Lucene search
K
SnykMost viewed

35669 matches found

Snyk
Snyk
•added 2026/06/17 7:13 a.m.•15 views

Missing Authentication for Critical Function

Overview nltk is a Natural Language Toolkit NLTK is a Python package for natural language processing. Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the nltk.app.wordnetapp module. An attacker can cause the server to shut down and disrupt...

7.5CVSS7.1AI score0.00325EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/15 8:23 p.m.•15 views

Improper Validation of Specified Quantity in Input

Overview python-multipart is an A streaming multipart parser for Python Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input in the parseform function when processing a negative Content-Length header. An attacker can cause excessive memory usage b...

6.3CVSS5.4AI score0.00217EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/12 8:12 p.m.•15 views

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via the multiPartHeader function when untrusted input is provided via field or filename to FormDataappend. An attacker can inject additional headers or multipart parts by including carriage returns, line feeds, or double...

8.7CVSS5.4AI score0.00409EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/12 2:32 p.m.•15 views

Malicious Package

Overview ecto-flag-read-m7p2 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/11 4:23 p.m.•15 views

Malicious Package

Overview ioredis-orm is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/11 3:20 p.m.•15 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via improper validation of the Host header when parsing raw HTTP request messages or deriving a server request URI from server variables. An attacker can manipulate the Host header to include URI authori...

6.9CVSS5.4AI score0.00198EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/10 11:12 p.m.•15 views

Improper Resource Shutdown or Release

Overview boxlite is a Python bindings for Boxlite runtime Affected versions of this package are vulnerable to Improper Resource Shutdown or Release due to improper handling of process termination signals in the timeout mechanism by using the catchable SIGALRM signal instead of the uncatchable...

7.1CVSS5.4AI score0.00268EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/10 2:33 p.m.•15 views

Malicious Package

Overview security-env-loader is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/10 8:27 a.m.•15 views

Embedded Malicious Code

Overview @builder.io/dev-tools is a Builder.io Visual CMS Devtools Affected versions of this package are vulnerable to Embedded Malicious Code. The affected version contains malicious code, and its content was removed from the official package manager. While this package might be attempting to...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/09 6:36 p.m.•15 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the handling of raw data arguments in IMAP commands such as criteria, searchkeys and attr. An attacker can execute arbitrary IMAP commands by injecting CRLF sequences into user-controlled input, which are...

8.3CVSS6.2AI score0.00491EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/09 6:28 p.m.•15 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in ASN1mbstringncopy and ASN1mbstringcopy. An attacker supplying input on the order of 2^30 characters can overflow the signed int destination size computation for Unicode output, wrapping the allocation size ...

8.1CVSS7.2AI score0.00358EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/09 2:17 p.m.•15 views

Malicious Package

Overview @doaction/http is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.5AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/06 9:0 p.m.•15 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

9.8CVSS5.6AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/06 9:0 p.m.•15 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/05 4:14 p.m.•15 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the NTFS handler that miscalculates compression-unit buffer size in GetCuSize function. An attacker can achieve arbitrary code execution or application crash by sending data with specially crafted...

8.8CVSS6.4AI score0.00938EPSS
Exploits1References4
Snyk
Snyk
•added 2026/06/05 2:4 p.m.•15 views

Malicious Package

Overview glyphr is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.5AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/04 2:55 p.m.•15 views

Improper Authorization

Overview better-auth is a The most comprehensive authentication library for TypeScript. Affected versions of this package are vulnerable to Improper Authorization in the deviceAuthorization plugin. An attacker can gain unauthorized access to a device or deny legitimate user sign-in by submitting ...

8.4CVSS5.6AI score0.00017EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/03 9:34 p.m.•15 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error via the cookies parameter, which is processed by connectandsendrequest in client.py. An attacker who can control a redirect on a request that passes cookies on a per-request basis can expose data from those...

8.7CVSS5.5AI score0.0015EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/03 9:0 p.m.•15 views

Malicious Package

Overview midpatch is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.5AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/03 8:56 p.m.•15 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the CookieJar.load function. A user who convinces another user to load a malicious serialized object can cause the execution of arbitrary code. Details Serialization is a process of converting an...

7.3CVSS5.8AI score0.00128EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/02 9:0 p.m.•15 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

9.8CVSS5.6AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/02 9:0 p.m.•15 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

9.8CVSS5.6AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/02 9:0 p.m.•15 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

9.8CVSS5.6AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/02 9:0 p.m.•15 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

9.8CVSS5.6AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/01 9:0 p.m.•15 views

Malicious Package

Overview abuden26 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertising...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/01 9:0 p.m.•15 views

Malicious Package

Overview app-config-utility is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between those...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/01 9:0 p.m.•15 views

Malicious Package

Overview nottuff25 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisin...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/01 9:0 p.m.•15 views

Malicious Package

Overview nottuff3 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertising...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/01 9:0 p.m.•15 views

Malicious Package

Overview ishowfeet20 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/01 9:0 p.m.•15 views

Malicious Package

Overview nottuff29 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisin...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/01 9:10 a.m.•15 views

Malicious Package

Overview collected-forms-embed-js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/31 9:0 p.m.•15 views

Malicious Package

Overview @cloudplatform-single-spa/container-registry is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/31 9:0 p.m.•15 views

Malicious Package

Overview @cloudplatform-single-spa/vpc is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/31 9:0 p.m.•15 views

Malicious Package

Overview @cloudplatform-single-spa/corax is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and th...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/31 9:0 p.m.•15 views

Malicious Package

Overview @cloudplatform-single-spa/static-page is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/31 9:0 p.m.•15 views

Malicious Package

Overview @cloudplatform-single-spa/svp-gitaas is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization a...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/31 9:0 p.m.•15 views

Malicious Package

Overview @cloudplatform-single-spa/vdi is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/29 11:52 p.m.•15 views

Malicious Package

Overview @t-in-one/saveapplicationhidtostorage is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/29 11:52 p.m.•15 views

Malicious Package

Overview @t-in-one/formproducttoken is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/29 11:52 p.m.•15 views

Malicious Package

Overview @t-in-one/addappmiddlewaretoken is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and th...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/29 10:54 p.m.•15 views

Malicious Package

Overview @cloudplatform-single-spa/ml-ai-agents-agent-system is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/29 10:54 p.m.•15 views

Malicious Package

Overview @cloudplatform-single-spa/ml-ai-agents-agent is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/29 10:4 p.m.•15 views

Malicious Package

Overview ally-json-threat-protect is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/29 10:2 p.m.•15 views

Malicious Package

Overview raven-i18n-react is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/29 10:2 p.m.•15 views

Malicious Package

Overview apexomni-node is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/29 9:15 p.m.•15 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the Decoding process of BMP files containing a palette with out-of-range indices. An attacker can cause a panic and potentially disrupt application availability by supplying a crafted BMP file with invalid palette...

7.1CVSS5.8AI score0.00384EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/29 9:14 p.m.•15 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the decoding process. An attacker can cause application crashes or bypass memory allocation limits by supplying specially crafted Avro data that exploits integer arithmetic errors during decoding...

8.7CVSS5.8AI score0.00397EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/29 7:43 p.m.•15 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the parsing of maliciously crafted Git repository data, such as .pack, .idx, or loose objects. An attacker can cause the application to panic by providing a payload that excee...

6.9CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/29 5:38 p.m.•15 views

Improper Validation of Array Index

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Improper Validation of Array Index through the defaultSandboxPrepareStackTrace function in lib/setup-sandbox.js. An attacker can observe or rewrite...

3.2CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/29 6:37 a.m.•15 views

Malicious Package

Overview tiny-naturalsort is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Total number of security vulnerabilities5000