Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

298 New today

64,624 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

303

Jun 22

Jun 23

Critical

High

Medium

Low

Latest

CVE CVSS 5.3

opentelemetry-js: Unbounded memory allocation in W3C Baggage propagation_CVE-2026-54285

opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 2.8.0, W3CBaggagePropagator.extract() in @opentelemetry/core does not enforce size limits when parsing inbound baggage HTTP headers. The W3C Baggage specification recommends a maximum of 8,192 bytes and 180 entr...

CVE-2026-54285 open-telemetry opentelemetry-js < 2.8.0

Jun 22, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-54283	Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS_CVE-2026-54283 Starlette is a lightweight ASGI framework/toolkit. From 0.4.1 until 1.3.1, request.form() accepts max_fields and max_part_size to bound resource co...	Kludex	starlette >= 0.4.1, < 1.3.1	Jun 22, 2026	CVE
LOW 3.7	CVE-2026-54282	Starlette: Unvalidated request path concatenated into authority poisons request.url.hostname_CVE-2026-54282 Starlette is a lightweight ASGI framework/toolkit. Prior to 1.3.0, the HTTP request path is not validated before being used to reconstruct request....	Kludex	starlette < 1.3.0	Jun 22, 2026	CVE
LOW 1.7	CVE-2026-54280	AIOHTTP: Payload Response Resources Are Not Closed After Mid-Body Disconnect_CVE-2026-54280 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, payload resources are not closed correctly when a ...	aio-libs	aiohttp < 3.14.1	Jun 22, 2026	CVE
LOW 1.3	CVE-2026-54279	AIOHTTP: Host-Only Cookies Become Domain Cookies After CookieJar Persistence_CVE-2026-54279 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, host-only cookies that are saved with CookieJar.sa...	aio-libs	aiohttp < 3.14.1	Jun 22, 2026	CVE
MEDIUM 6.6	CVE-2026-54278	AIOHTTP: Unread Compressed Request Bodies Bypass client_max_size During Cleanup_CVE-2026-54278 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, during cleanup it is possible for a compressed req...	aio-libs	aiohttp < 3.14.1	Jun 22, 2026	CVE
MEDIUM 6.6	CVE-2026-54277	AIOHTTP: C HTTP Parser Bypasses max_line_size for Fragmented Lines_CVE-2026-54277 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, it is possible to bypass the max_line_size check i...	aio-libs	aiohttp < 3.14.1	Jun 22, 2026	CVE
MEDIUM 6.3	CVE-2026-54276	AIOHTTP: DigestAuthMiddleware Applies Credentials to Cross-Origin Redirect Challenges_CVE-2026-54276 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, DigestAuthMiddleware can send an authentication re...	aio-libs	aiohttp < 3.14.1	Jun 22, 2026	CVE
LOW 2.7	CVE-2026-54275	AIOHTTP: TLS Server Hostname Override Is Ignored When Reusing HTTPS Connections_CVE-2026-54275 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, the server_hostname TLS SNI check can be bypassed ...	aio-libs	aiohttp < 3.14.1	Jun 22, 2026	CVE
MEDIUM 6.6	CVE-2026-54274	AIOHTTP: Incomplete websocket frame payloads bypass memory limits_CVE-2026-54274 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, if an attacker sends large incomplete websocket fr...	aio-libs	aiohttp < 3.14.1	Jun 22, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

opentelemetry-js: Unbounded memory allocation in W3C Baggage propagation_CVE-2026-54285

Recent Advisories

Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS_CVE-2026-54283

Starlette: Unvalidated request path concatenated into authority poisons request.url.hostname_CVE-2026-54282

AIOHTTP: Payload Response Resources Are Not Closed After Mid-Body Disconnect_CVE-2026-54280

AIOHTTP: Host-Only Cookies Become Domain Cookies After CookieJar Persistence_CVE-2026-54279

AIOHTTP: Unread Compressed Request Bodies Bypass client_max_size During Cleanup_CVE-2026-54278

AIOHTTP: C HTTP Parser Bypasses max_line_size for Fragmented Lines_CVE-2026-54277

AIOHTTP: DigestAuthMiddleware Applies Credentials to Cross-Origin Redirect Challenges_CVE-2026-54276

AIOHTTP: TLS Server Hostname Override Is Ignored When Reusing HTTPS Connections_CVE-2026-54275

AIOHTTP: Incomplete websocket frame payloads bypass memory limits_CVE-2026-54274

Protect Your Attack Surface with RedGem

Security Intelligence
Feed