tough vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-6967Hightough: awslabs/tough is Missing Delegated Metadata ValidationCVE-2026-6966Hightough: awslabs/tough Delegated Roles have a Signature Threshold BypassGHSA-J8X2-777P-23FCLowtough: tough cyclic delegation graphs are not detectedCVE-2025-2886Mediumtough: tough terminating targets role delegations are not respectedCVE-2025-2885Mediumtough: tough root metadata version is not checked for sequential versioningCVE-2025-2888Mediumtough: tough timestamp metadata is cached when it fails snapshot rollback checkCVE-2025-2887Mediumtough: tough failure to detect delegated target rollbackCVE-2021-41150Hightough: Improper sanitization of delegated role namesCVE-2021-41149Hightough: Improper sanitization of target namesCVE-2020-15093Hightough: Improper verification of signature threshold in tough

Stop the waste.
Protect your environment with Kodem.