Kodem's Vulnerability Database

Browse known CVEs by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-55700Criticalpnpm: stage download writes outside its destination directory via manifestCVE-2026-55701Highnpm: Improper sanitization of user input in URL handlingCVE-2026-55702Mediumyarn: Dependency injections can lead to remote code executionCVE-2026-55703Lowbower: Uncontrolled resource consumption in package installation

Stop the waste.
Protect your environment with Kodem.