
Report a CVE to HeroDevs
Committed to Security and Confidentiality
At HeroDevs, safeguarding the security of open-source software and its ecosystem is our priority. As a Certified Numbering Authority (CNA), we ensure your vulnerability reports are handled with utmost confidentiality and professionalism.
Report a Vulnerability
When you report a CVE, you can trust that:
- Your submission is reviewed promptly and securely by our team of security experts.
- Details of the vulnerability will not be disclosed until appropriate patches are developed and coordinated with the necessary stakeholders.
- Your role as the reporter will be respected, with attribution provided as per your preference.
Every vulnerability we address strengthens the open-source ecosystem and ensures the continued security of end-of-life software. At HeroDevs, we actively track, assess, and address vulnerabilities to safeguard the security of open source software and protect the businesses that rely on it.
Early Detection and CVE Remediation
187 Security Issues Fixed
(and always looking for more)
Below is a snapshot of the most recent 10 of 75 vulnerabilities in our database, demonstrating our commitment to transparency and proactive security.
Severity
ID
Technology
Libraries Affected
Category
Version(s) Affected
Published Date
Low
Apache Tomcat
Apache Tomcat
Authorization Bypass
>=8.5.0 <=8.5.100, >=9.0.0.M1 <9.0.120, >=10.1.0-M1 <10.1.57, >=11.0.0-M1 <11.0.24
Jul 16, 2026
Medium
Node.js
Http Proxy Middleware
Improper Input Validation (4.16)
>=0.16.0 <2.0.10 >=3.0.0 <3.0.6 >=4.0.0 <4.1.0
Jul 14, 2026
High
NES for Protocol Buffers
Protocol Buffers
Denial of Service
<3.25.5, >=4.0.0-RC1 <4.27.5, >=4.28.0-RC1 <4.28.2
Jul 9, 2026
High
Angular
Angular
Cross-Site Scripting
>= 22.0.0-next.0 < 22.0.1 >= 21.0.0-next.0 < 21.2.17 >= 20.0.0-next.0 < 20.3.25 <= 19.2.25
Jul 9, 2026
High
Angular
Angular
Denial of Service
>= 22.0.0-next.0 < 22.0.1 >= 21.0.0-next.0 < 21.2.17 >= 20.0.0-next.0 < 20.3.25 <= 19.2.25
Jul 9, 2026
High
Angular
Angular
Resource Injection
>= 22.0.0-next.0 < 22.0.1 >= 21.0.0-next.0 < 21.2.17 >= 20.0.0-next.0 < 20.3.25 <= 19.2.25
Jul 9, 2026
Medium
Angular
Angular
Cross-Site Scripting
>= 22.0.0-next.0 < 22.0.1 >= 21.0.0-next.0 < 21.2.17 >= 20.0.0-next.0 < 20.3.25 <= 19.2.25
Jul 8, 2026
High
Angular
Angular
Information Exposure
>= 22.0.0-next.0 < 22.0.1 >= 21.0.0-next.0 < 21.2.17 >= 20.0.0-next.0 < 20.3.25 <= 19.2.25
Jul 8, 2026
For more details on CVEs found in end-of-life software, visit our vulnerability directory.