Lucene search
K

4 matches found

Snyk
Snyk
added 2026/04/08 12:7 a.m.9 views

Arbitrary Argument Injection

Overview skilleton is a Skills skeleton: deterministic AI skill dependency manager Affected versions of this package are vulnerable to Arbitrary Argument Injection via improper handling of repository and path input in the normalizeRepoUrl function. An attacker can cause unsafe or inefficient...

6.9CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/01/01 6:38 a.m.1 views

Allocation of Resources Without Limits or Throttling

Overview nlsq is a GPU/TPU accelerated nonlinear least-squares curve fitting using JAX Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to missing input size validation for arrays and Jacobians. An attacker can cause memory exhaustion by...

5.3CVSS6.7AI score
Exploits0References3
Snyk
Snyk
added 2025/08/22 4:50 p.m.2 views

CSV Injection

Overview Affected versions of this package are vulnerable to CSV Injection via the Quick Export process. An attacker can execute arbitrary commands on the victim's machine by injecting malicious formulas into fields that are later exported to CSV and opened in spreadsheet applications. This is on...

8.8CVSS7.8AI score0.00576EPSS
Exploits1References2
Snyk
Snyk
added 2025/06/05 6:30 a.m.4 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection through multiple vector store integrations. An attacker can read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the library in a web application...

9.8CVSS8AI score0.00581EPSS
Exploits1References2
Rows per page
Query Builder