Lucene search
K
SnykMost viewed

35491 matches found

snyk
snyk
added 2026/03/23 10:34 p.m.9 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in the IPC API process when spurious data is provided by an unprivileged local user. An attacker can cause the system to freeze or overwrite the stack by sending crafted IPC API calls. Remediation A fix was...

7.8CVSS5.9AI score0.00121EPSS
Exploits0References2
snyk
snyk
added 2026/03/23 9:48 p.m.9 views

Open Redirect

Overview h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to Open Redirect via the redirectBack function. An attacker can cause users to be redirected to an external, attacker-controlled domain by crafting a URL with a...

5.4CVSS5.8AI score
Exploits0References2
snyk
snyk
added 2026/03/23 6:14 p.m.9 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the ULNASTransport message handler when processing malformed messages that lack a Request Type. An attacker can cause the application to panic and potentially disrupt service by sending specially crafted...

7.5CVSS5.9AI score0.00365EPSS
Exploits0References3
snyk
snyk
added 2026/03/23 1:47 p.m.9 views

Malicious Package

Overview pulse-shop-section is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
snyk
snyk
added 2026/03/20 10:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...

9.8CVSS5.8AI score
Exploits0References2
snyk
snyk
added 2026/03/20 8:46 p.m.9 views

Improper Cleanup on Thrown Exception

Overview Affected versions of this package are vulnerable to Improper Cleanup on Thrown Exception when cleaning up tmp files. Temporary storage can be exhausted during the scanning process by an attacker providing large or highly compressed artifacts, leading to the accumulation of temporary file...

6.9CVSS5.8AI score0.00408EPSS
Exploits0References2
snyk
snyk
added 2026/03/20 8:45 p.m.9 views

Information Exposure

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Information Exposure via the watch parameter in LiveQuery subscriptions targeting protected fields. An attacker can infer...

6.3CVSS5.8AI score0.00316EPSS
Exploits0References2
snyk
snyk
added 2026/03/20 8:45 p.m.9 views

Cross-site Scripting (XSS)

Overview @pdfme/schemas is a TypeScript base PDF generator and React base UI. Open source, developed by the community, and completely free to use under the MIT license! Affected versions of this package are vulnerable to Cross-site Scripting XSS in the multiVariableText property panel when...

5.5CVSS5.7AI score
Exploits0References2
snyk
snyk
added 2026/03/20 4:45 a.m.9 views

Malicious Package

Overview kyxhiagent is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
snyk
snyk
added 2026/03/20 4:42 a.m.9 views

Malicious Package

Overview mtpdb is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
snyk
snyk
added 2026/03/20 4:35 a.m.9 views

Malicious Package

Overview spstargm is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
snyk
snyk
added 2026/03/19 11:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...

9.8CVSS5.8AI score
Exploits0References2
snyk
snyk
added 2026/03/19 11:0 p.m.9 views

Embedded Malicious Code

Overview @emilgroup/commission-sdk-node is an A new version of the package Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released...

9.8CVSS5.8AI score
Exploits0References2
snyk
snyk
added 2026/03/19 3:16 p.m.9 views

Malicious Package

Overview tokenshower is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS5.8AI score
Exploits0References2
snyk
snyk
added 2026/03/18 8:49 p.m.9 views

Information Exposure

Overview Glances is an A cross-platform curses-based monitoring tool Affected versions of this package are vulnerable to Information Exposure via the /api/4/serverslist endpoint in Central Browser mode. An attacker can obtain reusable credentials for downstream servers by accessing unauthenticate...

9.3CVSS5.8AI score0.00472EPSS
Exploits1References2
snyk
snyk
added 2026/03/18 6:31 p.m.9 views

UNIX Symbolic Link (Symlink) Following

Overview org.jenkins-ci.main:jenkins-core is an open source automation server. Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following during the extraction of .tar and .tar.gz archives when symbolic links are present. An attacker can create or overwrite arbitrary...

8.8CVSS5.9AI score0.01161EPSS
Exploits0References3
snyk
snyk
added 2026/03/18 4:10 p.m.9 views

Cross-site Scripting (XSS)

Overview @pdfme/schemas is a TypeScript base PDF generator and React base UI. Open source, developed by the community, and completely free to use under the MIT license! Affected versions of this package are vulnerable to Cross-site Scripting XSS via the selectElement.innerHTML method. An attacker...

6.1CVSS5.8AI score
Exploits0References2
snyk
snyk
added 2026/03/18 4:41 a.m.9 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the proxy module due to blindly trusting ExternalIPs/LoadBalancer IPs. An attacker can redirect cluster-wide network traffic or disrupt DNS services by assigning arbitrary external IPs or loadBalancer IPs withou...

7.1CVSS6AI score0.00297EPSS
Exploits1References2
snyk
snyk
added 2026/03/18 12:14 a.m.9 views

Malicious Package

Overview @atticuss-sra/test-pkg-x4 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.4AI score
Exploits0References2
snyk
snyk
added 2026/03/17 5:7 p.m.9 views

Improper Encoding or Escaping of Output

Overview jspdf is a PDF Document creation from JavaScript Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the createAnnotation method, whose color parameter can be injected with script objects. An attacker can inject PDF objects as freetext...

8.1CVSS5.8AI score0.00356EPSS
Exploits0References2
snyk
snyk
added 2026/03/17 3:29 p.m.9 views

Missing Origin Validation in WebSockets

Overview next is a react framework. Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets in the internal dev endpoint when the Origin header is set to null. An attacker can interact with internal development websocket traffic by connecting from...

5.4CVSS5.8AI score0.00171EPSS
Exploits1References2
snyk
snyk
added 2026/03/17 12:48 p.m.9 views

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource in the /ui/dependencies endpoint, which returns the complete DAG dependency graph without verifying authorized DAG IDs. An attacker can gain unauthorized access to information about...

5.3CVSS5.8AI score0.0044EPSS
Exploits0References2
snyk
snyk
added 2026/03/17 12:46 p.m.9 views

Exposure of Resource to Wrong Sphere

Overview apache-airflow-providers-keycloak is a Provider package apache-airflow-providers-keycloak for Apache Airflow Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere due to improper handling of the session token cookie path. An attacker can gain unauthoriz...

9.3CVSS5.8AI score0.00677EPSS
Exploits0References2
snyk
snyk
added 2026/03/16 8:27 p.m.9 views

Out-of-bounds Read

Overview github.com/shamaton/msgpack/v3/time is a None Affected versions of this package are vulnerable to Out-of-bounds Read. via the Unmarshal, UnmarshalAsMap, UnmarshalAsArray, and Marshal functions, which invoke Decode. An attacker can cause a panic with truncated fixext data that triggers an...

8.7CVSS6.7AI score0.01036EPSS
Exploits2References3
snyk
snyk
added 2026/03/16 6:13 p.m.9 views

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via the ElementIndexesController and FieldsController components. An attacker can execute arbitrary code by...

8.6CVSS6.2AI score0.00515EPSS
Exploits0References2
snyk
snyk
added 2026/03/16 12:4 a.m.9 views

Malicious Package

Overview up2-daemon is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
snyk
snyk
added 2026/03/13 8:39 p.m.9 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow when parsing Huffman tables in JPEG files. An attacker can execute arbitrary code by supplying a specially crafted JPEG file. Remediation Upgrade gstreamer to version 1.28.1 or higher. References - GitLab Comm...

8.4CVSS7.5AI score0.00787EPSS
Exploits0References3
snyk
snyk
added 2026/03/13 6:56 p.m.9 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the chunked upload completion. An attacker can exhaust server storage and circumvent administrative resource policies by uploading files exceeding the configured per-request size...

5.3CVSS5.8AI score0.00253EPSS
Exploits0References2
snyk
snyk
added 2026/03/13 6:55 p.m.9 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal through a discrepancy in path normalization between protocol handlers and internal routing. An attacker can bypass folder-level permissions or escape the boundaries of a configured virtual folder by crafting specific...

8.1CVSS6.3AI score0.00521EPSS
Exploits0References2
snyk
snyk
added 2026/03/12 10:39 p.m.9 views

Stack-based Buffer Overflow

Overview Magick.NET-Q8-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.7CVSS5.8AI score0.00096EPSS
Exploits0References2
snyk
snyk
added 2026/03/12 8:17 p.m.9 views

CRLF Injection

Overview org.webjars.npm:undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to CRLF Injection via the upgrade option of the client.request function. An attacker can inject malicious data into HTTP headers or prematurely terminate HTT...

6.5CVSS5.8AI score0.00256EPSS
Exploits0References2
snyk
snyk
added 2026/03/12 4:23 p.m.9 views

Malicious Package

Overview jam3 is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The package uses...

9.8CVSS5.9AI score
Exploits0References3
snyk
snyk
added 2026/03/12 4:23 p.m.9 views

Malicious Package

Overview transform-for-of is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The...

9.8CVSS5.9AI score
Exploits0References3
snyk
snyk
added 2026/03/12 4:23 p.m.9 views

Malicious Package

Overview declaration-block-no-ignored-properties is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it...

9.8CVSS5.9AI score
Exploits0References3
snyk
snyk
added 2026/03/12 4:23 p.m.9 views

Malicious Package

Overview require-in-package is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The...

9.8CVSS5.9AI score
Exploits0References3
snyk
snyk
added 2026/03/12 2:21 p.m.9 views

Authentication Bypass by Alternate Name

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Authentication Bypass by Alternate Name in the Microsoft Teams group sender authorization process when a route allowlist is configured and the sender allowlist is empty. An attacker can...

6.9CVSS5.8AI score0.00267EPSS
Exploits0References2
snyk
snyk
added 2026/03/12 2:16 p.m.9 views

Heap-based Buffer Overflow

Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7CVSS5.9AI score0.00099EPSS
Exploits0References2
snyk
snyk
added 2026/03/12 2:16 p.m.9 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-HDRI-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7CVSS5.9AI score0.00099EPSS
Exploits0References2
snyk
snyk
added 2026/03/12 2:12 p.m.9 views

Access of Uninitialized Pointer

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

8.7CVSS5.8AI score0.00353EPSS
Exploits0References3
snyk
snyk
added 2026/03/12 2:9 p.m.9 views

Use After Free

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.5CVSS5.9AI score0.00243EPSS
Exploits0References2
snyk
snyk
added 2026/03/12 2:9 p.m.9 views

Use After Free

Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.5CVSS5.9AI score0.00243EPSS
Exploits0References2
snyk
snyk
added 2026/03/12 2:9 p.m.9 views

Heap-based Buffer Overflow

Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.2CVSS5.8AI score0.00113EPSS
Exploits0References2
snyk
snyk
added 2026/03/12 2:8 p.m.9 views

Stack-based Buffer Overflow

Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

8.6CVSS5.9AI score0.00108EPSS
Exploits0References2
snyk
snyk
added 2026/03/11 9:11 p.m.9 views

Allocation of Resources Without Limits or Throttling

Overview Microsoft.AspNetCore.App.Runtime.win-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling ...

8.7CVSS5.8AI score0.02818EPSS
Exploits0References2
snyk
snyk
added 2026/03/11 9:11 p.m.9 views

Allocation of Resources Without Limits or Throttling

Overview Microsoft.AspNetCore.App.Runtime.linux-musl-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or...

8.7CVSS5.8AI score0.02818EPSS
Exploits0References2
snyk
snyk
added 2026/03/11 6:19 a.m.9 views

Malicious Package

Overview mui-path-imports is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
snyk
snyk
added 2026/03/10 9:5 p.m.9 views

Out-of-bounds Write

Overview Magick.NET-Q16-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.6CVSS6AI score0.00123EPSS
Exploits0References2
snyk
snyk
added 2026/03/10 9:5 p.m.9 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in Magickpngwriterawprofile in the PNG encoder. An attacker can cause a heap buffer over-write and disrupt application availability or alter program behavior by supplying an image with an extremely large profile...

8.6CVSS5.9AI score0.00123EPSS
Exploits0References2
snyk
snyk
added 2026/03/10 9:5 p.m.9 views

Out-of-bounds Write

Overview Magick.NET-Q8-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.6CVSS6AI score0.00123EPSS
Exploits0References2
snyk
snyk
added 2026/03/10 9:5 p.m.9 views

Out-of-bounds Write

Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

8.6CVSS6AI score0.00123EPSS
Exploits0References2
Total number of security vulnerabilities5000