| | CVE-2026-40293 | Red Hat | high | 7.5 | 0.1%
| | A flaw was found in OpenFGA, an authorization/permission engine. When OpenFGA is configured to use p… | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-40299 | Red Hat | low | 4.3 | 0.1%
| | next-intl provides internationalization for Next.js. Applications using the `next-intl` middleware p… | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-40477 | Red Hat | high | 8.5 | 0.1%
| | Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.… | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-40478 | Red Hat | high | 8.5 | 0.1%
| | Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.… | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-40333 | Red Hat | medium | 6.1 | 0.0%
| | libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, two funct… | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-40334 | Red Hat | low | 3.5 | 0.0%
| | libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing… | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-40335 | Red Hat | medium | 5.2 | 0.0%
| | libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-o… | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-40336 | Red Hat | medium | 4.3 | 0.0%
| | libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have a memory… | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-40338 | Red Hat | medium | 6.1 | 0.0%
| | libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-o… | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-40339 | Red Hat | medium | 5.0 | 0.0%
| | libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-o… | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-40340 | Red Hat | medium | 6.1 | 0.0%
| | libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-o… | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-40341 | Red Hat | medium | 4.6 | 0.0%
| | libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of… | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-40347 | Red Hat | medium | 5.9 | 0.0%
| | Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial … | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-40490 | Red Hat | medium | 6.8 | 0.1%
| | The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and async… | Apr 18, 2026 | Apr 18, 2026 |
| | CVE-2026-30898 | Apache | medium | — | 0.1%
| | An example of BashOperator in Airflow documentation suggested a way of passing dag_run.conf in the w… | Apr 18, 2026 | Apr 22, 2026 |
| | CVE-2026-41254 | Red Hat | medium | 6.1 | 0.0%
| | Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow… | Apr 18, 2026 | Apr 18, 2026 |
| | CVE-2026-25917 | Apache | high | 7.2 | 0.1%
| | Dag Authors, who normally should not be able to execute code in the webserver context could craft XC… | Apr 18, 2026 | Apr 22, 2026 |
| | CVE-2026-30912 | Apache | high | 7.5 | 0.0%
| | In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/expose_stack_… | Apr 18, 2026 | Apr 21, 2026 |
| | CVE-2026-32228 | Apache | high | 7.5 | 0.0%
| | UI / API User with asset materialize permission could trigger dags they had no access to.
Users are … | Apr 18, 2026 | Apr 21, 2026 |
| | CVE-2026-32690 | Apache | low | 3.7 | 0.0%
| | Secrets in Variables saved as JSON dictionaries were not properly redacted - in case thee variables … | Apr 18, 2026 | Apr 21, 2026 |
| | CVE-2026-40948 | Apache | medium | 5.4 | 0.0%
| | The Keycloak authentication manager in `apache-airflow-providers-keycloak` did not generate or valid… | Apr 18, 2026 | May 11, 2026 |
| | CVE-2026-41242 | Red Hat | high | 8.8 | 0.0%
| ✓ Fix | A flaw was found in protobufjs, a JavaScript (JS) library used for compiling protobuf definitions. A… | Apr 18, 2026 | Apr 18, 2026 |
| | CVE-2026-6861 | Red Hat | medium | 6.1 | 0.0%
| | A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs proc… | Apr 19, 2026 | Apr 19, 2026 |
| | CVE-2026-31429 | Red Hat | medium | 6.6 | 0.0%
| | A flaw was found in the Linux kernel. When the Kernel Electric Fence (KFENCE), a memory safety error… | Apr 20, 2026 | Apr 20, 2026 |
| | CVE-2026-31430 | Red Hat | medium | 6.6 | 0.0%
| | A flaw was found in the Linux kernel. An unprivileged user can exploit this vulnerability by submitt… | Apr 20, 2026 | Apr 20, 2026 |
| | CVE-2026-6587 | Red Hat | high | 8.1 | 0.0%
| | A flaw was found in vibrantlabsai RAGAS. A remote attacker can exploit a server-side request forgery… | Apr 20, 2026 | Apr 20, 2026 |
| | CVE-2026-6654 | Red Hat | high | 7.3 | 0.0%
| | A flaw was found in the `thin_vec` component of `mozilla/thin-vec`. This vulnerability involves a me… | Apr 20, 2026 | Apr 20, 2026 |
| | CVE-2026-33557 | Apache | medium | — | 0.6%
| | A possible security vulnerability has been identified in Apache Kafka.
By default, the broker prope… | Apr 20, 2026 | Jun 30, 2026 |
| | CVE-2025-66335 | Apache | medium | 5.3 | 0.0%
| | Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw … | Apr 20, 2026 | Apr 22, 2026 |
| | CVE-2026-33558 | Apache | medium | 5.3 | 0.0%
| | Information exposure vulnerability has been identified in Apache Kafka.
The NetworkClient component… | Apr 20, 2026 | Apr 22, 2026 |
| | CVE-2026-3219 | Red Hat | medium | 5.0 | 0.0%
| ✓ Fix | A flaw was found in pip. This vulnerability occurs because pip incorrectly processes concatenated ta… | Apr 20, 2026 | Apr 20, 2026 |
| | CVE-2026-41245 | Red Hat | high | 9.3 | 0.1%
| | A flaw was found in Junrar, an open-source Java RAR archive library. A path traversal vulnerability … | Apr 20, 2026 | Apr 20, 2026 |
| | CVE-2026-28684 | Red Hat | medium | 7.1 | 0.0%
| ✓ Fix | A flaw was found in python-dotenv. A local attacker can exploit this by crafting a symbolic link, wh… | Apr 20, 2026 | Apr 20, 2026 |
| | CVE-2026-5358 | Red Hat | medium | — | — | | No description is available for this CVE. | Apr 20, 2026 | Apr 20, 2026 |
| | CVE-2026-5928 | Red Hat | medium | 5.0 | 0.1%
| ✓ Fix | Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that h… | Apr 20, 2026 | Apr 20, 2026 |
| | CVE-2026-5450 | Red Hat | medium | 5.0 | 0.1%
| ✓ Fix | A flaw was found in glibc (GNU C Library). This vulnerability occurs when an application uses the `s… | Apr 20, 2026 | Apr 20, 2026 |
| | CVE-2026-34278 | Red Hat | medium | 4.9 | 0.0%
| | Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MyS… | Apr 21, 2026 | Apr 21, 2026 |
| | CVE-2026-34270 | Red Hat | medium | 6.5 | 0.0%
| ✓ Fix | Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MyS… | Apr 21, 2026 | Apr 21, 2026 |
| | CVE-2026-34276 | Red Hat | medium | 6.5 | 0.0%
| ✓ Fix | Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MyS… | Apr 21, 2026 | Apr 21, 2026 |
| | CVE-2026-22015 | Red Hat | medium | 4.3 | 0.0%
| ✓ Fix | Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MyS… | Apr 21, 2026 | Apr 21, 2026 |
| | CVE-2026-34304 | Red Hat | medium | 4.9 | 0.0%
| ✓ Fix | Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MyS… | Apr 21, 2026 | Apr 21, 2026 |
| | CVE-2026-22017 | Red Hat | medium | 6.5 | 0.0%
| ✓ Fix | Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MyS… | Apr 21, 2026 | Apr 21, 2026 |
| | CVE-2026-34267 | Red Hat | medium | 4.9 | 0.0%
| | Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MyS… | Apr 21, 2026 | Apr 21, 2026 |
| | CVE-2026-35235 | Red Hat | medium | 4.9 | 0.0%
| | Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MyS… | Apr 21, 2026 | Apr 21, 2026 |
| | CVE-2026-35240 | Red Hat | medium | 4.9 | 0.0%
| ✓ Fix | Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MyS… | Apr 21, 2026 | Apr 21, 2026 |
| | CVE-2026-34272 | Red Hat | medium | 6.5 | 0.0%
| | Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MyS… | Apr 21, 2026 | Apr 21, 2026 |
| | CVE-2026-34293 | Red Hat | medium | 4.9 | 0.0%
| | Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MyS… | Apr 21, 2026 | Apr 21, 2026 |
| | CVE-2026-34303 | Red Hat | medium | 6.5 | 0.0%
| ✓ Fix | Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MyS… | Apr 21, 2026 | Apr 21, 2026 |
| | CVE-2026-34308 | Red Hat | medium | 6.5 | 0.0%
| ✓ Fix | Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MyS… | Apr 21, 2026 | Apr 21, 2026 |
| | CVE-2026-35236 | Red Hat | medium | 4.9 | 0.0%
| ✓ Fix | Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MyS… | Apr 21, 2026 | Apr 21, 2026 |