Lucene search
K
SnykMost viewed

35669 matches found

Snyk
Snyk
•added 2026/06/01 9:0 p.m.•14 views

Malicious Package

Overview ratelimitsucks is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/01 9:0 p.m.•14 views

Malicious Package

Overview kirkland is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertising...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/01 9:0 p.m.•14 views

Malicious Package

Overview ratelimitsucks10 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/01 9:0 p.m.•14 views

Malicious Package

Overview abuden226 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisin...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/01 9:0 p.m.•14 views

Malicious Package

Overview ratelimitsucks4 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/01 9:0 p.m.•14 views

Malicious Package

Overview nottuff15 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisin...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/01 9:0 p.m.•14 views

Malicious Package

Overview nottuff20 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisin...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/01 9:0 p.m.•14 views

Malicious Package

Overview nottuff7 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertising...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/01 9:0 p.m.•14 views

Malicious Package

Overview nottuff21 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisin...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/01 9:0 p.m.•14 views

Malicious Package

Overview abuden2 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertising...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/01 9:0 p.m.•14 views

Malicious Package

Overview opensearch-config-utility is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between those...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/31 9:0 p.m.•14 views

Malicious Package

Overview @cloudplatform-single-spa/smk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/31 9:0 p.m.•14 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/31 9:0 p.m.•14 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/31 9:0 p.m.•14 views

Malicious Package

Overview @cloudplatform-single-spa/iam is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/31 9:0 p.m.•14 views

Malicious Package

Overview @cloudplatform-single-spa/clickhouse is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization a...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/31 9:0 p.m.•14 views

Malicious Package

Overview @cloudplatform-single-spa/profile is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/29 11:52 p.m.•14 views

Malicious Package

Overview @t-in-one/safelocalstoragetoken is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and th...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/29 11:52 p.m.•14 views

Malicious Package

Overview @t-in-one/prefillbundledatatoken is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/29 11:52 p.m.•14 views

Malicious Package

Overview @t-in-one/getapplicationhid is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/29 11:52 p.m.•14 views

Malicious Package

Overview @t-in-one/addapplicationservicetoken is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization a...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/29 11:52 p.m.•14 views

Malicious Package

Overview @t-in-one/applicationidstoragekeytoken is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/29 10:54 p.m.•14 views

Malicious Package

Overview @cloudplatform-single-spa/support is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/29 10:54 p.m.•14 views

Malicious Package

Overview @cloudplatform-single-spa/cnapp-ui is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/29 10:54 p.m.•14 views

Malicious Package

Overview @cloudplatform-single-spa/cp-api-gw is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization an...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/29 10:54 p.m.•14 views

Malicious Package

Overview @cloudplatform-single-spa/monitoring is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization a...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/29 10:54 p.m.•14 views

Malicious Package

Overview @cloudplatform-single-spa/logaas is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/29 10:4 p.m.•14 views

Malicious Package

Overview @citi-icg-158830/icgds-react-css is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/29 10:3 p.m.•14 views

Malicious Package

Overview otawebadmin is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/29 10:3 p.m.•14 views

Malicious Package

Overview ethers-abstract-signer is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/29 10:2 p.m.•14 views

Malicious Package

Overview @clearpool/streaming is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/29 10:2 p.m.•14 views

Malicious Package

Overview @timelycare/api is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/29 5:40 p.m.•14 views

Improper Control of Dynamically-Managed Code Resources

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources via the localPromise constructor in lib/setup-sandbox.js. An attacker can obtain a host-realm...

10CVSS6AI score0.0051EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/29 5:22 p.m.•14 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the exec approver gate process. An attacker can gain unauthorized approval capabilities by leveraging limited exec approval permissions to bypass intended...

4.3CVSS5.8AI score0.00173EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/28 10:46 p.m.•14 views

Improper Handling of Case Sensitivity

Overview tuf is a secure updater framework for Python. Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity due to platform-dependent behavior in the DelegatedRole.istargetinpathpattern function. An attacker can bypass intended access restrictions by exploitin...

5.1CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/28 6:24 p.m.•14 views

HTTP Request Smuggling

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to HTTP Request Smuggling via the app.mount function. An attacker can access unintended routes or resources by sending requests with percent-encoded multi-byte characters in the URL path,...

6.9CVSS5.8AI score0.0026EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/28 4:50 p.m.•14 views

Allocation of Resources Without Limits or Throttling

Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the layout mode text extraction process when handling PDFs with large...

5.5CVSS5.8AI score0.00127EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/28 1:39 p.m.•14 views

Malicious Package

Overview @service-user-notifications/setrefreshinterval is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/28 1:39 p.m.•14 views

Malicious Package

Overview @service-suppliers/suppliers is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/27 6:24 p.m.•14 views

Arbitrary Code Injection

Overview liquidjs is an A simple, expressive, safe and Shopify compatible template engine in pure JavaScript. Affected versions of this package are vulnerable to Arbitrary Code Injection via the filters and tags registries in Liquid. An attacker can trigger arbitrary inherited Object.prototype...

10CVSS6AI score0.00089EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/27 1:25 p.m.•14 views

Malicious Package

Overview skills-detector is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/26 11:39 p.m.•14 views

LDAP Injection

Overview Affected versions of this package are vulnerable to LDAP Injection via the LdapAuthModule process. An attacker can gain unauthorized access to user accounts by injecting specially crafted input into the username parameter during LDAP authentication. Note: This is only exploitable if the...

5.3CVSS5.5AI score0.01027EPSS
Exploits3References2
Snyk
Snyk
•added 2026/05/26 12:4 p.m.•14 views

Malicious Package

Overview jsonlogbundler is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/25 8:54 a.m.•14 views

Malicious Package

Overview auth0-aspnetcore-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/25 8:49 a.m.•14 views

Malicious Package

Overview vite-plugin-env-compat-plus is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/25 8:20 a.m.•14 views

Malicious Package

Overview explorhub-sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/25 7:6 a.m.•14 views

Malicious Package

Overview chai-as-buffer is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/24 8:47 p.m.•14 views

Directory Traversal

Overview tpwd/kesearch is a search extension for TYPO3, including faceting search functions. Affected versions of this package are vulnerable to Directory Traversal due to the file indexer failing to normalize the configured directory path. A backend user with permission to edit indexer...

5.9CVSS6.3AI score0.00404EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/23 9:0 p.m.•14 views

Malicious Package

Overview git-config-sync is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package was linked to a supply chain attack and contained code designed to steal developer secrets, crypto wallets, SSH keys, and cloud...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/23 3:46 p.m.•14 views

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow via the NGReset Message Handler process. An attacker can cause memory corruption and potentially impact confidentiality, integrity, and availability by sending specially crafted messages remotely. Remediation Upgrade...

6.5CVSS6.6AI score0.00228EPSS
Exploits0References2
Total number of security vulnerabilities5000