Supply Chain Risk
186 tools currently share the dependency/CVE clusters in this view.
Vulnerability Clusters
Sorted by tool count| Ecosystem | |||||
|---|---|---|---|---|---|
| requests | CVE-2026-25645 |
medium
|
94 | — |
pypi
|
| pytest | CVE-2025-71176 |
medium
|
73 | — |
pypi
|
| python-multipart | CVE-2026-42561 |
high
|
60 | — |
pypi
|
| python-dotenv | CVE-2026-28684 |
medium
|
60 | — |
pypi
|
| pygments | CVE-2026-4539 |
low
|
56 | — |
pypi
|
| cryptography | CVE-2026-34073 |
low
|
52 | — |
pypi
|
| pillow | CVE-2026-42310 |
medium
|
49 | — |
pypi
|
| pillow | CVE-2026-42308 |
medium
|
49 | — |
pypi
|
| urllib3 | CVE-2026-21441 |
high
|
48 | — |
pypi
|
| pillow | CVE-2026-42311 |
high
|
46 | — |
pypi
|
| pillow | CVE-2026-40192 |
high
|
46 | — |
pypi
|
| urllib3 | CVE-2025-66418 |
high
|
44 | — |
pypi
|
| requests | CVE-2024-47081 |
medium
|
44 | — |
pypi
|
| urllib3 | CVE-2025-66471 |
high
|
43 | — |
pypi
|
| cryptography | CVE-2026-39892 |
medium
|
43 | — |
pypi
|
| aiohttp | CVE-2026-22815 |
medium
|
42 | — |
pypi
|
| aiohttp | CVE-2026-34516 |
medium
|
42 | — |
pypi
|
| aiohttp | CVE-2026-34515 |
medium
|
42 | — |
pypi
|
| aiohttp | CVE-2026-34525 |
medium
|
42 | — |
pypi
|
| aiohttp | CVE-2026-34519 |
low
|
42 | — |
pypi
|
| aiohttp | CVE-2026-34518 |
low
|
42 | — |
pypi
|
| aiohttp | CVE-2026-34517 |
low
|
42 | — |
pypi
|
| aiohttp | CVE-2026-34520 |
low
|
42 | — |
pypi
|
| aiohttp | CVE-2026-34514 |
low
|
42 | — |
pypi
|
| aiohttp | CVE-2026-34513 |
low
|
42 | — |
pypi
|
| mako | CVE-2026-44307 |
high
|
41 | — |
pypi
|
| gitpython | CVE-2026-44244 |
high
|
40 | — |
pypi
|
| gitpython | CVE-2026-44243 |
high
|
40 | — |
pypi
|
| python-multipart | CVE-2026-40347 |
medium
|
38 | — |
pypi
|
| cryptography | CVE-2026-26007 |
high
|
37 | — |
pypi
|
| pyjwt | CVE-2026-32597 |
high
|
36 | — |
pypi
|
| pillow | CVE-2026-25990 |
high
|
34 | — |
pypi
|
| gitpython | CVE-2026-42215 |
high
|
33 | — |
pypi
|
| gitpython | CVE-2026-42284 |
high
|
32 | — |
pypi
|
| pyasn1 | CVE-2026-30922 |
high
|
31 | — |
pypi
|
| mako | CVE-2026-41205 |
medium
|
31 | — |
pypi
|
| pillow | CVE-2026-42309 |
medium
|
31 | — |
pypi
|
| urllib3 | CVE-2025-50181 |
medium
|
30 | — |
pypi
|
| lxml | CVE-2026-41066 |
high
|
29 | — |
pypi
|
| requests | CVE-2024-35195 |
medium
|
28 | — |
pypi
|
| aiohttp | CVE-2025-69223 |
high
|
27 | — |
pypi
|
| aiohttp | CVE-2025-69229 |
medium
|
27 | — |
pypi
|
| aiohttp | CVE-2025-69228 |
medium
|
27 | — |
pypi
|
| aiohttp | CVE-2025-69227 |
medium
|
27 | — |
pypi
|
| aiohttp | CVE-2025-69230 |
low
|
27 | — |
pypi
|
| aiohttp | CVE-2025-69226 |
low
|
27 | — |
pypi
|
| aiohttp | CVE-2025-69225 |
low
|
27 | — |
pypi
|
| aiohttp | CVE-2025-69224 |
low
|
27 | — |
pypi
|
| mistune | CVE-2026-33079 |
high
|
25 | — |
pypi
|
| protobuf | CVE-2026-0994 |
high
|
25 | — |
pypi
|
Shared Exposure Clusters
postcss medium 388 tools 4 CVEs
CVEs
CVE-2021-23368, CVE-2021-23382, CVE-2023-44270, CVE-2026-41305
Tools
2FAuth, Ackee, AdventureLog, ArgoCD, Argus, AutoGPT, BroadcastChannel, BunkerM, ByteStash, CAPA, ChatDev, Claudable, Claude Squad, Cleanuparr, CloudStack, CodexMonitor, Concourse, ConvertX, Cosmos-Server, Crystal, DB-GPT, Deepfence ThreatMapper, DocsGPT, Erugo, ExcaliDash, FitTrackee, Fleet device management, Flowise, GitSave, Gladys, Goose, Guardian, Heimdall, Hemmelig.app, HestiaCP, Hi.Events, IRIS, ImmichFrame, Intel Owl, InvenTree, InvoicePlane, InvoiceShelf, IronCalc, Jellystat, Kavita, LANCommander, Lidarr, LinkAce, LinkStack, LoggiFly, Maintainerr, Materialious, MediKeep, Medusa, Meelo, MineContext, Netcap, NextExplorer, Nexterm, OliveTin, Ombi, OmniPoly, Omoide, OpenArchiver, OpenBB, OpenHands, OpenSign, OpnForm, OxiCloud, Packer, PatchMon, PeaNUT, PodFetch, PrestaShop, PrivateCaptcha, Radarr, Raneto, RecipeSage, Scriberr, SeerrBridge, Shaarli, Shuffle, Silex, Sink, SolidInvoice, Sonarr, SparkyFitness, Splunk Attack Range, Spoolman, TaskTrove, Tasks.md, TaxHacker, Termix, Terrateam, Timesketch, Tracearr, UrBackup, Vagrant, Vane, VaulTLS, WGDashboard, WYGIWYH, WatchYourLAN, Watcharr, WeKnora, Youtarr, agent-lightning, agent-squad, agentops, agentscope, aliasvault, anchr, answer, anything-llm, app, app-stormkit-io, arcane, atlas, atomic-crm, audiobookshelf, autogen, automad, automatisch, backrest, baserow, bazarr, beeai-framework, big-AGI, bigbluebutton, bigcapital, bknd, blackcandy, booklogr, bracket, bunkerweb, caddymanager, casibase, chartbrew, checkcle, chibisafe, chroma, chronoframe, cially, claude-devtools, cleanslate, cmms, coder, colanode, composecraft, configarr, continue, convoy, cookcli, cronitor-cli, cronmaster, cup, dashdot, dawarich, daytona, dbgate, deck, decypharr, defguard, dify, docking-station, dockman, documenso, docuseal, domain-locker, domain-watchdog, drivebase, drop, dust, enclosed, etherpad-lite, eventcatalog, evershop, ferrishare, fider, figranium, filegator, fireshare, flatnotes, flood, formbricks, gameyfin, ganymede, gathio, gatus, genkit, ghostfolio, goaway, groceries, grr, habitica, handbrake-web, hedgedoc, helicone, hermes-agent, heyform, hindsight, hollo, homarr, homer, honey, hoodik, hortusfox-web, ideon, immich-power-tools, investbrain, invoiceninja, invoicerr, jan, jelu, jetlog, jotty, kanba, kaneo, keila, kener, kill-the-newsletter, kimai, kitops, komga, komodo, kubero, kubetail, langfuse, leantime, libredesk, linkding, linkwarden, litlyx, liveblocks, liveblog, logchef, lowcoder, many-notes, mastra, mathesar, mautic, mbin, mediacms, meet, melody-auth, mem0, memories, middleware-manager, mindsdb, minthcm, mitmproxy, mixpost, mlflow, moodist, ms-agent, multi-scrobbler, mydia, nanote, nimtable, nixopus, notes, notifiarr, notifuse, ocis, ollama, omni-tools, oneuptime, ontime, openagents, openai-agents-js, openbao, openchangelog, opencloud, openemr, openproject, operately, opik, owncast, panel, papermark, papra, parlant, pasta, pastefy, peekaping, pgbackweb, phoenix, photofield, pigallery2, pixelfed, planka, plex-rewind, plikshare, pocket-id, poeticmetric, portabase, posterizarr, presenton, projectsend, psitransfer, quickwit, ragflow, rallly, ray, receipt-wrangler, recipes, requestly, retroassembly, retrom, reviewboard, richdocuments, rspamd, rundeck, rybbit, ryot, sandbox, scanopy, scrutiny, seerr, semantic-kernel, semaphore, serpbear, server, silverbullet, slskd, snipe-it, snippetslibrary.com, solace-agent-mesh, solidtime, speedtest-tracker, spliit, spooty, sprout-track, sshwifty, stagehand, starrocks, stash, statistics-for-strava, statping-ng, steel-browser, stoatchat, storyden, streamystats, stump, superagent, survey-library, swetrix, tailscale, talk, thrifty, tianji, tracktor, traefik-log-dashboard, trulens, tududi, tunarr, typebot.io, umbrel, uncloud, url-to-png, usertour, vanilla-cookbook, vikunja, vince, voidauth, wagmios, wakapi, wanderer, wapy.dev, warpgate, webmail, windmill, wizarr, woocommerce, worklenz, wud, xwiki-platform, yamlresume, yugabyte-db, zane-ops, zigbee2mqtt, zipline, zitadel, ztnet, zwave-js-ui
brace-expansion medium 339 tools 2 CVEs
CVEs
CVE-2025-5889, CVE-2026-33750
Tools
2FAuth, ART, ArgoCD, AutoGPT, Bearer, BroadcastChannel, ByteStash, CAPA, ChatDev, Checkmate, Claudable, Claude Squad, Cleanuparr, ClipCascade, CloudStack, CodexMonitor, Concourse, Cosmos-Server, Crystal, DB-GPT, DNSControl, Deepfence ThreatMapper, DocsGPT, ExcaliDash, FingerprintJS, Fleet device management, Flowise, GitSave, Gladys, Goose, Heimdall, Hemmelig.app, HestiaCP, Hi.Events, IRIS, Intel Owl, InvenTree, IronCalc, Jellystat, JuiceFS, Kroki, Lidarr, LinkStack, Maintainerr, MediKeep, MediaManager, Medusa, Meelo, MeshCentral, MineContext, NewsBlur, NextExplorer, Nexterm, OliveTin, Ombi, OmniPoly, Open-Web-Analytics, OpenArchiver, OpenHands, OpenSign, OpnForm, Packer, PeaNUT, PodFetch, Pomerium, PrestaShop, PrivateBin, PrivateCaptcha, Pulsarr, Radarr, Raneto, SAMA, Scriberr, SeerrBridge, Shaarli, Shuffle, Silex, Sink, Sonarr, SparkyFitness, Spoolman, TaskTrove, Tasks.md, TasmoAdmin, Tau, TaxHacker, Terminator, Terrateam, Themis, Timesketch, UrBackup, Vagrant, WGDashboard, Watcharr, Youtarr, agent-framework, agent-lightning, agent-squad, agentops, agentscope, aliasvault, anchr, answer, anything-llm, app, app-stormkit-io, atomic-crm, audiobookshelf, aurral, autobrr, autogen, automad, automatisch, backrest, baserow, bazarr, beeai-framework, big-AGI, bigbluebutton, bigcapital, bknd, blackcandy, booklogr, bracket, caddymanager, camel, casibase, chartbrew, checkcle, chibisafe, chroma, chronoframe, cially, cmms, coder, composecraft, configarr, continue, countly-server, cronitor-cli, cronmaster, dashdot, daytona, dbgate, defguard, docking-station, dockman, dockwatch, documenso, docuseal, domain-locker, domain-watchdog, dozzle, drivebase, drop, dust, dynamodb-dashboard, easyappointments, eigenfocus, enclosed, evcc, eventcatalog, evershop, ferrishare, fider, figranium, filegator, flatnotes, gameyfin, ganymede, gathio, gatus, genkit, ghostfolio, grist-core, groceries, grr, habitica, handbrake-web, hedgedoc, helicone, hermes-agent, heyform, hollo, humhub, immich-power-tools, invoiceninja, jan, jelu, kanba, kanidm, keila, kener, kill-the-newsletter, kimai, kite, kitops, koel, komodo, kubero, langfuse, langgraph, lemmy, libredesk, linkwarden, litlyx, liveblocks, liveblog, localess, lowcoder, many-notes, manyfold, mastra, mathesar, mautic, mediacms, meet, melody-auth, mem0, memories, middleware-manager, minthcm, misskey, mitmproxy, mlflow, monetr, moodist, nanote, nginx-ui, nimtable, notifiarr, octelium, ollama, omni-tools, oneuptime, ontime, openagents, openai-agents-js, openchangelog, openemr, openproject, operately, opik, owncast, panel, papra, passbolt_api, pasta, pastefy, peekaping, pgbackweb, phoenix, photofield, picoshare, pigallery2, pinchflat, pixelfed, planka, plex-rewind, poeticmetric, portchecker.io, presenton, profilarr, psitransfer, quickwit, ragflow, rallly, ray, receipt-wrangler, recipes, requestly, retroassembly, retrom, rspamd, rundeck, rybbit, ryot, sandbox, scrutiny, scrypted, seerr, semantic-kernel, semaphore, serpbear, server, shellhub, slskd, snipe-it, snippetslibrary.com, solace-agent-mesh, solidtime, spliit, spooty, sprout-track, sshwifty, stagehand, stash, statping-ng, stoatchat, storyden, stump, swetrix, tailscale, talk, tianji, tracktor, traefik-log-dashboard, trulens, tunarr, umbrel, uncloud, url-to-png, usertour, vanilla-cookbook, vince, vitess, wapy.dev, warpgate, webmail, werf, whodb, windmill, woocommerce, worklenz, workout-tracker, writefreely, wud, xwiki-platform, yamlresume, your_spotify, yugabyte-db, zane-ops, zigbee2mqtt, zipline, zitadel, ztnet, zwave-js-ui
picomatch high 315 tools 2 CVEs
CVEs
CVE-2026-33671, CVE-2026-33672
Tools
2FAuth, ART, AdventureLog, ArgoCD, AutoGPT, BroadcastChannel, ByteStash, ChatDev, Claudable, Claude Squad, Cleanuparr, ClipCascade, CloudStack, CodexMonitor, Concourse, Cosmos-Server, Crystal, DB-GPT, Deepfence ThreatMapper, DocsGPT, Erugo, ExcaliDash, Fleet device management, Flowise, GitSave, Gladys, Goose, Guardian, Heimdall, Hemmelig.app, Hi.Events, IRIS, Intel Owl, IronCalc, Jellystat, JuiceFS, Kroki, LANCommander, Lidarr, LinkStack, Maintainerr, MediKeep, Medusa, Meelo, MineContext, NextExplorer, Nexterm, OliveTin, Ombi, OmniPoly, Open-Web-Analytics, OpenArchiver, OpenSign, OpnForm, Packer, PeaNUT, PrestaShop, PrivateCaptcha, Pulsarr, Radarr, Raneto, RecipeSage, SAMA, Scriberr, SeerrBridge, Shuffle, Silex, Sink, Sonarr, SparkyFitness, Splunk Attack Range, Spoolman, TaskTrove, Tasks.md, Tau, TaxHacker, Terminator, Terrateam, Themis, Ticky, Timesketch, UrBackup, Vagrant, WGDashboard, Watcharr, Youtarr, agent-lightning, agent-squad, agentops, agentscope, anchr, answer, anything-llm, app, app-stormkit-io, atlas, audiobookshelf, aurral, autogen, automad, automatisch, backrest, baserow, bazarr, beeai-framework, big-AGI, bigcapital, bknd, blackcandy, booklogr, bunkerweb, caddymanager, camel, casibase, chartbrew, checkcle, chibisafe, chroma, chronoframe, cially, cmms, coder, composecraft, configarr, continue, cronitor-cli, cronmaster, dagu, dashdot, daytona, dbgate, decypharr, defguard, docking-station, dockman, docuseal, domain-locker, domain-watchdog, dozzle, drivebase, drop, dust, dynamodb-dashboard, edit-mind, enclosed, eventcatalog, evershop, ferrishare, figranium, filegator, flatnotes, gameyfin, gathio, gatus, genkit, grist-core, groceries, grr, habitica, handbrake-web, hedgedoc, helicone, hermes-agent, heyform, hollo, homarr, hoodik, hortusfox-web, humhub, immich-power-tools, investbrain, invoiceninja, invoicerr, jan, jelu, kanba, keila, kener, kill-the-newsletter, kimai, kitops, koel, komodo, kubero, langgraph, leantime, lemmy, libredesk, linkding, linkwarden, litlyx, liveblocks, liveblog, localess, lowcoder, many-notes, mastra, mathesar, mautic, mcp-toolbox, mediacms, meet, melody-auth, mem0, memories, middleware-manager, minthcm, misskey, mitmproxy, mixpost, mlflow, monetr, moodist, mydia, nanote, nginx-ui, nimtable, notifiarr, ollama, omni-tools, oneuptime, ontime, openagents, openchangelog, openproject, operately, opik, panel, papra, passbolt_api, pastefy, peekaping, pgbackweb, phoenix, photofield, picoshare, pigallery2, pixelfed, planka, plex-rewind, poeticmetric, portchecker.io, presenton, psitransfer, quickdrop, quickwit, ragflow, rallly, ray, receipt-wrangler, recipes, requestly, retroassembly, retrom, roundcubemail, rspamd, rundeck, rybbit, ryot, sandbox, scrutiny, scrypted, seerr, semantic-kernel, serpbear, server, shellhub, silverbullet, snipe-it, snippetslibrary.com, solidtime, spliit, spooty, sprout-track, sshwifty, stagehand, stash, statistics-for-strava, statping-ng, stoatchat, storyden, stump, superagent, swetrix, tables, tailscale, talk, tianji, tracktor, traefik-log-dashboard, tunarr, umbrel, uncloud, usertour, vanilla-cookbook, vince, wakapi, wapy.dev, werf, windmill, woocommerce, worklenz, wud, xwiki-platform, yamlresume, your_spotify, yugabyte-db, zane-ops, zigbee2mqtt, zipline, zitadel, ztnet, zwave-js-ui
minimatch high 291 tools 5 CVEs
CVEs
CVE-2016-10540, CVE-2022-3517, CVE-2026-26996, CVE-2026-27903, CVE-2026-27904
Tools
ART, ArgoCD, AutoGPT, BroadcastChannel, ByteStash, ChatDev, Claudable, Claude Squad, Cleanuparr, ClipCascade, CloudStack, CodexMonitor, Concourse, Cosmos-Server, Crystal, DB-GPT, Deepfence ThreatMapper, ExcaliDash, Fleet device management, Flowise, GitSave, Gladys, Goose, Heimdall, HestiaCP, Hi.Events, IRIS, Intel Owl, InvoicePlane, IronCalc, Jellystat, JuiceFS, Kroki, Lidarr, LinkStack, Maintainerr, Materialious, MediKeep, Medusa, Meelo, MineContext, NewsBlur, NextExplorer, Nexterm, OliveTin, Ombi, OmniPoly, Open-Web-Analytics, OpenArchiver, OpnForm, Packer, PeaNUT, PrestaShop, PrivateCaptcha, Pulsarr, Radarr, RecipeSage, SAMA, Scriberr, SeerrBridge, Shaarli, Shuffle, Silex, Sink, Sonarr, SparkyFitness, Spoolman, TaskTrove, Tasks.md, Tau, TaxHacker, Terminator, Terrateam, Themis, UrBackup, Vagrant, Watcharr, Youtarr, agent-lightning, agent-squad, agentops, agentscope, anchr, answer, anything-llm, app, app-stormkit-io, audiobookshelf, autobrr, autogen, automad, automatisch, backrest, baserow, bazarr, beeai-framework, big-AGI, bigbluebutton, bigcapital, bknd, blackcandy, booklogr, bracket, caddymanager, camel, casibase, cerbos, chartbrew, checkcle, chibisafe, chroma, chronoframe, claude-devtools, cmms, coder, composecraft, configarr, continue, countly-server, cronitor-cli, dashdot, daytona, dbgate, defguard, docking-station, dockman, docuseal, domain-locker, domain-watchdog, dozzle, drivebase, drop, dust, dynamodb-dashboard, enclosed, eventcatalog, evershop, ferrishare, fider, figranium, filegator, flatnotes, gameyfin, gathio, gatus, genkit, grist-core, groceries, grr, habitica, handbrake-web, hedgedoc, helicone, heyform, hollo, homarr, humhub, immich-power-tools, invoiceninja, jan, jelu, kanba, keila, kill-the-newsletter, kimai, kitops, koel, komga, komodo, kubero, lemmy, libredesk, linkwarden, litlyx, liveblocks, liveblog, localess, lowcoder, many-notes, manyfold, mastra, mathesar, mautic, mediacms, meet, melody-auth, mem0, memories, middleware-manager, mindsdb, minthcm, misskey, mitmproxy, mlflow, monetr, moodist, nanote, nimtable, ocis, ollama, omni-tools, oneuptime, openagents, openai-agents-js, openchangelog, openemr, openproject, operately, opik, owncast, panel, papra, passbolt_api, pastefy, peekaping, pgbackweb, photofield, phpmyadmin, picoshare, pigallery2, pinchflat, pixelfed, poeticmetric, portchecker.io, presenton, profilarr, psitransfer, quickwit, ragflow, rallly, ray, recipes, requestly, retrom, rundeck, rybbit, ryot, sandbox, scrutiny, scrypted, seerr, semantic-kernel, semaphore, serpbear, server, shellhub, slskd, snipe-it, snippetslibrary.com, solace-agent-mesh, solidtime, spliit, spooty, stagehand, stash, statping-ng, steel-browser, stoatchat, storyden, stump, swetrix, tailscale, talk, tianji, tunarr, umbrel, uncloud, url-to-png, usertour, vanilla-cookbook, vince, vitess, wapy.dev, werf, windmill, woocommerce, worklenz, writefreely, wud, xwiki-platform, yamlresume, your_spotify, yugabyte-db, zane-ops, zigbee2mqtt, zipline, zitadel, zwave-js-ui
fast-uri high 290 tools 2 CVEs
CVEs
CVE-2026-6321, CVE-2026-6322
Tools
4gaBoards, ART, ArgoCD, Argus, Arkime, AutoGPT, BroadcastChannel, Cleanuparr, Concourse, Consul, Crystal, DockFlare, FingerprintJS, Fleet device management, Flowise, FreshRSS, GitSave, Gladys, GoCD, Goose, Guardian, Heimdall, ImmichFrame, InvenTree, Jellystat, Jenkins, JuiceFS, Kavita, LANCommander, LibreNMS, Lidarr, Maintainerr, Materialious, MediaManager, Medusa, Meelo, MemMachine, Memori, MineContext, Nhost, Ombi, Omoide, OpenSandbox, OpenSign, PodFetch, PrestaShop, Pulsarr, Rackula, Radarr, RecipeSage, Scriberr, Shaarli, Silex, SillyTavern, Sonarr, SparkyFitness, Spoolman, Tasks.md, TaxHacker, Terminator, Termix, Terrateam, Timesketch, Velociraptor, VueTorrent, Watcharr, WeKnora, Zentral, agent-lightning, agent-squad, answer, anything-llm, arcane, atomic-crm, audiobookshelf, aurral, authgear-server, autobrr, autogen, automatisch, babybuddy, baserow, bazarr, beeai-framework, bigbluebutton, bigcapital, bknd, booklogr, casibase, cerbos, chartbrew, chibisafe, chroma, claude-devtools, cleanslate, cmms, colanode, configarr, continue, cronitor-cli, dagu, dashdot, daytona, deck, docker-staticmaps, docking-station, dockman, docs, documenso, domain-locker, domain-watchdog, drivebase, duplicati, dust, edit-mind, eigenfocus, enclosed, endurain, etherpad-lite, eventcatalog, evershop, everything-claude-code, fider, figranium, firecrawl, flood, formbricks, forms, gameyfin, genkit, gerbera, ghostfolio, goaway, grist-core, grr, habitica, hedgedoc, helicone, hermes-agent, heyform, hindsight, homarr, homebox, homer, hoodik, hook0, hortusfox-web, ideon, immich-power-tools, invoiceninja, invoicerr, jan, jelu, kaneo, kimai, koel, komga, komodo, kopia, kubero, langfuse, leantime, linkwarden, liveblocks, localess, lowcoder, manifest, mantrae, many-notes, mastra, mautic, mbin, mcp-context-forge, mcp-toolbox, mealie, mediacms, meet, melody-auth, memories, metube, mindsdb, minthcm, misskey, mlflow, mobile-mcp, moodist, multi-scrobbler, news, nixopus, note-mark, notes, ocis, ocular, omni-tools, oneuptime, openagents, openai-agents-js, openbao, opencloud, openemr, openproject, operately, opik, ots, owncast, panel, papermark, papra, peekaping, phoenix, phpmyadmin, pigallery2, pixelfed, plex-rewind, plikshare, pocket-id, poeticmetric, portabase, portchecker.io, profilarr, psitransfer, ragflow, rallly, receipt-wrangler, recipes, requestly, retrom, reviewboard, richdocuments, romm, rotki, rspamd, rundeck, rybbit, ryot, sandbox, scanopy, scrypted, seerr, semaphore, serpbear, server, shellhub, simplex-chat, slskd, snipe-it, solace-agent-mesh, solidtime, spooty, spreed, sshwifty, stagehand, starrocks, stash, statistics-for-strava, steel-browser, stoatchat, storyden, stump, superagent, surmai, swetrix, tables, talk, tasks, tianji, traefik-log-dashboard, trailarr, tududi, tugtainer, tunarr, uncloud, vanilla-cookbook, vikunja, vitess, voidauth, wallabag, wanderer, weblate, windmill, woocommerce, wud, xwiki-platform, yamlresume, yugabyte-db, zigbee2mqtt, zipline, zitadel, ztnet, zwave-js-ui
ajv medium 272 tools 2 CVEs
CVEs
CVE-2020-15366, CVE-2025-69873
Tools
ART, ArgoCD, AutoGPT, Bearer, BroadcastChannel, CAPA, ChatDev, Claudable, Claude Squad, Cleanuparr, ClipCascade, CloudStack, CodexMonitor, Concourse, Cosmos-Server, Crystal, DB-GPT, Deepfence ThreatMapper, ExcaliDash, FingerprintJS, Fleet device management, Flowise, GitSave, Gladys, Guardian, Heimdall, Hi.Events, IRIS, Intel Owl, Jellystat, JuiceFS, Kroki, LANCommander, Lidarr, LinkStack, Maintainerr, MediKeep, Medusa, Meelo, MineContext, NewsBlur, NextExplorer, Nexterm, OliveTin, Ombi, OmniPoly, Open-Web-Analytics, OpenHands, OpnForm, Packer, PeaNUT, Pomerium, PrestaShop, PrivateBin, Pulsarr, Radarr, Scriberr, SeerrBridge, Shaarli, Shuffle, Silex, Sink, Sonarr, Spoolman, TaskTrove, Tasks.md, TaxHacker, Terminator, Themis, Timesketch, UrBackup, Vagrant, Watcharr, agent-framework, agent-lightning, agent-squad, agentops, aliasvault, anchr, answer, anything-llm, app, atomic-crm, audiobookshelf, autogen, automad, automatisch, backrest, baserow, bazarr, beeai-framework, bigcapital, bknd, blackcandy, booklogr, bracket, casibase, cerbos, chartbrew, checkcle, chibisafe, chroma, chronoframe, cmms, coder, composecraft, configarr, continue, cronitor-cli, dashdot, daytona, dbgate, defguard, docking-station, dockman, docs, docuseal, domain-locker, domain-watchdog, drivebase, duplicati, dust, dynamodb-dashboard, edit-mind, eigenfocus, enclosed, eventcatalog, evershop, fider, filegator, forms, gameyfin, ganymede, gathio, gatus, genkit, grist-core, groceries, grr, habitica, handbrake-web, hedgedoc, helicone, heyform, hoodik, hortusfox-web, immich-power-tools, invoiceninja, invoicerr, jan, jelu, kanba, kanidm, keila, kimai, kitops, koel, koillection, komodo, kubero, leantime, lemmy, libredesk, linkwarden, litlyx, liveblocks, liveblog, localess, lowcoder, manifest, many-notes, mastra, mathesar, mautic, maxun, mediacms, meet, melody-auth, mem0, memories, middleware-manager, minthcm, mitmproxy, mlflow, moodist, multi-scrobbler, nanote, nimtable, nixopus, ollama, omni-tools, openagents, openai-agents-js, openchangelog, openemr, openproject, operately, opik, panel, papra, pasta, pastefy, peekaping, photofield, picoshare, pigallery2, pixelfed, poeticmetric, portchecker.io, presenton, psitransfer, ragflow, rallly, ray, recipes, requestly, retrom, richdocuments, rundeck, rybbit, ryot, sandbox, scrutiny, scrypted, seerr, semantic-kernel, semaphore, serpbear, server, shellhub, slskd, snipe-it, snippetslibrary.com, solace-agent-mesh, spliit, spooty, spreed, stagehand, statping-ng, steel-browser, stoatchat, storyden, streamystats, stump, superagent, tailscale, talk, tasks, tianji, trulens, tunarr, umbrel, uncloud, usertour, vanilla-cookbook, vince, vitess, wapy.dev, warpgate, werf, windmill, woocommerce, worklenz, writefreely, wud, xwiki-platform, your_spotify, yugabyte-db, zipline, zitadel, zwave-js-ui
lodash critical 259 tools 10 CVEs
CVEs
CVE-2018-16487, CVE-2018-3721, CVE-2019-1010266, CVE-2019-10744, CVE-2020-28500, CVE-2020-8203, CVE-2021-23337, CVE-2025-13465, CVE-2026-2950, CVE-2026-4800
Tools
ART, AutoGPT, BroadcastChannel, Checkov, Claudable, Cleanuparr, ClipCascade, CloudStack, Concourse, Cosmos-Server, Crystal, DB-GPT, Deepfence ThreatMapper, FingerprintJS, Fleet device management, Flowise, GitSave, Gladys, Goose, Heimdall, Hemmelig.app, Hi.Events, IRIS, Intel Owl, InvenTree, IronCalc, Jellystat, JuiceFS, Lidarr, LinkStack, Maintainerr, MediKeep, Medusa, Meelo, MeshCentral, MineContext, NewsBlur, NextExplorer, Nexterm, OliveTin, Ombi, OmniPoly, OpenArchiver, OpenSign, OpnForm, Packer, PeaNUT, PrestaShop, Pulsarr, Rackula, Radarr, Raneto, SAMA, Scriberr, SeerrBridge, Shuffle, Silex, Sink, Sonarr, SparkyFitness, Spoolman, TaskTrove, Tasks.md, Themis, Timesketch, UrBackup, Vagrant, WGDashboard, Watcharr, agent-squad, agentops, anchr, answer, anything-llm, app, app-stormkit-io, audiobookshelf, autobrr, autogen, automad, automatisch, backrest, baserow, bazarr, beeai-framework, bigcapital, blinko, booklogr, caddymanager, casibase, cerbos, chartbrew, checkcle, chibisafe, chroma, chronoframe, cially, cmms, coder, configarr, continue, cronitor-cli, cronmaster, dashdot, daytona, dbgate, deck, defguard, docking-station, dockman, docs, docuseal, domain-locker, domain-watchdog, drivebase, drop, dust, enclosed, eventcatalog, evershop, filegator, fireshare, gameyfin, gathio, gatus, genkit, groceries, grr, habitica, hedgedoc, helicone, hermes-agent, heyform, hoodik, humhub, immich-power-tools, invoiceninja, invoicerr, jan, jelu, kanba, kener, kill-the-newsletter, kimai, kite, kitops, komodo, kubero, leantime, libredesk, linkwarden, litlyx, liveblocks, liveblog, localess, logchef, lowcoder, many-notes, mastra, mathesar, mautic, maxun, mbin, mediacms, meet, mem0, memories, mindsdb, minthcm, mitmproxy, mixpost, mlflow, monetr, moodist, nanote, nimtable, notifiarr, ollama, omni-tools, oneuptime, ontime, openagents, openai-agents-js, openchangelog, openemr, operately, opik, owncast, panel, papermark, papra, passbolt_api, pastefy, peekaping, phoenix, photofield, pigallery2, pixelfed, plex-rewind, poeticmetric, portabase, portchecker.io, presenton, qdrant, quickwit, ragflow, rallly, ray, requestly, retroassembly, retrom, roundcubemail, rundeck, rybbit, ryot, scrutiny, scrypted, seerr, serpbear, server, snipe-it, solace-agent-mesh, solidtime, spliit, spooty, sshwifty, stagehand, stash, statping-ng, stoatchat, storyden, streamlit, streamystats, stump, tailscale, talk, tianji, traefik-log-dashboard, tunarr, umbrel, uncloud, usertour, vanilla-cookbook, wapy.dev, whodb, windmill, woocommerce, worklenz, writefreely, wud, xwiki-platform, yugabyte-db, zane-ops, zipline, ztnet, zwave-js-ui
yaml high 228 tools 2 CVEs
CVEs
CVE-2023-2251, CVE-2026-33532
Tools
2FAuth, ART, AutoGPT, Bearer, BroadcastChannel, ByteStash, ClipCascade, Cosmos-Server, Crystal, DB-GPT, Deepfence ThreatMapper, DocsGPT, ExcaliDash, Fleet device management, Flowise, GitSave, Gladys, Goose, Heimdall, HestiaCP, Hi.Events, IRIS, Intel Owl, Jellystat, JuiceFS, Lidarr, LinkStack, Maintainerr, Materialious, MediaManager, Medusa, Meelo, Netcap, OliveTin, Ombi, OmniPoly, OpenHands, OpenSign, OpnForm, Packer, PeaNUT, PodFetch, PrestaShop, PrivateCaptcha, Pulsarr, Radarr, RecipeSage, SeerrBridge, Shuffle, Silex, Sink, Sonarr, SparkyFitness, TaskTrove, TaxHacker, Terrateam, Timesketch, UrBackup, Vagrant, Watcharr, agent-squad, aliasvault, answer, anything-llm, app, app-stormkit-io, audiobookshelf, autobrr, autogen, automad, automatisch, backrest, bazarr, beeai-framework, big-AGI, bigcapital, bknd, booklogr, bracket, bunkerweb, casibase, checkcle, chibisafe, chroma, cially, claude-devtools, cmms, coder, composecraft, configarr, continue, cronitor-cli, dashdot, daytona, dbgate, defguard, dockman, docuseal, domain-locker, domain-watchdog, dozzle, drivebase, drop, duplicati, dust, dynamodb-dashboard, edit-mind, enclosed, eventcatalog, evershop, ferrishare, fider, flatnotes, gatus, genkit, ghostfolio, gravity, handbrake-web, hedgedoc, helicone, heyform, hollo, hoodik, immich-power-tools, invoiceninja, jan, jelu, kanba, keila, kitops, koel, komga, komodo, kubero, leantime, lemmy, libredesk, linkding, linkwarden, litlyx, liveblocks, liveblog, localess, lowcoder, mastra, mathesar, mautic, mcp-toolbox, mediacms, meet, mem0, minthcm, mlflow, monetr, moodist, ms-agent, nanote, nginx-ui, ocis, omni-tools, oneuptime, openagents, openai-agents-js, openchangelog, openemr, openproject, operately, opik, panel, papra, peekaping, pgbackweb, phoenix, pixelfed, plex-rewind, poeticmetric, presenton, projectsend, ragflow, rallly, ray, requestly, retrom, rundeck, rybbit, ryot, sandbox, scrutiny, scrypted, seerr, semaphore, serpbear, server, snipe-it, solace-agent-mesh, solidtime, spliit, stagehand, stash, statping-ng, storyden, streamlit, stump, superagent, tailscale, talk, tianji, tracktor, tunarr, uncloud, usertour, vanilla-cookbook, vince, wakapi, wanderer, wapy.dev, warpgate, werf, windmill, woocommerce, worklenz, wud, xwiki-platform, your_spotify, yugabyte-db, zipline, ztnet, zwave-js-ui
axios high 216 tools 23 CVEs
CVEs
CVE-2020-28168, CVE-2021-3749, CVE-2023-45857, CVE-2024-39338, CVE-2025-27152, CVE-2025-58754, CVE-2025-62718, CVE-2026-25639, CVE-2026-39865, CVE-2026-40175, CVE-2026-42033, CVE-2026-42034, CVE-2026-42035, CVE-2026-42036, CVE-2026-42037, CVE-2026-42038, CVE-2026-42039, CVE-2026-42040, CVE-2026-42041, CVE-2026-42042, CVE-2026-42043, CVE-2026-42044, CVE-2026-42264
Tools
2FAuth, ART, AionUi, Arkime, CloudStack, Cosmos-Server, Crystal, DB-GPT, Deepfence ThreatMapper, DockFlare, ExcaliDash, FitTrackee, Fleet device management, Flowise, Froxlor, Gladys, Hi.Events, IRIS, Intel Owl, InvenTree, InvoiceShelf, Jellystat, LANCommander, LibreNMS, LightRAG, LinkStack, Lunalytics, Materialious, MediKeep, Medusa, MemMachine, MineContext, NextExplorer, Nhost, OliveTin, OpenArchiver, OpenHands, OpenSign, PatchMon, RecipeSage, Silex, SparkyFitness, Spoolman, SuggestArr, Tau, Termix, Timesketch, Vane, VaulTLS, Velociraptor, WGDashboard, Watcharr, WeKnora, Youtarr, agent-squad, agentops, anchr, answer, anything-llm, app, audiobookshelf, autogen, automatisch, baserow, bazarr, beeai-framework, big-AGI, bigcapital, blinko, booklogr, caddymanager, chartbrew, chroma, chronoframe, cmms, cms, composecraft, continue, convoy, dagu, daytona, dbgate, defguard, docking-station, dockman, documenso, docuseal, domain-locker, domain-watchdog, doris, drivebase, dust, electerm, evershop, filegator, firecrawl, fireshare, flatnotes, forms, gathio, genkit, gerbera, ghostfolio, grist-core, groceries, habitica, helicone, heyform, homarr, hoodik, hook0, hortusfox-web, ideon, immich-power-tools, investbrain, invoiceninja, invoicerr, jan, jelu, jetlog, kener, koel, komga, kubero, libredesk, linkwarden, litlyx, liveblocks, localess, logchef, lowcoder, many-notes, mastra, maxun, mcp-toolbox, mediacms, meet, mem0, meme-search, memories, mindsdb, minthcm, misskey, mixpost, multi-scrobbler, news, note-mark, notes, notifiarr, ocis, omni-tools, oneuptime, ontime, openagents, openai-agents-js, opencloud, operately, operational.co, opik, panel, papermark, pasta, pastefy, peekaping, pixelfed, presenton, projectsend, psitransfer, quickwit, ragflow, rallly, ray, retrom, richdocuments, romm, rotki, rybbit, scrypted, seerr, semantic-kernel, serpbear, server, slskd, snipe-it, solidtime, spooty, sprout-track, stagehand, statping-ng, steel-browser, stoatchat, streamystats, stump, superagent, swetrix, tables, talk, tianji, tinyauth, trulens, tududi, tunarr, umbrel, url-to-png, usertour, vanilla-cookbook, warpgate, wiredoor, woocommerce, worklenz, wud, xwiki-platform, your_spotify, yugabyte-db, ztnet, zwave-js-ui
vite high 212 tools 18 CVEs
CVEs
CVE-2023-34092, CVE-2023-49293, CVE-2024-23331, CVE-2024-31207, CVE-2024-45811, CVE-2024-45812, CVE-2025-24010, CVE-2025-30208, CVE-2025-31125, CVE-2025-31486, CVE-2025-32395, CVE-2025-46565, CVE-2025-58751, CVE-2025-58752, CVE-2025-62522, CVE-2026-39363, CVE-2026-39364, CVE-2026-39365
Tools
2FAuth, AdventureLog, AionUi, AutoGPT, BroadcastChannel, ByteStash, Catalyst, ChatDev, Cleanuparr, CodexMonitor, Cosmos-Server, Crystal, Deepfence ThreatMapper, DockFlare, Erugo, Flowise, GitSave, Goose, Hemmelig.app, HestiaCP, Hi.Events, IRIS, InvoiceShelf, IronCalc, Jellystat, LoggiFly, Lunalytics, MediKeep, Memori, MineContext, NextExplorer, Nexterm, OliveTin, Ombi, OmniPoly, OpenArchiver, OpenSign, OpnForm, OxiCloud, PatchMon, Pulsarr, RecipeSage, Scriberr, SeerrBridge, Shuffle, Silex, Sink, SparkyFitness, Splunk Attack Range, Spoolman, TaskTrove, Tasks.md, Terrateam, Timesketch, UrBackup, WGDashboard, WatchYourLAN, Watcharr, agent-lightning, agent-squad, agentscope, anything-llm, app-stormkit-io, atlas, automad, automatisch, backrest, bazarr, beeai-framework, bentopdf, bigcapital, bknd, blinko, booklogr, borg-ui, caddymanager, checkcle, claude-devtools, colanode, configarr, continue, cup, dashdot, daytona, defguard, dockman, documenso, domain-locker, domain-watchdog, dozzle, drivebase, drop, dust, enclosed, eventcatalog, fireshare, flatnotes, gameyfin, genkit, ghostfolio, groceries, grr, habitica, handbrake-web, helicone, heyform, hindsight, hollo, homarr, honey, hoodik, investbrain, invoiceninja, invoicerr, jan, jelu, kener, kite, kitops, komodo, kubero, langfuse, linkding, linkwarden, litlyx, liveblocks, localess, logchef, lowcoder, manifest, many-notes, mastra, mathesar, mbin, mediacms, melody-auth, mem0, middleware-manager, minthcm, mitmproxy, mixpost, moodist, ms-agent, multi-scrobbler, mydia, nanote, nginx-ui, notifiarr, obsidian-livesync, ocular, ollama, omni-tools, ontime, openai-agents-js, operately, operational.co, opik, panel, papra, pastefy, peekaping, phoenix, photofield, pigallery2, plikshare, poeticmetric, quickwit, ragflow, rallly, receipt-wrangler, requestly, retroassembly, retrom, rybbit, ryot, sandbox, semantic-kernel, server, shellhub, silverbullet, simplex-chat, solace-agent-mesh, solidtime, spooty, stagehand, steel-browser, storyden, stump, superagent, survey-library, tailscale, thrifty, tianji, traefik-log-dashboard, tugtainer, tunarr, typebot.io, umbrel, url-to-png, usertour, vanilla-cookbook, warpgate, whodb, windmill, worklenz, wud, xwiki-platform, yamlresume, yugabyte-db, zane-ops, zigbee2mqtt, zwave-js-ui
follow-redirects high 193 tools 5 CVEs
CVEs
CVE-2022-0155, CVE-2022-0536, CVE-2023-26159, CVE-2024-28849, GHSA-r4q5-vmmm-2653
Tools
2FAuth, 4gaBoards, ART, Ackee, ArgoCD, Cleanuparr, CloudStack, Cosmos-Server, Crystal, DB-GPT, Deepfence ThreatMapper, Flowise, Gladys, Guardian, Heimdall, Hi.Events, IRIS, ImmichFrame, Intel Owl, InvoiceShelf, Jellystat, LANCommander, LinkStack, MediKeep, Medusa, MineContext, NextExplorer, OliveTin, Ombi, OmniPoly, OpenArchiver, OpenSign, PrestaShop, Pulsarr, Silex, SparkyFitness, Spoolman, Tasks.md, Tau, Themis, Timesketch, UrBackup, Vane, WGDashboard, Watcharr, Youtarr, agent-squad, agentops, anchr, answer, anything-llm, app, audiobookshelf, autobrr, autogen, automad, automatisch, baserow, bazarr, beeai-framework, big-AGI, bigcapital, booklogr, caddymanager, casibase, chartbrew, chroma, chronoframe, cmms, composecraft, configarr, continue, cronitor-cli, daytona, dbgate, docking-station, dockman, docuseal, domain-locker, domain-watchdog, drivebase, dust, edit-mind, eventcatalog, evershop, filegator, firecrawl, fireshare, flatnotes, gathio, gatus, genkit, ghostfolio, groceries, grr, habitica, helicone, hermes-agent, heyform, hindsight, homer, hoodik, hook0, hortusfox-web, immich-power-tools, investbrain, invoiceninja, invoicerr, jan, jelu, kener, komodo, kubero, leantime, linkwarden, litlyx, liveblog, localess, lowcoder, many-notes, mediacms, meet, mem0, meme-search, memories, minthcm, misskey, mixpost, mlflow, multi-scrobbler, notifiarr, omni-tools, oneuptime, ontime, openagents, openbao, opencloud, operately, opik, panel, pasta, pastefy, peekaping, pigallery2, pixelfed, plikshare, presenton, projectsend, psitransfer, quickwit, ragflow, rallly, ray, receipt-wrangler, requestly, retrom, rotki, rundeck, rybbit, scrutiny, scrypted, seerr, semantic-kernel, serpbear, server, snipe-it, solace-agent-mesh, solidtime, spooty, sprout-track, stagehand, statping-ng, stoatchat, stump, superagent, talk, tianji, traefik-log-dashboard, tunarr, umbrel, uncloud, url-to-png, usertour, vanilla-cookbook, woocommerce, worklenz, wud, xwiki-platform, your_spotify, yugabyte-db, ztnet, zwave-js-ui
flatted high 192 tools 2 CVEs
CVEs
CVE-2026-32141, CVE-2026-33228
Tools
2FAuth, ArgoCD, AutoGPT, BroadcastChannel, ChatDev, Claudable, Claude Squad, ClipCascade, CloudStack, CodexMonitor, Cosmos-Server, Crystal, DB-GPT, Deepfence ThreatMapper, Fleet device management, Flowise, Gladys, Goose, Heimdall, Hi.Events, IRIS, Intel Owl, Jellystat, Kroki, Lidarr, MediKeep, Medusa, MineContext, NextExplorer, Nexterm, OliveTin, Ombi, OmniPoly, OpenSign, OpnForm, Packer, PeaNUT, PrestaShop, PrivateCaptcha, Radarr, Scriberr, SeerrBridge, Silex, Sink, Sonarr, SparkyFitness, Spoolman, TaskTrove, Tasks.md, TaxHacker, Themis, UrBackup, Vagrant, Watcharr, agent-lightning, agent-squad, anchr, answer, anything-llm, app, aurral, autogen, automatisch, backrest, bazarr, beeai-framework, big-AGI, bigcapital, bknd, blackcandy, bracket, casibase, checkcle, chibisafe, chroma, cmms, coder, composecraft, continue, cronitor-cli, dbgate, defguard, docking-station, dockman, dockwatch, docuseal, domain-locker, domain-watchdog, drivebase, dust, enclosed, eventcatalog, evershop, filegator, gathio, gatus, genkit, groceries, grr, habitica, handbrake-web, helicone, heyform, homer, hoodik, immich-power-tools, jan, jelu, kanba, kimai, kite, kitops, kubero, leantime, lemmy, libredesk, linkwarden, litlyx, liveblocks, liveblog, localess, lowcoder, mathesar, mediacms, meet, melody-auth, middleware-manager, minthcm, misskey, mitmproxy, mlflow, moodist, nanote, nginx-ui, nimtable, ollama, omni-tools, openagents, openchangelog, opik, panel, papra, pastefy, peekaping, photofield, picoshare, pigallery2, plex-rewind, poeticmetric, ragflow, ray, requestly, retrom, rspamd, rundeck, rybbit, sandbox, scrutiny, seerr, semantic-kernel, serpbear, server, snippetslibrary.com, solace-agent-mesh, solidtime, spliit, spooty, sprout-track, stagehand, statping-ng, storyden, stump, tailscale, talk, tianji, tunarr, umbrel, usertour, vanilla-cookbook, vince, wapy.dev, werf, windmill, woocommerce, worklenz, wud, xwiki-platform, your_spotify, yugabyte-db, zipline, zwave-js-ui
serialize-javascript high 188 tools 5 CVEs
CVEs
CVE-2019-16769, CVE-2020-7660, CVE-2024-11831, CVE-2026-34043, GHSA-5c6j-r48x-rmvq
Tools
4gaBoards, ArgoCD, AutoGPT, Cleanuparr, CloudStack, DB-GPT, Deepfence ThreatMapper, DockFlare, FingerprintJS, Fleet device management, Flowise, Gladys, Goose, Heimdall, ImmichFrame, Intel Owl, Jellystat, JuiceFS, LANCommander, Lidarr, LinkStack, Materialious, Medusa, NewsBlur, OliveTin, Ombi, Open-Web-Analytics, OpnForm, PeerTube, PrestaShop, PrivateBin, Pulsarr, Radarr, RecipeSage, SAMA, Scriberr, SeerrBridge, Shaarli, Silex, Sink, Sonarr, SparkyFitness, Spoolman, Tasks.md, TaxHacker, Themis, Timesketch, UrBackup, VueTorrent, Watcharr, answer, app, atomic-crm, audiobookshelf, autobrr, autogen, automad, automatisch, bazarr, bigbluebutton, bigcapital, booklogr, casibase, chartbrew, cleanslate, cmms, colanode, configarr, countly-server, cronitor-cli, dagu, daytona, dbgate, docker-staticmaps, docking-station, dockman, docuseal, domain-locker, domain-watchdog, drivebase, drop, dust, eigenfocus, endurain, evershop, filegator, gameyfin, gatus, genkit, gerbera, grist-core, grr, habitica, hedgedoc, hermes-agent, heyform, homebox, homer, hoodik, hook0, hortusfox-web, immich-power-tools, invoiceninja, jan, jelu, keila, kimai, koillection, komga, komodo, kubero, leantime, linkding, litlyx, liveblocks, liveblog, lowcoder, many-notes, mautic, mbin, mealie, mediacms, meet, memories, minthcm, mlflow, mobile-mcp, moodist, multi-scrobbler, nanote, ocular, openagents, openbao, openemr, operately, opik, owncast, panel, peekaping, picoshare, pigallery2, pixelfed, planka, portchecker.io, psitransfer, ragflow, rallly, ray, receipt-wrangler, recipes, requestly, romm, roundcubemail, rundeck, ryot, scrutiny, scrypted, seerr, semaphore, server, shellhub, slskd, snipe-it, solace-agent-mesh, spooty, sshwifty, starrocks, statistics-for-strava, statping-ng, steel-browser, stoatchat, stump, surmai, swetrix, talk, tianji, umbrel, uncloud, usertour, vanilla-cookbook, woocommerce, writefreely, wud, yugabyte-db, zitadel, ztnet, zwave-js-ui
qs high 185 tools 6 CVEs
CVEs
CVE-2014-10064, CVE-2014-7191, CVE-2017-1000048, CVE-2022-24999, CVE-2025-15284, CVE-2026-2391
Tools
ART, ArgoCD, AutoGPT, ByteStash, Checkov, Cleanuparr, ClipCascade, CloudStack, Concourse, Cosmos-Server, Crystal, DB-GPT, Deepfence ThreatMapper, FingerprintJS, Fleet device management, Flowise, GitSave, Gladys, Heimdall, Hi.Events, Intel Owl, Jellystat, KICS, Lidarr, LinkStack, Lunalytics, Medusa, Meelo, MineContext, NewsBlur, NextExplorer, Nexterm, Ombi, OmniPoly, OpenArchiver, OpnForm, PrestaShop, Pulsarr, Radarr, RecipeSage, Shuffle, Silex, Sink, Sonarr, Spoolman, Tasks.md, TaxHacker, Terminator, Themis, Timesketch, UrBackup, agent-squad, anchr, answer, anything-llm, app, audiobookshelf, autogen, automatisch, baserow, beeai-framework, bigcapital, caddymanager, casibase, chartbrew, chroma, cially, cmms, coder, configarr, continue, cronitor-cli, dagu, dashdot, daytona, dbgate, deck, dockman, docuseal, domain-locker, domain-watchdog, dozzle, drivebase, dust, dynamodb-dashboard, edit-mind, eigenfocus, eventcatalog, evershop, filegator, gathio, gatus, genkit, grist-core, groceries, grr, habitica, handbrake-web, hedgedoc, helicone, heyform, homarr, homer, hoodik, immich-power-tools, invoiceninja, jan, jelu, kanba, komga, komodo, kubero, langfuse, lemmy, libredesk, linkwarden, litlyx, liveblog, localess, lowcoder, mastra, mautic, mediacms, mem0, memories, mindsdb, minthcm, misskey, mixpost, mlflow, moodist, oneuptime, ontime, openagents, openai-agents-js, opik, owncast, papra, peekaping, photofield, pigallery2, pixelfed, poeticmetric, presenton, psitransfer, ragflow, rallly, ray, requestly, retrom, rundeck, rybbit, ryot, scrutiny, scrypted, seerr, semaphore, serpbear, server, shellhub, slskd, snipe-it, solace-agent-mesh, spooty, stagehand, statping-ng, stoatchat, stump, superagent, talk, tianji, typebot.io, umbrel, uncloud, url-to-png, usertour, vince, windmill, woocommerce, worklenz, wud, xwiki-platform, your_spotify, yugabyte-db, zane-ops
js-yaml high 177 tools 3 CVEs
CVEs
CVE-2025-64718, GHSA-2pr6-76vf-7546, GHSA-8j8c-7jfh-h6hx
Tools
ART, ArgoCD, AutoGPT, Claudable, Claude Squad, ClipCascade, CloudStack, Concourse, Cosmos-Server, Crystal, DB-GPT, Deepfence ThreatMapper, Fleet device management, Flowise, GitSave, Gladys, Heimdall, Hi.Events, IRIS, Intel Owl, Jenkins, JuiceFS, Lidarr, MediKeep, Medusa, Meelo, MineContext, OmniPoly, OpnForm, Packer, PeaNUT, PrestaShop, Pulsarr, Radarr, SAMA, Scriberr, SeerrBridge, Silex, Sink, Sonarr, TaskTrove, Tasks.md, Tau, Themis, UrBackup, Vagrant, Watcharr, agent-lightning, agent-squad, agentops, anchr, answer, anything-llm, app, app-stormkit-io, audiobookshelf, autogen, automad, automatisch, backrest, baserow, beeai-framework, bigcapital, bknd, blackcandy, booklogr, caddymanager, chartbrew, checkcle, chibisafe, chroma, cmms, coder, composecraft, configarr, continue, daytona, dbgate, docking-station, docuseal, domain-locker, domain-watchdog, drivebase, dust, eigenfocus, enclosed, eventcatalog, filegator, gameyfin, gathio, gatus, genkit, grist-core, groceries, grr, habitica, hedgedoc, helicone, heyform, hoodik, humhub, immich-power-tools, invoiceninja, jan, jelu, kanba, kitops, komodo, kubero, libredesk, litlyx, liveblog, localess, lowcoder, mathesar, mediacms, meet, melody-auth, mem0, mindsdb, minthcm, mitmproxy, mlflow, moodist, nanote, nimtable, ollama, omni-tools, openagents, openchangelog, operately, opik, panel, papra, peekaping, picoshare, pigallery2, profilarr, quickwit, rallly, ray, requestly, retrom, rundeck, ryot, sandbox, scrypted, seerr, semantic-kernel, semaphore, serpbear, server, snippetslibrary.com, stagehand, stash, statping-ng, stoatchat, storyden, superagent, talk, tianji, tunarr, umbrel, uncloud, usertour, vince, werf, whodb, windmill, woocommerce, worklenz, wud, xwiki-platform, yugabyte-db, zane-ops, zipline, ztnet
path-to-regexp high 174 tools 5 CVEs
CVEs
CVE-2024-45296, CVE-2024-52798, CVE-2026-4867, CVE-2026-4923, CVE-2026-4926
Tools
ART, ArgoCD, BroadcastChannel, ByteStash, Cleanuparr, CloudStack, Concourse, Cosmos-Server, Crystal, DB-GPT, Deepfence ThreatMapper, FingerprintJS, Flowise, GitSave, Gladys, Goose, Heimdall, Hi.Events, Intel Owl, Jellystat, KICS, LinkStack, Lunalytics, Meelo, MeshCentral, MineContext, NewsBlur, NextExplorer, Nexterm, Nhost, Ombi, OmniPoly, OpenArchiver, OpenSign, PrestaShop, Pulsarr, Raneto, Shuffle, Silex, SparkyFitness, Spoolman, Tasks.md, Terminator, Themis, Timesketch, UrBackup, Watcharr, agent-zero, anchr, answer, anything-llm, app, atomic-crm, audiobookshelf, autogen, automatisch, beeai-framework, bigcapital, caddymanager, casibase, chartbrew, chroma, cially, cmms, coder, configarr, continue, cronitor-cli, dagu, dashdot, daytona, dbgate, deck, dockman, docs, docuseal, domain-locker, domain-watchdog, doris, drivebase, dust, edit-mind, eigenfocus, eventcatalog, evershop, figranium, filegator, gathio, gatus, genkit, grist-core, groceries, grr, habitica, handbrake-web, hedgedoc, helicone, hermes-agent, heyform, invoiceninja, invoicerr, kener, komga, komodo, kubero, langfuse, leantime, lemmy, litlyx, liveblog, localess, lowcoder, mastra, mcp-toolbox, mediacms, meet, mem0, middleware-manager, mindsdb, minthcm, mlflow, moodist, oneuptime, ontime, openagents, openai-agents-js, panel, peekaping, phoenix, photofield, pigallery2, pixelfed, poeticmetric, portchecker.io, psitransfer, rallly, ray, receipt-wrangler, requestly, retroassembly, richdocuments, rundeck, rybbit, ryot, scrutiny, scrypted, seerr, semaphore, server, slskd, snipe-it, spooty, stagehand, statping-ng, stoatchat, storyden, stump, superagent, talk, tianji, traefik-log-dashboard, umbrel, uncloud, usertour, vince, whodb, woocommerce, worklenz, wud, your_spotify, yugabyte-db, zane-ops, ztnet, zwave-js-ui
ip-address medium 173 tools 1 CVEs
CVEs
CVE-2026-42338
Tools
ART, Arkime, Checkmate, Cinephage, Claudable, Cleanuparr, Concourse, Cronicle, Crystal, DNSControl, Deepfence ThreatMapper, DocsGPT, ExcaliDash, Fleet device management, Flowise, Gladys, Goose, Guardian, Jenkins, Kavita, Kroki, Maintainerr, Materialious, Medusa, Meelo, MemMachine, Memori, MineContext, NextExplorer, Nexterm, Ombi, OpenArchiver, PeerTube, Raneto, RecipeSage, Silex, SillyTavern, SparkyFitness, Termix, Tracearr, WGDashboard, Youtarr, agent-squad, anything-llm, app, app-stormkit-io, atomic-crm, aurral, authgear-server, automatisch, beeai-framework, big-AGI, bigbluebutton, bigcapital, budget-board, caddymanager, chartbrew, chibisafe, cially, claude-devtools, colanode, composecraft, configarr, continue, countly-server, cronitor-cli, cupdate, dashdot, daytona, dbgate, docker-staticmaps, dockman, domain-locker, drivebase, dust, edit-mind, electerm, etherpad-lite, evcc, eventcatalog, figranium, firecrawl, flood, formbricks, genkit, gerbera, ghostfolio, grist-core, grr, hedgedoc, heyform, homarr, hoodik, ideon, immich-power-tools, invoice-builder, invoicerr, jan, kaneo, kimai, kopia, kubero, langfuse, linkwarden, litlyx, localess, lowcoder, mastra, mautic, mcp-toolbox, mediacms, meet, melody-auth, metube, mindsdb, misskey, mlflow, mobile-mcp, nanote, nixopus, obsidian-livesync, oneuptime, ontime, openagents, openai-agents-js, openemr, openproject, owncast, papermark, phoenix, pigallery2, pinchflat, pixelfed, plikshare, portabase, presenton, rallly, receipt-wrangler, requestly, rotki, rybbit, scrypted, seerr, serpbear, server, spooty, sshwifty, stagehand, steel-browser, storyden, streamlit, stump, surmai, talk, tianji, traefik-log-dashboard, trailarr, tududi, tugtainer, tunarr, usertour, vikunja, voidauth, warpgate, whodb, wiredoor, woocommerce, wud, yugabyte-db, zigbee2mqtt, zitadel, ztnet, zwave-js-ui
rollup high 170 tools 2 CVEs
CVEs
CVE-2024-47068, CVE-2026-27606
Tools
AdventureLog, AutoGPT, BroadcastChannel, ByteStash, ChatDev, Checkmate, CodexMonitor, Cosmos-Server, Crystal, DB-GPT, Deepfence ThreatMapper, Erugo, Flowise, GitSave, Gladys, HestiaCP, Hi.Events, IRIS, Intel Owl, IronCalc, Jellystat, LoggiFly, MediKeep, MineContext, Netcap, NextExplorer, Nexterm, OliveTin, Ombi, OmniPoly, OpenArchiver, OpnForm, Scriberr, SeerrBridge, Shuffle, Silex, Sink, Splunk Attack Range, Spoolman, TaskTrove, Tasks.md, TaxHacker, UrBackup, WatchYourLAN, Watcharr, Youtarr, agent-lightning, agent-squad, agentscope, answer, anything-llm, app-stormkit-io, automad, automatisch, backrest, bazarr, beeai-framework, bigcapital, blinko, caddymanager, casibase, checkcle, chroma, cmms, coder, configarr, continue, cronitor-cli, dashdot, docking-station, dockman, documenso, domain-locker, domain-watchdog, dozzle, drivebase, drop, dust, enclosed, eventcatalog, figranium, flatnotes, gameyfin, genkit, groceries, grr, habitica, handbrake-web, helicone, heyform, hollo, honey, hoodik, investbrain, invoiceninja, jan, jelu, kitops, kubero, linkding, linkwarden, litlyx, liveblocks, localess, lowcoder, many-notes, mastra, mathesar, mediacms, meet, melody-auth, mem0, memories, middleware-manager, mitmproxy, mixpost, moodist, ms-agent, nanote, notifiarr, ollama, omni-tools, openagents, openbao, openchangelog, operately, opik, panel, papra, pastefy, peekaping, photofield, pigallery2, poeticmetric, ragflow, rallly, ray, requestly, retrom, roundcubemail, rybbit, ryot, sandbox, scrypted, semantic-kernel, server, silverbullet, simplex-chat, solace-agent-mesh, spooty, stagehand, storyden, stump, superagent, survey-library, swetrix, tailscale, tianji, tunarr, umbrel, url-to-png, usertour, vanilla-cookbook, worklenz, wud, xwiki-platform, yugabyte-db, zane-ops, zigbee2mqtt, zipline
requests high 163 tools 8 CVEs
CVEs
CVE-2014-1829, CVE-2014-1830, CVE-2015-2296, CVE-2018-18074, CVE-2023-32681, CVE-2024-35195, CVE-2024-47081, CVE-2026-25645
Tools
AIOS, ART, AdalFlow, AdventureLog, Ajenti, Alerta, AutoGPT, Beats, CAPA, Calibre-Web-Automated, ChatDev, Checkov, ClickHouse, ClipCascade, CloudStack, ComfyUI, DB-GPT, Deepfence ThreatMapper, Docker Compose, FlareSolverr, Goose, Guardrails, IRIS, KICS, Kapowarr, Kometa, LibreTranslate, LightRAG, Mailu, Medusa, MemMachine, Memori, MusicService, NSD, NetAlertX, NewsBlur, OctoPrint, Performance Co-Pilot, PinePods, Plaso, Podman, Portall, RadaRec, Ralph, Salt, Scrapegraph-ai, SeerrBridge, SharedMoments, SonaShow, SoulSync, SparkyBudget, Splunk Attack Range, SuggestArr, Tamari, Tau, Text Generation Web UI, Timesketch, Upsonic, VaulTLS, WGDashboard, Warracker, WeKnora, Xandikos, Zeek Analysis Tools (ZAT), Zentral, Zircolite, adk-python, agency-swarm, agent-lightning, agent-squad, agentops, agno, app, apprise, auto-mcs, autogen, autokitteh, beaverhabits, beeai-framework, bugsink, bunkerweb, calibre-web, camel, chatgpt-on-wechat, cloud-init, cloudflared, clu-comics, continue, crewAI, daytona, deeplake, diskover-community, doris, dragonfly, firecrawl, fireshare, fitbit-grafana, garmin-grafana, genkit, geode, giftmanager, gramps, grr, helicone, hindsight, homebox, jetlog, kinto, langchain, langgraph, langroid, linkding, llama_index, mantium, mcp-context-forge, mediacms, mem0, meme-search, mflux, milvus, mitmproxy, mlflow, ms-agent, mydia, mylar3, openagents, openai-agents-python, opik, papermark, parlant, phoenix, posterizarr, ppt-master, profilarr, pwgen, pyload, qdrant, ragflow, ray, riven, romm, rss-bridge, sandbox, scraparr, scrypted, semantic-kernel, shelfmark, sonobarr, speaches, streamlit, swingmusic, trulens, tugtainer, vllm, warpgate, wazuh, windmill, wizarr, ydb, yugabyte-db, yunohost, zane-ops, zenml
tar high 147 tools 15 CVEs
CVEs
CVE-2021-32803, CVE-2021-32804, CVE-2021-37701, CVE-2021-37712, CVE-2021-37713, CVE-2024-28863, CVE-2025-64118, CVE-2026-23745, CVE-2026-23950, CVE-2026-24842, CVE-2026-26960, CVE-2026-29786, CVE-2026-31802, CVE-2026-33055, CVE-2026-33056
Tools
ART, ArgoCD, BroadcastChannel, ByteStash, Claudable, ClickHouse, CloudStack, CodexMonitor, Crystal, Flowise, Gladys, Goose, Guardian, IronCalc, Maintainerr, Materialious, Medusa, Meelo, MineContext, NewsBlur, NextExplorer, Ombi, OpenArchiver, OpenSign, OpnForm, PrestaShop, Scriberr, SeerrBridge, Silex, Sink, SparkyFitness, TaskTrove, Tau, Termix, Ticky, UrBackup, agent-squad, anchr, app, app-stormkit-io, audiobookshelf, automatisch, baserow, beeai-framework, bigcapital, bknd, blinko, chartbrew, chibisafe, chroma, chronoframe, clamav, claude-devtools, cmms, colanode, continue, countly-server, dashdot, daytona, dbgate, dockman, domain-locker, drop, dust, enclosed, figranium, gameyfin, genkit, grist-core, groceries, grr, habitica, hedgedoc, helicone, heyform, immich-power-tools, investbrain, jan, jelu, kimai, kitsu, kubero, linkwarden, litlyx, liveblog, localess, lowcoder, many-notes, manyfold, mastra, mautic, mcp-toolbox, mediacms, melody-auth, mindsdb, misskey, mixpost, mlflow, moodist, nanote, nimtable, ollama, ontime, open-dronelog, openagents, openai-agents-js, openemr, owncast, papermark, papra, peekaping, pigallery2, pinchflat, presenton, rallly, ray, receipt-wrangler, requestly, retrom, ryot, scrutiny, scrypted, seerr, serpbear, server, shellhub, snippetslibrary.com, solace-agent-mesh, spooty, stagehand, steel-browser, storyden, stump, superagent, talk, tianji, tunarr, usertour, windmill, woocommerce, worklenz, writefreely, wud, yugabyte-db, zane-ops, zipline, zwave-js-ui