ROOT-APP-NPM-SNYK-JS-AXIOS-6144788 SNYK-JS-AXIOS-6144788 in @rootio/axios - Patched by Root

Root has patched SNYK-JS-AXIOS-6144788 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

EUVD-2023-1960

Malicious code in bioql PyPI...

vulnerabilitydb

This is a public vulnerability database repository for Snyk, a tool that helps find and fix known vulnerabilities in Node.js dependencies. The repository contains a list of folders for vulnerable npm packages, each with a subfolder for a specific date YYYYMMDD containing data files. The data is...

@adobe/helix-cli (>=0.10.6 <=0.13.4-pre.13), @koa_web/boot (=2.0.9) +19 more potentially affected by CVE-2025-6624 via snyk (>=0.5.0 <=1.1297.1)

snyk NPM version =0.5.0, =0.10.6, =1.456.660, =1.0.5, =1.0.7, =0.1.1, =1.3.6, =2.0.0, =0.1.6, =0.0.1, =0.0.29, =2.9.2, =2.9.3 and more Source cves: CVE-2025-6624 Source advisory: OSV:GHSA-6HWC-9H8R-3VMF...

CVE-2025-6624

Versions of the package snyk before 1.1297.3 are vulnerable to Insertion of Sensitive Information into Log File through local Snyk CLI debug logs. Container Registry credentials provided via environment variables or command line arguments can be exposed when executing Snyk CLI in DEBUG or...

CVE-2025-6624

Versions of the package snyk before 1.1297.3 are vulnerable to Insertion of Sensitive Information into Log File through local Snyk CLI debug logs. Container Registry credentials provided via environment variables or command line arguments can be exposed when executing Snyk CLI in DEBUG or...

CVE-2025-6624

Versions of the package snyk before 1.1297.3 are vulnerable to Insertion of Sensitive Information into Log File through local Snyk CLI debug logs. Container Registry credentials provided via environment variables or command line arguments can be exposed when executing Snyk CLI in DEBUG or...

CVE-2025-6624

Affected software: Snyk CLI. Vulnerability: Insertion of Sensitive Information into Log File when running in DEBUG/TRACE modes. Versions prior to 1.1297.3 are affected. Details: container commands (snyk container test/monitor) can disclose registry credentials via environment variables SNYK_REGIS...

Insertion of Sensitive Information into Log File

Overview snyk is an advanced tool that scans and monitors projects for security vulnerabilities. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File through local Snyk CLI debug logs. Container Registry credentials provided via environment variable...

tarteaucitron Cross-site Scripting (XSS)

Versions of the package tarteaucitronjs before 1.17.0 are vulnerable to Cross-site Scripting XSS via the getElemWidth and getElemHeight. This is related to SNYK-JS-TARTEAUCITRONJS-8366541...

@remy/protect-test (>=1.0.5 <=1.0.10), addons-linter (>=1.3.6 <=1.4.0) +2 more potentially affected by CVE-2022-24441 via snyk (>=0.5.0 <=1.105.0)

snyk NPM version =0.5.0, =1.0.5, =1.3.6, =1.4.0 - imagemin-gm =2.0.1 - web-ext =2.9.2 Source cves: CVE-2022-24441 Source advisory: OSV:GHSA-4VRV-93C7-M92J...

CVE-2022-24441 Code Injection

The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privileges of the applicatio...

CVE-2022-22984 Command Injection

The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin before 1.24.2; the package snyk-docker-plugin...

20ful (>=0.2.1 <=0.3.5), @a2r/telemetry (>=1.0.40 <=1.0.41) +1318 more potentially affected by CVE-2022-40764 via snyk (>=0.5.0 <=1.96.0)

snyk NPM version =0.5.0, =0.2.1, =1.0.40, =0.0.2, =2.0.8, =1.1.2, =2.1.0, =1.5.1, =1.11.0, =0.0.1-SNAPSHOT.4, =0.3.0-SNAPSHOT.293, =1.0.0, =0.8.1-pre.3, =6.1.4 and more Source cves: CVE-2022-40764 Source advisory: OSV:GHSA-HPQJ-7CJ6-HFJ8...

addons-linter (>=1.3.6 <=1.4.0), imagemin-gm (=2.0.1) +1 more potentially affected by CVE-2022-22984 +1 more via snyk (>=1.103.2 <=1.105.0)

snyk NPM version =1.103.2, =1.3.6, =1.4.0 - imagemin-gm =2.0.1 - web-ext =2.9.2 Source cves: CVE-2022-22984, CVE-2022-40764 Source advisory: SNYK:JS-SNYK-3038622...

addons-linter (>=1.3.6 <=1.4.0), imagemin-gm (=2.0.1) +1 more potentially affected by CVE-2022-24441 +1 more via snyk (>=1.103.2 <=1.105.0)

snyk NPM version =1.103.2, =1.3.6, =1.4.0 - imagemin-gm =2.0.1 - web-ext =2.9.2 Source cves: CVE-2022-24441, CVE-2022-40764 Source advisory: SNYK:JS-SNYK-3111871...

@candrewsintegralblue/snyk (=0.0.4), @commerce-apps/raml-toolkit (>=0.5.8 <=0.5.10) +2 more potentially affected by CVE-2022-22984 +1 more via @snyk/snyk-hex-plugin (>=1.0.0 <=1.1.4)

@snyk/snyk-hex-plugin NPM version =1.0.0, =0.5.8, =3.0.3-beta.1, =1.520.0, =1.684.0 Source cves: CVE-2022-22984, CVE-2022-40764 Source advisory: SNYK:JS-SNYKSNYKHEXPLUGIN-3039680...

Code Injection

Overview snyk is a advanced tool that scans and monitors projects for security vulnerabilities. Affected versions of this package are vulnerable to Code Injection. when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such a...

Fedora 27 : nodejs-base64-url (2018-6f962c5533)

Security fix for https://snyk.io/vuln/npm:base64url:20180511 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing addition...