Get a Demo

Software Supply Chain Threat Intelligence

Endor Labs Threat Research

Move beyond CVE lists with enriched vulnerability intelligence, reachability and exploitability context, and built-in remediation—including drop-in patches when upgrades aren’t an option.

Packages
0
CVE
0
AI Model
0
Reports
0
0
Sort by Risk Level
Sort by Date
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Most Recent

Low Risk
10
January 2, 2023

org.apache.ws.commons.axiom:xml-utils

Low Risk
10
December 26, 2022

org.apache.xbean:xbean-asm9-shaded

0
Sort by Severity Level
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Most Recent

0

CVE-2025-68954

Pterodactyl does not revoke SFTP access when server is deleted or permissions reduced
7.5

CVE-2021-36090

Improper Handling of Length Parameter Inconsistency in Compress
7.8

CVE-2021-40765

Adobe Character Animator version 4.4 (and earlier) is affected by a memory corruption vulnerability when parsing a M4A file, potentially resulting in arbitrary code execution in the context of the cur...
9.1

DEBIAN-CVE-2026-3061

Out of bounds read in Media in Google Chrome prior to 145.0.7632.116 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
9.8

CVE-2026-4395

CVE-2026-4395 wolfssl
7.5

CVE-2021-36145

The Device Model in ACRN through 2.5 has a devicemodel/core/mem.c use-after-free for a freed rb_entry.
0

CVE-2026-23534

freerdp: FreeRDP: Arbitrary code execution and denial of service via client-side heap buffer overflow (important)
7.8

CVE-2024-52976

Inclusion of functionality from an untrusted control sphere in Elastic Agent subprocess, osqueryd, allows local attackers to execute arbitrary code via parameter injection.An attacker requires local...
0

CVE-2026-31877

Frappe SQL Injection due to improper field sanitization
7.8

CVE-2023-6334

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in HYPR Workforce Access on Windows allows Overflow Buffers.This issue affects Workforce Access: before 8.7.
8.1

CVE-2020-36185

Unsafe Deserialization in jackson-databind
9.8

CVE-2026-0907

CVE-2026-0907 chromium
9.8

CVE-2026-25938

FUXA Unauthenticated Remote Code Execution in Node-RED Integration
9.8

CVE-2025-63389

A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3.
9.1

GHSA-5wr9-m6jw-xx44

Scriban: Sandbox escape due to TypedObjectAccessorcache bypassing MemberFilter after TemplateContext reuse
9.8

CVE-2020-24336

An issue was discovered in Contiki through 3.0 and Contiki-NG through 4.5.
7.5

CVE-2025-66960

An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/gguf.go, function readGGUFV1String reads a string length from untrusted GGUF metadata
8.8

GHSA-r33w-fg8j-9c94

MagicLink: Insecure Deserialization of MagicLink Actions Leads to Remote Code Execution
7.5

CVE-2026-21889

Weblate leaks information via screenshots
0

CVE-2026-27613

CGI Parameter Injection (Bypass of STRICT_CGI_PARAMS and EscapeShellParam)
9.1

CVE-2025-63388

A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/system-features endpoint.
7.2

CVE-2022-27925

Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it.
6.5

CVE-2026-24418

OpenSTAManager has a SQL Injection vulnerability in the Scadenzario bulk operations module
9.8

CVE-2025-10329

A vulnerability was detected in cdevroe unmark up to 1.9.3. This affects an unknown part of the file /application/controllers/Marks.php.
9.8

DEBIAN-CVE-2026-4176

Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib.
0
Sort by Risk Level
Sort by Downloads
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Most Recent

Medium Risk
39122 downloads
10

John6666/autismmix-sdxl-autismmix-pony-sdxl

Medium Risk
39033 downloads
4

MilaNLProc/feel-it-italian-emotion

Low Risk
39013 downloads
8

timm/inception_v3.tf_adv_in1k

Medium Risk
38984 downloads
4

infgrad/stella-base-en-v2

Medium Risk
38954 downloads
4

Qwen/Qwen2.5-Math-RM-72B

High Risk
38883 downloads
0

peft-internal-testing/tiny_OPTForFeatureExtraction-lora

0
Sort by Date
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Most Recent

A Practitioner’s Guide to Responding to the TeamPCP Supply Chain Attacks
Read More
March 27, 2026
EU Cyber Resilience Act
EU Cyber Resilience Act
Read More
February 27, 2026
Context Engineering for Application Security Whitepaper
Context Engineering for Application Security
Read More
February 10, 2026
The New era of Code-to-Cloud Security
Read More
December 2, 2025
AI SAST: Combining Agents, Program Analysis, and Rules for High-Confidence Code Security
AI SAST: Combining Agents, Program Analysis, and Rules for High-Confidence Code Security
Read More
November 19, 2025
Invisible Threats and the Blind Spots of Security
Invisible Threats and the Blind Spots of Security 

Read More
November 13, 2025
State of Dependency Management 2025
State of Dependency Management 2025
Read More
November 4, 2025
A Practical Guide to AI and Application Security
Read More
September 19, 2025
Cracking the Code: Solving the Challenges of C/C++ Software Composition Analysis
Cracking the Code: Solving the Challenges of C/C++ Software Composition Analysis
Read More
June 18, 2025
Endor Labs Policies: Developer-Friendly Security Automation
Endor Labs Policies: Developer-Friendly Security Automation
Read More
May 19, 2025
AI Security Code Review: A Multi-Agent Approach for Detecting Security Design Flaws at Scale
AI Security Code Review: A Multi-Agent Approach for Detecting Security Design Flaws at Scale
Read More
April 23, 2025
Endor Patches whitepaper
Endor Patches Whitepaper
Read More
December 16, 2024
Dependency Management Report
Read More
September 12, 2024
Endor Labs Brand Guidelines
Read More
August 23, 2024
Guide to Implementing Software Supply Chain Security, What to Consider When Designing a Program
Guide to Implementing Software Supply Chain Security
Read More
April 30, 2024
State of Dependency Management 2023
State of Dependency Management 2023
Read More
July 20, 2023
OWASP Top 10 Risks for Open Source
OWASP Top 10 Risks for Open Source
Read More
March 1, 2023
State of Dependency Management 2022
State of Dependency Management 2022
Read More
December 8, 2022
ENDOR LABS PATCHES

Fix all vulnerabilities across a package, no upgrade required

Book a Demo

Latest Research

CVE-2026-25896: Entity Encoding Bypass in fast-xml-parser
Read now
AI SAST Finding: Path Traversal in OpenClaw via LLM Guardrail Bypass
Read now
ENDOR LABS PATCHES

Fix Vulnerabilities Without Upgrading

Book a Demo

How Endor Patches work

Security fixes are often several versions ahead—bundled with changes that can break your code.
Endor Patches deliver the maintainer-approved fix, tested for compatibility with older versions. Get just the security fix now, and upgrade on your timeline.

See for yourself why Endor Labs is the fastest growing AppSec company ever.

This is some text inside of a div block.
Sort by Risk Level
Sort by Risk Level