Security Advisories
A list of vulnerabilities (CVE / GHSA) publicly disclosed by Tencent Zhuque Lab. View as JSONopen_in_new
bug_report
Vulnerabilities
67
deployed_code
Products
21
leaderboard
Severity Breakdown
-
open_in_newCritical CVE-2026-33873 CWE-94
Langflow has Authenticated Code Execution in Agentic Assistant Validation
deployed_code Affected: langflow <= 1.8.1 calendar_today Published: March 26, 2026 -
open_in_newCritical CVE-2026-4725 CWE-416
Sandbox escape due to use-after-free in the Graphics: Canvas2D component
deployed_code Affected: firefox < 149 calendar_today Published: March 24, 2026 -
open_in_newCritical CVE-2026-3846 CWE-346
Same-origin policy bypass in the CSS Parsing and Computation component
deployed_code Affected: firefox < 148.0.2 calendar_today Published: March 10, 2026 -
open_in_newCritical CVE-2025-47277 CWE-502
Remote Code Execution via PyNcclPipe Communication Service
deployed_code Affected: vllm >=0.6.5,<0.8.5 calendar_today Published: May 20, 2025 -
open_in_newCritical CVE-2025-32444 CWE-502
vLLM Vulnerable to Remote Code Execution via Mooncake Integration
deployed_code Affected: vllm >= 0.6.5, < 0.8.5 calendar_today Published: April 29, 2025 -
open_in_newCritical CVE-2025-29783 CWE-502
vLLM Allows Remote Code Execution via Mooncake Integration
deployed_code Affected: vllm >= 0.6.5, < 0.8.0 calendar_today Published: March 19, 2025 -
open_in_newCritical CVE-2024-5480 CWE-77
A vulnerability in the PyTorch's torch.distributed.rpc
deployed_code Affected: PyTorch < 2.2.2 calendar_today Published: June 06, 2024
Per page
