Lucene search
K
SnykMost viewed

35669 matches found

Snyk
Snyk
added 2026/05/18 8:37 p.m.14 views

Out-of-bounds Write

Overview Magick.NET-Q16-HDRI-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.2CVSS5.9AI score0.00116EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/18 8:37 p.m.14 views

Uncontrolled Recursion

Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.9CVSS5.8AI score0.0012EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 8:37 p.m.14 views

Use After Free

Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.5CVSS5.8AI score0.00301EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 8:37 p.m.14 views

Use After Free

Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.5CVSS5.8AI score0.00301EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 8:36 p.m.14 views

Out-of-bounds Write

Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

8.7CVSS5.8AI score0.00441EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/18 8:33 p.m.14 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion due to insufficient validation in the MNG decoder. An attacker can cause excessive resource consumption by submitting specially crafted image files that bypass the intended list limit policy. Remediation A fix was...

7.5CVSS5.8AI score0.00441EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/18 8:33 p.m.14 views

Uncontrolled Recursion

Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.5CVSS5.8AI score0.00441EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/18 8:33 p.m.14 views

Improper Validation of Array Index

Overview Magick.NET-Q16-HDRI-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

5.1CVSS5.8AI score0.0012EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/18 7:8 p.m.14 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the ExtractRelativeToDirectoryAsync path handling in src/libraries/System.Formats.Tar/src/System/Formats/Tar/TarEntry.cs. An attacker can create a tar archive that extracts a symbolic link whose target is a roote...

6.3CVSS6.3AI score0.00711EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 5:52 p.m.14 views

UNIX Symbolic Link (Symlink) Following

Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following during docker cp mount setup due to the switching from GetResourcePath and to createIfNotExists method that has no absolute path checks. An attacker can create empty files or directories at arbitrary...

6.1CVSS5.9AI score0.00108EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 5:48 p.m.14 views

Improper Validation of Array Index

Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

7.1CVSS5.9AI score0.00122EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/18 5:48 p.m.14 views

Improper Validation of Array Index

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.1CVSS5.9AI score0.00122EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/18 5:48 p.m.14 views

Improper Validation of Array Index

Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.1CVSS5.9AI score0.00122EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/18 5:34 p.m.14 views

Access Control Bypass

Overview sulu/sulu is a highly extensible open-source PHP content management system based on the Symfony framework. Affected versions of this package are vulnerable to Access Control Bypass in the users endpoint controller, which exposes the apiKey field to logged-in users who have permission for...

3.1CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/18 3:31 p.m.14 views

Integer Underflow (Wrap or Wraparound)

Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

5.1CVSS5.8AI score0.0012EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/18 3:31 p.m.14 views

Integer Underflow (Wrap or Wraparound)

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

5.1CVSS5.8AI score0.0012EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/18 9:10 a.m.14 views

Malicious Package

Overview parse-escape-regex-string is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/17 9:0 p.m.14 views

Malicious Package

Overview nicegui is a malicious package. This package contains malicious code designed to steal sensitive credentials and establish remote access. While these packages might attempt to impersonate legitimate organizations and popular open-source libraries, there is no connection between those...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/05/15 5:53 p.m.14 views

Server-side Request Forgery (SSRF)

Overview @budibase/backend-core is a Budibase backend core libraries used in server and worker Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the req function. An attacker can access internal services and sensitive cloud metadata by leveraging HTTP...

7.7CVSS5.8AI score0.00258EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/15 4:21 p.m.14 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect via the logout process. An attacker can redirect users to arbitrary external websites by supplying a crafted url parameter. This is only exploitable if the configuration option enablelogout is set to true, and is most...

6.1CVSS6AI score0.00269EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/15 11:24 a.m.14 views

Malicious Package

Overview dowloadebokterraincognitauraniabyianmcdonaldum4vu is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/15 10:43 a.m.14 views

Malicious Package

Overview jenkins-for-jira is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/15 10:40 a.m.14 views

Malicious Package

Overview apple-internal-dev-check is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/15 8:46 a.m.14 views

Malicious Package

Overview auth-javascript is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/14 7:16 p.m.14 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the StandardEvaluationContext method. An attacker can execute arbitrary code and exfiltrate credentials by supplying crafted Spring Expression Language SpEL expressions as an authenticated user with...

9.1CVSS6.2AI score0.00576EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/14 6:25 p.m.14 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to insufficient path sanitization in the osfs.ChrootOS component. An attacker can gain unauthorized access to unintended filesystem locations by supplying crafted paths containing directory traversal sequences...

8.6CVSS6.3AI score0.0031EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/14 4:36 p.m.14 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the renderblockimage function. An attacker can inject arbitrary CSS into the style attribute of an image element by supplying a crafted value to the :width: or :height: option, which is insufficiently validat...

6.1CVSS5.7AI score0.00228EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/14 4:19 p.m.14 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the Object.assign process. An attacker can gain unauthorized access to and control over resources belonging to other...

7.7CVSS5.8AI score0.00335EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/14 4:18 p.m.14 views

Asymmetric Resource Consumption (Amplification)

Overview matrix-synapse is an ecosystem for open federated Instant Messaging and VoIP. Affected versions of this package are vulnerable to Asymmetric Resource Consumption Amplification through the handling of authenticated user requests. An attacker can exhaust CPU resources and cause service...

7.1CVSS5.8AI score0.00128EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/14 3:49 p.m.14 views

Malicious Package

Overview hardhat-core-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/14 3:23 p.m.14 views

Use of Inherently Dangerous Function

Overview Affected versions of this package are vulnerable to Use of Inherently Dangerous Function via the PQfn function when called with resultisint=0 in the loexport, loread, lolseek64, and lotell64 functions. An attacker can overwrite client stack memory with arbitrary data by sending a special...

8.8CVSS7.4AI score0.00464EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/14 3:22 p.m.14 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via integer wraparound in the allocation process. An attacker can execute arbitrary code or cause a segmentation fault by providing specially crafted, large-scale inputs to database functions. Remediation...

8.8CVSS7.7AI score0.00668EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/14 2:57 p.m.14 views

Incomplete List of Disallowed Inputs

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs inadequate input validation in the validateCommandFlags and validateArgsForLocalFileAccess functions. An attacker can execute arbitrary commands on the server by bypassi...

8.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 2026/05/13 2:3 p.m.14 views

Malicious Package

Overview chai-as-streamed is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/13 10:41 a.m.14 views

Generation of Error Message Containing Sensitive Information

Overview composer/composer is a Dependency Manager for PHP. Composer helps you declare, manage and install dependencies of PHP projects. It ensures you have the right stack everywhere. Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information...

8.6CVSS5.8AI score0.00079EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/12 9:20 p.m.14 views

Improper Authorization

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Improper Authorization via improper authorization checks in the access control process. An attacker can gain unauthorized write access by tricking a user into visiting a...

5.3CVSS5.8AI score0.00393EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/12 5:22 p.m.14 views

Timing Attack

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Timing Attack via AJP secret comparison. An attacker can perform a timing side-channel attack to determine whether a guessed secret is correct by sending many...

6.3CVSS5.8AI score0.00352EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/12 5:22 p.m.14 views

Improper Authorization

Overview tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Improper Authorization in the processing of security constraints when multiple method constraints define an HTTP method for the...

9.1CVSS5.8AI score0.01136EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/12 3:1 p.m.14 views

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution in the process of copying enumerable properties from a user-supplied object to a generated message instance without filtering the proto property. An attacker can alter the prototype of individual message instances by...

7.5CVSS6.4AI score0.00264EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/12 3:1 p.m.14 views

Uncontrolled Recursion

Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Uncontrolled Recursion through unbounded recursion when decoding nested message fields. An attacker can exhaust the call stack and cause the application to crash by supplying...

8.7CVSS5.9AI score0.0058EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/11 9:0 p.m.14 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS6AI score0.02342EPSS
Exploits3References2
Snyk
Snyk
added 2026/05/11 9:0 p.m.14 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS6AI score0.02342EPSS
Exploits3References2
Snyk
Snyk
added 2026/05/11 9:0 p.m.14 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS6AI score0.02342EPSS
Exploits3References2
Snyk
Snyk
added 2026/05/11 9:0 p.m.14 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS6AI score0.02342EPSS
Exploits3References2
Snyk
Snyk
added 2026/05/11 9:0 p.m.14 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS5.8AI score0.02342EPSS
Exploits3References2
Snyk
Snyk
added 2026/05/11 9:0 p.m.14 views

Use of Uninitialized Resource

Overview org.webjars.npm:ws is a simple to use websocket client, server and console for node.js. Affected versions of this package are vulnerable to Use of Uninitialized Resource in the websocket.close implementation in the Sender class, which exposes uninitialized memory when a TypedArray is...

7.5CVSS5.8AI score0.00745EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/11 9:0 p.m.14 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS6AI score0.02342EPSS
Exploits3References2
Snyk
Snyk
added 2026/05/11 9:0 p.m.14 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS6AI score0.02342EPSS
Exploits3References2
Snyk
Snyk
added 2026/05/11 9:0 p.m.14 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS6AI score0.02342EPSS
Exploits3References2
Snyk
Snyk
added 2026/05/11 9:0 p.m.14 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS6AI score0.02342EPSS
Exploits3References2
Total number of security vulnerabilities5000