LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.1	MS:CVE-2026-12458	Chromium: CVE-2026-12458 Incorrect security UI in Passwords_MS:CVE-2026-12458 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE
LOW 2.1	CVE-2026-47241	Net::IMAP: Denial of Service via incomplete raw argument validation_CVE-2026-47241 Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands ac...	ruby	net-imap >= 0.6.0, < 0.6.4.1	Jun 22, 2026	CVE
LOW 3.1	CVE-2026-53663	React Router: `handleDocumentRequest` CSRF check covers `POST` only; PUT/PATCH/DELETE bypass_CVE-2026-53663 React Router is a router for React. From 7.12.0 until 7.15.1, certain CSRF checks in React Router v7 Framework Mode were insufficient and run on PO...	remix-run	react-router >= 7.12.0, < 7.15.1	Jun 22, 2026	CVE
LOW 3.7	CVE-2026-48931	CVE-2026-48931_CVE-2026-48931 A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the request. This vulnerab...	nodejs	node 22.22.3	Jun 22, 2026	CVE
LOW 3.7	CVE-2026-54282	Starlette: Unvalidated request path concatenated into authority poisons request.url.hostname_CVE-2026-54282 Starlette is a lightweight ASGI framework/toolkit. Prior to 1.3.0, the HTTP request path is not validated before being used to reconstruct request....	Kludex	starlette < 1.3.0	Jun 22, 2026	CVE
LOW 1.7	CVE-2026-54280	AIOHTTP: Payload Response Resources Are Not Closed After Mid-Body Disconnect_CVE-2026-54280 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, payload resources are not closed correctly when a ...	aio-libs	aiohttp < 3.14.1	Jun 22, 2026	CVE
LOW 1.3	CVE-2026-54279	AIOHTTP: Host-Only Cookies Become Domain Cookies After CookieJar Persistence_CVE-2026-54279 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, host-only cookies that are saved with CookieJar.sa...	aio-libs	aiohttp < 3.14.1	Jun 22, 2026	CVE
LOW 2.7	CVE-2026-54275	AIOHTTP: TLS Server Hostname Override Is Ignored When Reusing HTTPS Connections_CVE-2026-54275 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, the server_hostname TLS SNI check can be bypassed ...	aio-libs	aiohttp < 3.14.1	Jun 22, 2026	CVE
LOW 3.7	CVE-2026-53540	Python-Multipart: Negative Content-Length in parse_form buffers the entire body in memory_CVE-2026-53540 Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.31, parse_form() did not validate the Content-Length header before using ...	Kludex	python-multipart < 0.0.31	Jun 22, 2026	CVE
LOW 3.7	CVE-2026-53538	Python-Multipart: Semicolon treated as querystring field separator enables parameter smuggling_CVE-2026-53538 Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, QuerystringParser treated ; as a field separator in application/x-www...	Kludex	python-multipart < 0.0.30	Jun 22, 2026	CVE