CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

39 matches found

Snyk•added 2026/02/04 5:14 a.m.•1 views

Malicious Package

Overview zalando-consent-api is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score

Exploits0References2

OSSF Malicious Packages•added 2026/02/04 5:14 a.m.•5 views

Malicious code in zalando-consent-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfebb7ed5c3e35afeff037425cd019134eb927484b619019f7d11b13d6fe59c5 The package zalando-consent-api was found to contain malicious code. Source: ghsa-malware...

5.4AI score

Exploits0References1

OSV•added 2026/02/04 5:14 a.m.•2 views

MAL-2026-729 Malicious code in zalando-consent-api (npm)

5.5AI score

Exploits0References1

OSV•added 2026/02/03 8:37 p.m.•1 views

GO-2026-4327 Skipper is vulnerable to arbitrary code execution through lua filters in github.com/zalando/skipper

Skipper is vulnerable to arbitrary code execution through lua filters in github.com/zalando/skipper...

8.8CVSS6.2AI score0.00029EPSS

Exploits1References4

Positive Technologies•added 2026/02/03 12:0 a.m.•3 views

PT-2026-6504

Skipper is vulnerable to arbitrary code execution through lua filters in github.com/zalando/skipper...

8.8CVSS6.3AI score0.00029EPSS

Exploits1References5

OSV•added 2026/02/02 9:5 p.m.•2 views

GO-2026-4378 Skipper Ingress Controller Allows Unauthorized Access to Internal Services via ExternalName in github.com/zalando/skipper

Skipper Ingress Controller Allows Unauthorized Access to Internal Services via ExternalName in github.com/zalando/skipper...

8.1CVSS5.4AI score0.00044EPSS

Exploits0References5

Snyk•added 2026/01/16 8:52 p.m.•2 views

Arbitrary Code Injection

Overview github.com/zalando/skipper is a HTTP router and reverse proxy for service composition Affected versions of this package are vulnerable to Arbitrary Code Injection via the default configuration -lua-sources=inline,file. An attacker can execute arbitrary code and access sensitive files by...

8.8CVSS6.2AI score0.00029EPSS

Exploits1References2

RedhatCVE•added 2026/01/09 10:56 a.m.•2 views

CVE-2022-38580

Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery SSRF...

9.8CVSS7AI score0.51339EPSS

Exploits3References1

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-6139

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00173EPSS

Exploits1References5

RedhatCVE•added 2025/05/22 11:3 p.m.•5 views

CVE-2022-34296

In Zalando Skipper before 0.13.218, a query predicate could be bypassed via a prepared request...

7.5CVSS6.7AI score0.00173EPSS

Exploits1References1

OSV•added 2024/08/21 3:11 p.m.•15 views

GO-2022-0494 Query predicate bypass in Zalando Skipper in github.com/zalando/skipper

Query predicate bypass in Zalando Skipper in github.com/zalando/skipper...

7.5CVSS7.5AI score0.00173EPSS

Exploits1References5

OSSF Malicious Packages•added 2023/05/11 7:1 a.m.•2 views

Malicious code in zalando-tech-radar (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 93bcc871674553b866c3bc29c32b5fab13985f16987aab59fd1869d00d6b1359 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score

Exploits0References1

OSV•added 2023/05/11 7:1 a.m.•13 views

MAL-2023-1006 Malicious code in zalando-tech-radar (npm)

7AI score

Exploits0References1

OSV•added 2022/11/02 11:44 p.m.•25 views

GO-2022-1086 Server-side request forger via X-Skipper-Proxy in github.com/zalando/skipper

An attacker can access the internal metadata server or other unauthenticated URLs by adding a specific header X-Skipper-Proxy to the http request...

9.8CVSS9.4AI score0.51339EPSS

Exploits3References3

Veracode•added 2022/10/26 2:4 a.m.•17 views

Server-side Request Forgery (SSRF)

github.com/zalando/skipper is vulnerable to server-side request forgery. The vulnerability exists because proxy.go does not properly pass URLs via the request context, allowing an attacker to redirect to the malicious URLs through the X-Skipper-Proxy header...

9.8CVSS8.9AI score0.51339EPSS

Exploits3References7Affected Software1

OSV•added 2022/10/25 8:22 p.m.•23 views

GHSA-F2RJ-M42R-6JM2 Skipper vulnerable to SSRF via X-Skipper-Proxy

Impact Skipper prior to version v0.13.236 is vulnerable to server-side request forgery SSRF. An attacker can exploit a vulnerable version of proxy to access the internal metadata server or other unauthenticated URLs by adding an specific header X-Skipper-Proxy to the http request. Patches The...

9.8CVSS9.5AI score0.51339EPSS

Exploits3References12