packages
npm / PyPI / Rust / Java / Ruby / PHP + OSV5 events on 2026-06-16role: thematic7d historyaccess: keyless
Keeps: package, version, advisory
Aliases: CVE-2026-49468 LiteLLM: Authentication Bypass via Host Header Injection
LITELLMosv:pypi:litellmAliases: CVE-2026-48520, PYSEC-2026-244 Langflow: Unauthenticated Shareable Playground arbitrary local or S3 file read
LANGFLOWosv:pypi:langflowAliases: CVE-2026-48519, PYSEC-2026-243 Langflow: Unauthenticated RCE in Shareable Playgrounds
LANGFLOWosv:pypi:langflowAliases: CVE-2026-42867 Langflow: Path Traversal in Knowledge Bases API via Creation Endpoint
LANGFLOWosv:pypi:langflowAliases: CVE-2026-33760, PYSEC-2026-242 Langflow: IDOR/BOLA in Monitor API — Missing Ownership Enforcement on 7 Endpoints
LANGFLOWosv:pypi:langflow