Report a CVE to HeroDevs

Committed to Security and Confidentiality

At HeroDevs, safeguarding the security of open-source software and its ecosystem is our priority. As a Certified Numbering Authority (CNA), we ensure your vulnerability reports are handled with utmost confidentiality and professionalism.

Report Vulnerability
Vulnerability Directory
White arrow
Search tool icon

Report a Vulnerability

When you report a CVE, you can trust that:
  • Your submission is reviewed promptly and securely by our team of security experts.
  • Details of the vulnerability will not be disclosed until appropriate patches are developed and coordinated with the necessary stakeholders.
  • Your role as the reporter will be respected, with attribution provided as per your preference.
Every vulnerability we address strengthens the open-source ecosystem and ensures the continued security of end-of-life software. At HeroDevs, we actively track, assess, and address vulnerabilities to safeguard the security of open source software and protect the businesses that rely on it.

By clicking “submit” I acknowledge receipt of our Privacy Policy.

Thank you! Your submission has been received!
Please enter a company email.
Early Detection and CVE Remediation

187 Security Issues Fixed
(and always looking for more)

Below is a snapshot of the most recent 10 of 75 vulnerabilities in our database, demonstrating our commitment to transparency and proactive security.
Severity
ID
Technology
Libraries Affected
Category
Version(s) Affected
Published Date
Medium
CVE-2026-44577
Open in new tab icon
Next.js
Next.js
Denial of Service
>=10.0.0 <15.5.16, >=16.0.0 <16.2.5
May 20, 2026
Medium
CVE-2026-43512
Open in new tab icon
Apache Tomcat
Apache Tomcat
Authorization Bypass
>=8.5.0 <=8.5.100, >=9.0.0-M1 <=9.0.117, >=10.1.0-M1 <=10.1.54, >=11.0.0-M1 <=11.0.21
May 19, 2026
High
CVE-2026-44573
Open in new tab icon
Next.js
Next.js
Broken Access
>=12.2.0 <15.5.16, >=16.0.0 <16.2.5
May 18, 2026
Low
CVE-2026-44572
Open in new tab icon
Next.js
Next.js
Cache Poisoning
>=12.2.0 <15.5.16, >=16.0.0 <16.2.5
May 18, 2026
Low
CVE-2026-41284
Open in new tab icon
Apache Tomcat
Apache Tomcat
Denial of Service
>=8.5.0 <=8.5.100, >=9.0.0.M1 <=9.0.117, >=10.1.0-M1 <=10.1.54, >=11.0.0-M1 <=11.0.21
May 18, 2026
Low
CVE-2026-42498
Open in new tab icon
Apache Tomcat
Apache Tomcat
Content Spoofing
>=8.5.0 <=8.5.100, >=9.0.2 <=9.0.117, >=10.1.0-M1 <=10.1.54, >=11.0.0-M1 <=11.0.21
May 18, 2026
Low
CVE-2026-41293
Open in new tab icon
Apache Tomcat
Apache Tomcat
Content Spoofing
>=8.5.0 <=8.5.100, >=9.0.0.M1 <=9.0.117, >=10.1.0-M1 <=10.1.54, >=11.0.0-M1 <=11.0.21
May 18, 2026
Low
CVE-2026-43513
Open in new tab icon
Apache Tomcat
Apache Tomcat
Content Spoofing
>=8.5.0 <=8.5.100, >=9.0.0.M1 <=9.0.117, >=10.1.0-M1 <=10.1.54, >=11.0.0-M1 <=11.0.21
May 18, 2026
Low
CVE-2026-43514
Open in new tab icon
Apache Tomcat
Apache Tomcat
Content Spoofing
>=8.5.0 <=8.5.100, >=9.0.0.M1 <=9.0.117, >=10.1.0-M1 <=10.1.54, >=11.0.0-M1 <=11.0.21
May 18, 2026
Medium
CVE-2026-43515
Open in new tab icon
Apache Tomcat
Apache Tomcat
Incorrectly Configured Access Control
>=8.5.0 <=8.5.100, >=9.0.0.M1 <=9.0.117, >=10.1.0-M1 <=10.1.54, >=11.0.0-M1 <=11.0.21
May 18, 2026
For more details on CVEs found in end-of-life software, visit our vulnerability directory.
View Full Directory
Arrow
Report A Vulnerability