Report a CVE to HeroDevs

Committed to Security and Confidentiality

At HeroDevs, safeguarding the security of open-source software and its ecosystem is our priority. As a Certified Numbering Authority (CNA), we ensure your vulnerability reports are handled with utmost confidentiality and professionalism.

Report Vulnerability
Vulnerability Directory
White arrow
Search tool icon

Report a Vulnerability

When you report a CVE, you can trust that:
  • Your submission is reviewed promptly and securely by our team of security experts.
  • Details of the vulnerability will not be disclosed until appropriate patches are developed and coordinated with the necessary stakeholders.
  • Your role as the reporter will be respected, with attribution provided as per your preference.
Every vulnerability we address strengthens the open-source ecosystem and ensures the continued security of end-of-life software. At HeroDevs, we actively track, assess, and address vulnerabilities to safeguard the security of open source software and protect the businesses that rely on it.

By clicking “submit” I acknowledge receipt of our Privacy Policy.

Thank you! Your submission has been received!
Please enter a company email.
Early Detection and CVE Remediation

187 Security Issues Fixed
(and always looking for more)

Below is a snapshot of the most recent 10 of 75 vulnerabilities in our database, demonstrating our commitment to transparency and proactive security.
Severity
ID
Technology
Libraries Affected
Category
Version(s) Affected
Published Date
Medium
CVE-2026-22745
Open in new tab icon
Spring
Spring Framework
No items found.
>=3.0.0 <=5.3.47, >=6.0.0 <=6.0.23, >=6.1.0 <=6.1.26, >=6.2.0 <=6.2.17, >=7.0.0 <=7.0.6
Apr 17, 2026
Low
CVE-2026-22741
Open in new tab icon
Spring
Spring Framework
No items found.
>=4.1.7 <=4.3.30, >=5.0.0 <=5.3.47, >=6.0.0 <=6.0.23, >=6.1.0 <=6.1.26, >=6.2.0 <=6.2.17, >=7.0.0 <=7.0.6
Apr 17, 2026
Medium
CVE-2026-22740
Open in new tab icon
Spring
Spring Framework
No items found.
>=5.0.0 <=5.3.47, >=6.0.0 <=6.0.23, >=6.1.0 <=6.1.26, >=6.2.0 <=6.2.17, >=7.0.0 <=7.0.6
Apr 17, 2026
Medium
CVE-2026-3532
Open in new tab icon
Drupal 7
OpenID Connect
Broken Access
>=7.1.0 <=7.1.3
Apr 16, 2026
Medium
CVE-2026-3531
Open in new tab icon
Drupal 7
OpenID Connect
No items found.
>=7.1.0 <=7.1.3
Apr 16, 2026
Medium
CVE-2026-3530
Open in new tab icon
Drupal 7
OpenID Connect
Information Exposure
>=7.1.0 <=7.1.3
Apr 16, 2026
High
CVE-2026-32178
Open in new tab icon
.NET
.NET Runtime / System.Net.Mail
Improper Neutralization of Special Elements
.ASP.NET Core: >= 6.0.0 <= 6.0.39 >= 8.0.0 <= 8.0.25 >= 9.0.0 <= 9.0.14 <= 10.0.0 <= 10.0.5
Apr 15, 2026
High
CVE-2026-26171
Open in new tab icon
.NET
.NET Runtime / System.Security.Cryptography.Xml
Uncontrolled Resource Consumption
Improper Restriction of XML External Entity Reference
ASP.NET Core: >= 6.0.0 <= 6.0.39 >= 8.0.0 <= 8.0.25 >= 9.0.0 <= 9.0.14 <= 10.0.0 <= 10.0.5
Apr 15, 2026
Medium
CVE-2026-4093
Open in new tab icon
Drupal 7
Term Reference Tree Widget
Cross-Site Scripting
>= 7.1.x <=7.1.11
Apr 15, 2026
Medium
CVE-2026-3214
Open in new tab icon
Drupal 7
CAPTCHA
Broken Access
>=7.1.0 <=7.1.7
Apr 15, 2026
For more details on CVEs found in end-of-life software, visit our vulnerability directory.
View Full Directory
Arrow
Report A Vulnerability