SBOM Analytics Dashboard

Insights from over 1 million Software Bill of Materials

-
Total Vulnerabilities
12% from last week
-
Unique Components
8% from last week
-
Critical Vulnerabilities
3 new this week
85%
Security Trend
Improving

Top 10 Critical Vulnerabilities Across All SBOMs

CVE-2024-28180
Severity: Medium

277,763 occurrences

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set o...

CVE-2024-24786
Severity: Medium

95,647 occurrences

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of inval...

CVE-2023-39318
Severity: Medium

63,926 occurrences

The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" co...

CVE-2023-39319
Severity: Medium

63,049 occurrences

The html/template package does not apply the proper rules for handling occurrences of "<script", "<!...

CVE-2023-39326
Severity: Medium

62,735 occurrences

A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or respo...

CVE-2025-30204
Severity: High

61,626 occurrences

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to version...

CVE-2023-45288
Severity: High

59,773 occurrences

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an exce...

CVE-2024-40635
Severity: Medium

58,789 occurrences

containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6....

CVE-2023-29406
Severity: Medium

57,444 occurrences

The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Hos...

CVE-2023-29409
Severity: Medium

50,590 occurrences

Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU t...

Top Vulnerabilities

Most Used Components