The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

Total49,251
Mitigations15,912
Stats
CVSS0
10
Affected software | Vulnerability
RiskDisclosed
@jsonbored/gittensory-mcp<= 0.1.0
NPM: Gittensory: Missing contributor-scoped access control on profile endpoint and MCP tool leaks miner financial data
6.5
2 hours ago
Eventer<= 4.4.2
Unauthenticated SQL Injection vulnerability
9.3
7 hours ago
Eventer<= 4.4.2
Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation vulnerability
9.3
7 hours ago
Simple Coherent Form<= 2.4.13
Unauthenticated Arbitrary File Deletion vulnerability
9.1
7 hours ago
Jssor Slider by jssor.com<= 3.1.24
Unauthenticated Arbitrary File Read vulnerability
7.5
7 hours ago
Backstage<= 1.4.2
Unauthenticated Privilege Escalation vulnerability
7.5
7 hours ago
多说社会化评论框<= 1.2
Unauthenticated Privilege Escalation vulnerability
8.8
8 hours ago
Widget Logic Visual<= 1.52
Authenticated (Subscriber+) Remote Code Execution vulnerability
8.8
8 hours ago
waku<= 1.0.0-beta.0
NPM: Waku has an Open Redirect via `unstable_redirect` Helper
3.1
20 hours ago
waku<= 1.0.0-beta.0
NPM: Waku: Cross-Origin CSRF on RSC Server Action Dispatch
6.5
20 hours ago
@better-auth/scim>= 1.5.0, < 1.7.0-beta.4
NPM: @better-auth/scim: Account/provider takeover via missing owner binding on non-org SCIM providers
8.3
1 day ago
better-auth>= 0.3.4, < 1.6.11
NPM: Better Auth: Stale sessions persist after user deletion across admin, anonymous, and SCIM flows
3.8
1 day ago
@better-auth/scim>= 1.6.0, < 1.6.11
NPM: Better Auth: Stale sessions persist after user deletion across admin, anonymous, and SCIM flows
3.8
1 day ago
better-auth< 1.6.11
NPM: @better-auth/oauth-provider's OAuth authorization-code grant allows concurrent redemption when two token requests race the find-then-delete primitive
8.1
1 day ago
@better-auth/oauth-provider>= 1.6.0, < 1.6.11
NPM: @better-auth/oauth-provider's OAuth authorization-code grant allows concurrent redemption when two token requests race the find-then-delete primitive
8.1
1 day ago
@better-auth/sso>= 0.1.0, < 1.6.11
NPM: @better-auth/sso provider registration has server-side request forgery via unvalidated OIDC endpoints
9.6
1 day ago
better-auth>= 1.4.8-beta.7, < 1.6.0
NPM: Better Auth: OAuth refresh-token rotation forks the token family on concurrent redemption
8.1
1 day ago
@better-auth/oauth-provider>= 1.6.0, < 1.6.11
NPM: Better Auth: OAuth refresh-token rotation forks the token family on concurrent redemption
8.1
1 day ago
better-auth< 1.6.11
NPM: Better Auth has insecure cryptographic defaults in oidcProvider: alg=none advertised and plain PKCE accepted by default
8.7
1 day ago
better-auth< 1.6.13
NPM: Better Auth has stored XSS in the auth-server origin via javascript: redirect_uri in oidc-provider and mcp
7.7
1 day ago