097 | 2026-07-15T11:33:23+00:00 | Vulnerability · Source |
| CVE-2025-30204 | redhat_vex | golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing | fixed: 3038 known affected: 78 known not affected: 11728 | 2026-07-15T11:32:51+00:00 | Vulnerability · Source |
| CVE-2025-22869 | redhat_vex | golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh | fixed: 2719 known affected: 54 known not affected: 6259 under investigation: 1 | 2026-07-15T11:31:38+00:00 | Vulnerability · Source |
| CVE-2025-22868 | redhat_vex | golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws | fixed: 1876 known affected: 95 known not affected: 8426 | 2026-07-15T11:31:06+00:00 | Vulnerability · Source |
| CVE-2026-39835 | redhat_vex | golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate | fixed: 653 known affected: 148 known not affected: 316 under investigation: 1 | 2026-07-15T10:36:19+00:00 | Vulnerability · Source |
| CVE-2026-48125 | redhat_vex | ua-parser-js: UAParser.js: Denial of Service via crafted Client Hints header | known affected: 20 | 2026-07-15T10:35:56+00:00 | Vulnerability · Source |
| CVE-2026-42342 | redhat_vex | react-router: @remix-run/server-runtime: React Router / Remix: Denial of Service via unbounded path expansion in __manifest endpoint | known affected: 148 known not affected: 26 | 2026-07-15T10:31:14+00:00 | Vulnerability · Source |
| CVE-2026-45736 | redhat_vex | ws: ws: Uninitialized memory disclosure via `websocket.close()` with `TypedArray` | fixed: 29 known affected: 58 known not affected: 383 | 2026-07-15T10:31:05+00:00 | Vulnerability · Source |
| CVE-2026-43514 | redhat_vex | tomcat-coyote: Apache Tomcat: Information disclosure via AJP secret timing discrepancy | fixed: 4 known affected: 28 | 2026-07-15T10:19:37+00:00 | Vulnerability · Source |
| CVE-2026-47736 | redhat_vex | puma: Puma: Denial of Service due to unbounded memory growth in PROXY protocol v1 | known not affected: 19 | 2026-07-15T10:17:11+00:00 | Vulnerability · Source |
| CVE-2026-47737 | redhat_vex | puma: Puma: Source IP spoofing via PROXY protocol header re-parsing | known not affected: 19 | 2026-07-15T10:16:31+00:00 | Vulnerability · Source |
| CVE-2026-33811 | redhat_vex | net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME | fixed: 501 known affected: 261 known not affected: 516 under investigation: 17 | 2026-07-15T10:00:31+00:00 | Vulnerability · Source |
| CVE-2026-32283 | redhat_vex | crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages | fixed: 2038 known affected: 220 known not affected: 954 under investigation: 1 | 2026-07-15T10:00:17+00:00 | Vulnerability · Source |
| CVE-2026-39830 | redhat_vex | golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses | fixed: 578 known affected: 191 known not affected: 484 under investigation: 4 | 2026-07-15T09:56:30+00:00 | Vulnerability · Source |
| CVE-2026-49459 | redhat_vex | dompurify: DOMPurify: Cross-site scripting bypass allows arbitrary script execution | known affected: 4 under investigation: 44 | 2026-07-15T09:56:27+00:00 | Vulnerability · Source |
| CVE-2026-42997 | redhat_vex | OpenStack Ironic: OpenStack Ironic: Information disclosure via credential forwarding during mold import | fixed: 4 known affected: 9 known not affected: 4 | 2026-07-15T09:56:18+00:00 | Vulnerability · Source |
| CVE-2026-49458 | redhat_vex | dompurify: DOMPurify: Cross-site scripting due to improper sanitization of DOM nodes | known affected: 7 under investigation: 41 | 2026-07-15T09:51:16+00:00 | Vulnerability · Source |
| CVE-2026-53486 | redhat_vex | decompress: @xhmikosr/decompress: Decompress: Arbitrary file read/write via crafted archive extraction | known affected: 4 | 2026-07-15T09:46:13+00:00 | Vulnerability · Source |
| CVE-2026-35469 | redhat_vex | Kubelet: CRI-O: kube-apiserver: Kubelet, CRI-O, kube-apiserver: Denial of Service via SPDY streaming code | fixed: 404 known affected: 78 known not affected: 15464 | 2026-07-15T09:31:40+00:00 | Vulnerability · Source |
| CVE-2026-12151 | redhat_vex | undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames | fixed: 255 known affected: 53 known not affected: 110 | 2026-07-15T09:31:05+00:00 | Vulnerability · Source |
| CVE-2026-15028 | redhat_vex | libarchive: heap overflow OOB read while parsing a tar archive contains a PAX extended header | fixed: 3 known affected: 21 | 2026-07-15T09:15:14+00:00 | Vulnerability · Source |
| CVE-2026-27136 | redhat_vex | golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via HTML parsing bypass | fixed: 218 known affected: 420 known not affected: 170 under investigation: 2 | 2026-07-15T09:12:05+00:00 | Vulnerability · Source |
| CVE-2026-46579 | redhat_vex | openshift/router: openshift/router: mTLS client certificate spoofing via unstripped X-SSL-Client headers on HTTP frontend | fixed: 16 known affected: 1 known not affected: 1476 | 2026-07-15T09:09:53+00:00 | Vulnerability · Source |