A log of vulnerabilities DepthFirst has reported and responsibly disclosed.
- CVE-2025-59304 Swetrix Web Analytics RCE
- CVE-2025-59305 Langfuse Data Corruption and Denial of Service
- CVE-2025-59419 Netty Library Email Authentication Bypass SMTP Injection
- [CVE Pending] [Redacted database library]
- [CVE Pending] [Redacted CMS platform]
- [CVE Pending] [Redacted financial operations SaaS]
- [CVE Pending] [Fully Redacted (unpatched)]
- [CVE Pending] [Fully Redacted (unpatched)]
- [CVE Pending] [Fully Redacted (unpatched)]
Unpatched vulnerabilities remain private until vendors have had the opportunity to release fixes.