Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
49,224
Mitigations
Mitigation rules
15,888
No official patch
13,070
In triage
1,305
Published soon
69
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear filters
Affected software | Vulnerability
Risk
Disclosed
waku
<= 1.0.0-beta.0
NPM: Waku has an Open Redirect via `unstable_redirect` Helper
3.1
3 hours ago
waku
<= 1.0.0-beta.0
NPM: Waku: Cross-Origin CSRF on RSC Server Action Dispatch
6.5
3 hours ago
@better-auth/scim
>= 1.5.0, < 1.7.0-beta.4
NPM: @better-auth/scim: Account/provider takeover via missing owner binding on non-org SCIM providers
8.3
1 day ago
better-auth
>= 0.3.4, < 1.6.11
NPM: Better Auth: Stale sessions persist after user deletion across admin, anonymous, and SCIM flows
3.8
1 day ago
@better-auth/scim
>= 1.6.0, < 1.6.11
NPM: Better Auth: Stale sessions persist after user deletion across admin, anonymous, and SCIM flows
3.8
1 day ago
better-auth
< 1.6.11
NPM: @better-auth/oauth-provider's OAuth authorization-code grant allows concurrent redemption when two token requests race the find-then-delete primitive
8.1
1 day ago
@better-auth/oauth-provider
>= 1.6.0, < 1.6.11
NPM: @better-auth/oauth-provider's OAuth authorization-code grant allows concurrent redemption when two token requests race the find-then-delete primitive
8.1
1 day ago
@better-auth/sso
>= 0.1.0, < 1.6.11
NPM: @better-auth/sso provider registration has server-side request forgery via unvalidated OIDC endpoints
9.6
1 day ago
better-auth
>= 1.4.8-beta.7, < 1.6.0
NPM: Better Auth: OAuth refresh-token rotation forks the token family on concurrent redemption
8.1
1 day ago
@better-auth/oauth-provider
>= 1.6.0, < 1.6.11
NPM: Better Auth: OAuth refresh-token rotation forks the token family on concurrent redemption
8.1
1 day ago
better-auth
< 1.6.11
NPM: Better Auth has insecure cryptographic defaults in oidcProvider: alg=none advertised and plain PKCE accepted by default
8.7
1 day ago
better-auth
< 1.6.13
NPM: Better Auth has stored XSS in the auth-server origin via javascript: redirect_uri in oidc-provider and mcp
7.7
1 day ago
better-auth
< 1.6.11
NPM: Better Auth has an account takeover issue via OAuth auto-link to unverified pre-registered email
8.3
1 day ago
better-auth
< 1.6.11
NPM: Better Auth vulnerable to unauthorized invitation acceptance via unverified email match in organization plugin
7.7
1 day ago
@better-auth/oauth-provider
>= 1.4.8, < 1.7.0-beta.4
NPM: @better-auth/oauth-provider may provide access tokens for unauthorized audiences via unbound resource indicators
6.4
1 day ago
better-auth
< 1.6.11
NPM: Better Auth: OAuth refresh-token replay via missing client authentication on oidc-provider and mcp plugins
9.1
1 day ago
@aborruso/ckan-mcp-server
< 0.4.106
NPM: @aborruso/ckan-mcp-server: SSRF via base_url allows access to internal networks (Potential fix bypass of CVE-2026-33060)
5.7
1 day ago
9router
<= 0.4.71
NPM: 9router: Login brute-force protection bypass via spoofed X-Forwarded-For header
7.3
2 days ago
9router
<= 0.4.71
NPM: 9routers has Exposure of Sensitive Information and Unprotected Database Import/Export, Allowing Complete Credential Theft and Database Takeover
9.9
2 days ago
9router
<= 0.4.41
NPM: 9router has unauthenticated CRUD on /api/providers and Full API Key Leak via /api/usage/stats
10
2 days ago
Load more