Get a Demo

Software Supply Chain Threat Intelligence

Endor Labs Threat Research

Move beyond CVE lists with enriched vulnerability intelligence, reachability and exploitability context, and built-in remediation—including drop-in patches when upgrades aren’t an option.

Packages
0
CVE
0
AI Model
0
Reports
0
0
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Most Recent

Low Risk
March 7, 2026

oorandom

cargo
Low Risk
March 7, 2026

oorandom

cargo
Low Risk
March 6, 2026

com.cenqua.clover:clover

Low Risk
March 6, 2026

com.cenqua.clover:clover

Low Risk
March 6, 2026

com.google.apis:google-api-services-iam

Low Risk
March 6, 2026

com.google.jsinterop:base

Low Risk
March 6, 2026

com.google.apis:google-api-services-iam

Low Risk
March 6, 2026

org.jsr107.ri:cache-annotations-ri-common

0
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Most Recent

0

GHSA-g9r4-xpmj-mj65

Prototype Pollution in handlebars
0

RUSTSEC-2024-0370

proc-macro-error is unmaintained
8.1

GHSA-wq9x-qwcq-mmgf

Diesel vulnerable to Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts
7.5

CVE-2022-34169

Apache Xalan Java XSLT library integer truncation issue when processing malicious XSLT stylesheets
0

RUSTSEC-2024-0384

`instant` is unmaintained
7.5

GHSA-xffm-g5w8-qvg7

@eslint/plugin-kit is vulnerable to Regular Expression Denial of Service attacks through ConfigCommentParser
4.8

CVE-2021-29425

Path Traversal and Improper Input Validation in Apache Commons IO
7.5

CVE-2026-25547

@isaacs/brace-expansion has Uncontrolled Resource Consumption
0

RUSTSEC-2023-0081

safemem is unmaintained
7.5

CVE-2023-26464

Apache Log4j 1.x (EOL) allows Denial of Service (DoS)
5.9

CVE-2025-41242

Spring Framework MVC Applications Path Traversal Vulnerability
0

CVE-2026-25134

Group-Office Argument Injection in MaintenanceController::actionZipLanguage
0

RUSTSEC-2024-0418

gtk-rs GTK3 bindings - no longer maintained
9.8

CVE-2021-42392

RCE in H2 Console
6.5

CVE-2025-66402

misskey.js's export data contains private post data
7.5

CVE-2022-45693

Jettison Out-of-bounds Write vulnerability
5.4

CVE-2016-0782

Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ
9.8

CVE-2025-9415

A vulnerability was identified in GreenCMS up to 2.3.0603. This affects an unknown part of the file /index.php?m=admin&c=media&a=fileconnect.
9.8

CVE-2019-1010297

Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Execution of code in TEE core (kernel) context. The component is: optee_os.
4.3

CVE-2015-5262

Denial of service vulnerability in org.apache.httpcomponents:httpclient
9.8

CVE-2024-13239

This module enables you to allow and/or require users to use a second authentication method in addition to password authentication.In some cases, the module allows users to log in with an authentica...
0

RUSTSEC-2025-0057

fxhash - no longer maintained
9.8

CVE-2026-2757

CVE-2026-2757 firefox-esr
5.9

CVE-2023-34453

snappy-java's Integer Overflow vulnerability in shuffle leads to DoS
4.3

CVE-2012-6153

Improper certificate validation in org.apache.httpcomponents:httpclient
0
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Most Recent

Medium Risk
7403 downloads

unsloth/Qwen2.5-0.5B-Instruct-bnb-4bit

Medium Risk
7425 downloads

segment-any-text/sat-3l

Medium Risk
7414 downloads

genmo/mochi-1-preview

Medium Risk
7422 downloads

castorini/monot5-base-msmarco

Low Risk
7425 downloads

facebook/convnextv2-base-22k-384

Low Risk
7431 downloads

TheBloke/dolphin-2.2.1-mistral-7B-GGUF

Medium Risk
11893 downloads

google/shieldgemma-2-4b-it

Low Risk
10693 downloads

bond005/wav2vec2-large-ru-golos

Medium Risk
12706 downloads

BAAI/Emu3-Chat

Low Risk
15874 downloads

microsoft/bitnet-b1.58-2B-4T

Medium Risk
142715 downloads

ai4bharat/IndicBART

Low Risk
364698 downloads

anton-l/wav2vec2-large-xlsr-53-estonian

Low Risk
28295 downloads

linkanjarad/mobilenet_v2_1.0_224-plant-disease-identification

Medium Risk
57021 downloads

google/gemma-3-27b-pt

Medium Risk
9740 downloads

bartowski/Qwen_Qwen3-30B-A3B-GGUF

Low Risk
8335 downloads

dragonkue/multilingual-e5-small-ko

Low Risk
8602 downloads

rombodawg/rombos_Replete-Coder-Llama3-8B

Low Risk
15303 downloads

nvidia/stt_de_conformer_transducer_large

Medium Risk
11716 downloads

SakuraLLM/Sakura-7B-Qwen2.5-v1.0-GGUF

Low Risk
9374 downloads

h2oai/h2ogpt-oig-oasst1-512-6_9b

Medium Risk
7493 downloads

Qwen/Qwen-14B-Chat

Medium Risk
7530 downloads

dicta-il/dictalm2.0-instruct

Low Risk
7472 downloads

DiTy/cross-encoder-russian-msmarco

Medium Risk
7528 downloads

bartowski/Qwen2.5.1-Coder-7B-Instruct-GGUF

Medium Risk
7607 downloads

DavidAU/L3.2-Rogue-Creative-Instruct-Uncensored-Abliterated-7B-GGUF

Low Risk
7586 downloads

urchade/gliner_small-v2.1

Low Risk
7580 downloads

facebook/mask2former-swin-tiny-coco-panoptic

High Risk
7513 downloads

sshleifer/tiny-distilroberta-base

Low Risk
7622 downloads

google/mobilenet_v1_0.75_192

Low Risk
7583 downloads

T-Systems-onsite/cross-en-de-roberta-sentence-transformer

Low Risk
7580 downloads

google/canine-c

Medium Risk
7463 downloads

imvladikon/sentence-transformers-alephbert

Low Risk
7451 downloads

MoritzLaurer/multilingual-MiniLMv2-L6-mnli-xnli

Medium Risk
7623 downloads

openmmlab/upernet-convnext-small

Medium Risk
7440 downloads

laion/CLIP-ViT-g-14-laion2B-s34B-b88K

Medium Risk
7464 downloads

lmstudio-community/Meta-Llama-3-8B-Instruct-GGUF

Low Risk
7431 downloads

timm/convnextv2_large.fcmae_ft_in22k_in1k

Low Risk
7440 downloads

Helsinki-NLP/opus-mt-en-hu

Medium Risk
7452 downloads

kandinsky-community/kandinsky-2-2-prior

Medium Risk
1080695 downloads

Qwen/Qwen3-TTS-12Hz-1.7B-CustomVoice

Low Risk
9031 downloads

timm/resnetv2_50x1_bit.goog_in21k

Medium Risk
20844 downloads

Qwen/Qwen2-VL-7B

Medium Risk
8671 downloads

google/timesfm-2.0-500m-pytorch

Medium Risk
8450 downloads

Qwen/QwQ-32B-Preview

Medium Risk
11497 downloads

ByteDance-Seed/UI-TARS-7B-SFT

Low Risk
14262 downloads

pczarnik/herbert-base-ner

Low Risk
249636 downloads

Qwen/Qwen3-ASR-0.6B

Low Risk
10210 downloads

Helsinki-NLP/opus-mt-es-de

Low Risk
26385 downloads

nickprock/cross-encoder-italian-bert-stsb

Low Risk
8306 downloads

ai4bharat/indictrans2-en-indic-dist-200M

Low Risk
25505 downloads

dphn/dolphin-2.6-mistral-7b

Medium Risk
8872 downloads

dumitrescustefan/bert-base-romanian-cased-v1

Low Risk
9483 downloads

prithivida/Splade_PP_en_v2

Medium Risk
17494 downloads

mistralai/Mistral-Large-Instruct-2411

Low Risk
9799 downloads

nvidia/quality-classifier-deberta

High Risk
25171 downloads

routellm/bert_gpt4_augmented

Low Risk
18266 downloads

nvidia/Llama-3.1-Nemotron-70B-Instruct-HF

Medium Risk
20650 downloads

sbunlp/fabert

Medium Risk
7900 downloads

Xenova/nomic-embed-text-v1

Low Risk
8100 downloads

Weyaxi/Einstein-v6.1-Llama3-8B

Medium Risk
8861 downloads

NexaAI/Qwen2-Audio-7B-GGUF

Medium Risk
8024 downloads

hfl/llama-3-chinese-8b-instruct

Low Risk
7975 downloads

bosonai/Higgs-Llama-3-70B

Medium Risk
7975 downloads

byroneverson/Mistral-Small-Instruct-2409-abliterated

Medium Risk
8114 downloads

hfl/llama-3-chinese-8b-instruct-v2

Low Risk
7968 downloads

kaist-ai/janus-dpo-7b

Medium Risk
8168 downloads

NbAiLab/nb-bert-base

Medium Risk
87831 downloads

uer/chinese_roberta_L-12_H-768

Low Risk
10394 downloads

nvidia/mit-b3

Medium Risk
11289 downloads

mental/mental-bert-base-uncased

Low Risk
14923 downloads

instruction-pretrain/finance-Llama3-8B

Medium Risk
9324 downloads

jphme/em_german_leo_mistral

Medium Risk
9224 downloads

lmstudio-community/Yi-Coder-1.5B-GGUF

Medium Risk
10956 downloads

mlx-community/whisper-large-v3-turbo

Low Risk
8795 downloads

NousResearch/Nous-Hermes-2-Yi-34B

Medium Risk
8256 downloads

mispeech/dasheng-base

Medium Risk
11178 downloads

Nargizi/screeve-lemmatizer

Low Risk
15182 downloads

deepseek-ai/deepseek-coder-7b-instruct-v1.5

Low Risk
16497 downloads

OpenAssistant/reward-model-deberta-v3-large-v2

Medium Risk
20054 downloads

tals/albert-xlarge-vitaminc-mnli

Medium Risk
18199 downloads

RedHatAI/Meta-Llama-3.1-8B-Instruct-quantized.w8a8

Medium Risk
10140 downloads

openbmb/MiniCPM-V-2_6-int4

Medium Risk
8939 downloads

wisdomik/QuiltNet-B-32

Low Risk
9280 downloads

allenai/specter2_aug2023refresh_base

Low Risk
12224 downloads

padmalcom/wav2vec2-large-nonverbalvocalization-classification

Low Risk
11243 downloads

primeline/whisper-large-v3-german

Low Risk
39745 downloads

dbmdz/bert-base-italian-xxl-uncased

Medium Risk
9975 downloads

bartowski/gemma-2-2b-it-abliterated-GGUF

Medium Risk
15707 downloads

unsloth/tinyllama-chat-bnb-4bit

Medium Risk
12598 downloads

vinai/PhoWhisper-tiny

Medium Risk
9096 downloads

timm/resnet26d.bt_in1k

Medium Risk
19865 downloads

RUPunct/RUPunct_big

Low Risk
24379 downloads

facebook/wav2vec2-large-robust

Medium Risk
9912 downloads

Helsinki-NLP/opus-mt-tc-big-fr-en

Medium Risk
8129 downloads

state-spaces/mamba2-130m

Low Risk
21358 downloads

timm/mnasnet_100.rmsp_in1k

Low Risk
8390 downloads

microsoft/cvt-13

Medium Risk
11800 downloads

timm/resnet34d.ra2_in1k

Medium Risk
9799 downloads

lmstudio-community/Qwen2.5-Coder-7B-Instruct-GGUF

Medium Risk
13686 downloads

NbAiLab/wav2vec2-large-danish-npsc-nst

0
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Most Recent

EU Cyber Resilience Act
EU Cyber Resilience Act
Read More
Context Engineering for Application Security Whitepaper
Context Engineering for Application Security
Read More
The New era of Code-to-Cloud Security
Read More
AI SAST: Combining Agents, Program Analysis, and Rules for High-Confidence Code Security
AI SAST: Combining Agents, Program Analysis, and Rules for High-Confidence Code Security
Read More
Invisible Threats and the Blind Spots of Security
Invisible Threats and the Blind Spots of Security 

Read More
State of Dependency Management 2025
State of Dependency Management 2025
Read More
A Practical Guide to AI and Application Security
Read More
Cracking the Code: Solving the Challenges of C/C++ Software Composition Analysis
Cracking the Code: Solving the Challenges of C/C++ Software Composition Analysis
Read More
Endor Labs Policies: Developer-Friendly Security Automation
Endor Labs Policies: Developer-Friendly Security Automation
Read More
AI Security Code Review: A Multi-Agent Approach for Detecting Security Design Flaws at Scale
AI Security Code Review: A Multi-Agent Approach for Detecting Security Design Flaws at Scale
Read More
Endor Patches whitepaper
Endor Patches Whitepaper
Read More
Dependency Management Report
Read More
Endor Labs Brand Guidelines
Read More
Guide to Implementing Software Supply Chain Security, What to Consider When Designing a Program
Guide to Implementing Software Supply Chain Security
Read More
State of Dependency Management 2023
State of Dependency Management 2023
Read More
OWASP Top 10 Risks for Open Source
OWASP Top 10 Risks for Open Source
Read More
State of Dependency Management 2022
State of Dependency Management 2022
Read More
ENDOR LABS PATCHES

Fix all vulnerabilities across a package, no upgrade required

Book a Demo

Latest Research

CVE-2026-25896: Entity Encoding Bypass in fast-xml-parser
Read now
AI SAST Finding: Path Traversal in OpenClaw via LLM Guardrail Bypass
Read now
ENDOR LABS PATCHES

Fix Vulnerabilities Without Upgrading

Book a Demo

How Endor Patches work

Security fixes are often several versions ahead—bundled with changes that can break your code.
Endor Patches deliver the maintainer-approved fix, tested for compatibility with older versions. Get just the security fix now, and upgrade on your timeline.

See for yourself why Endor Labs is the fastest growing AppSec company ever.

This is some text inside of a div block.