Sdk
This hub aggregates every CVE we track for Sdk, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
141
CVEs tracked
50
Critical
27
High
0
In CISA KEV
Severity distribution
MEDIUM55CRITICAL50HIGH27LOW9
Monthly trend
0
0
0
0
0
0
0
0
1
0
1
0
0
0
0
0
0
0
0
0
1
2
1
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Sdk.
- CVE-2026-42190RedwoodSDK: Same-site CSRF in in server actions5.3
- CVE-2026-39885FrontMCP Affected by SSRF via $ref Dereferencing in Untrusted OpenAPI Specifications7.5
- CVE-2026-39371RedwoodSDK has a CSRF vulnerability in server function dispatch via GET requests8.1
- CVE-2026-3465Tuya App/SDK JSON Data Point denial of service3.1
- CVE-2025-48755In the spiral-rs crate 0.2.0 for Rust, allocation can be attempted for a ZST (zero-sized type).2.9
- CVE-2025-27839operations/attestation/AttestationTask.kt in the Tangem SDK before 5.18.3 for Android has a logic flow in offline wallet attestation (genuineness check) that causes verification results to be disre...3.2
- CVE-2024-3764Tuya SDK MQTT Packet denial of service2.7
- CVE-2022-40609IBM SDK, Java Technology Edition code execution8.1
- CVE-2019-4732IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the...6.5
- CVE-2018-1890IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 152081.5.6
- CVE-2018-1656The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting...7.4
- CVE-2017-3182On the iOS platform, the ThreatMetrix SDK versions prior to 3.2 fail to validate SSL certificates provided by HTTPS connections, which may allow an attacker to perform a man-in-the-middle (MITM) attack6.8
- CVE-2017-3210Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution7.8
- CVE-2017-1289IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive info...8.2
- CVE-2016-3956The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, ...7.5
Product normalization is registry-driven with AI assist and human review. How it works