Package impact
RubyGems / openc3
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42087 | critical | 9.6 | 9.6 | 1mo ago | OpenC3 COSMOS has SQL Injection in QuestDB Time-Series Database | |||
| CVE-2026-42084 | high | 8.1 | 8.1 | 1mo ago | OpenC3 COSMOS: Hijacked session token can be used to reset password for persistence | |||
| CVE-2026-42086 | medium | 4.6 | 4.6 | 1mo ago | OpenC3 COSMOS is Vulnerable to Self-XSS Through the Command Sender | |||
| CVE-2026-42085 | medium | 4.3 | 4.3 | 1mo ago | OpenC3 COSMOS allows arbitrary writes to plugins directory via path-traversed config filenames |