Lucene search
K
SnykMost viewed

35547 matches found

Snyk
Snyk
added 2026/03/19 7:13 p.m.14 views

Improper Validation of Specified Quantity in Input

Overview org.webjars.npm:fast-xml-parser is a Validate XML, Parse XML, Build XML without C/C++ based libraries Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input in the DocTypeReader component when the maxEntityCount or maxEntitySize configurati...

8.2CVSS5.8AI score0.00449EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/12 2:8 p.m.14 views

Integer Overflow or Wraparound

Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

8.3CVSS5.9AI score0.00194EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/09 9:38 p.m.14 views

Use After Free

Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

5.5CVSS5.8AI score0.00193EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/25 6:59 p.m.14 views

Cross-site Request Forgery (CSRF)

Overview parse-dashboard is a The Parse Dashboard for Parse Server Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the agent endpoint. An attacker can perform unauthorized actions on behalf of an authenticated user by tricking them into visiting a malicious...

8.3CVSS6AI score0.00143EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/24 12:34 a.m.14 views

Infinite loop

Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

8.7CVSS6AI score0.00449EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/24 12:19 a.m.14 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the NnefPfdManagement process. An attacker can obtain internal parsing error details by sending crafted requests that trigger error conditions, which may allow them to fingerprint server software and logic flows...

6.9CVSS6AI score0.00269EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/09 8:53 p.m.14 views

Prototype Pollution

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Prototype Pollution via the mergeConfig function. An attacker can cause the application to crash by supplying a malicious configuration object containing a proto property...

8.7CVSS6.8AI score0.025EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/28 4:33 p.m.14 views

Malicious Package

Overview mona-service-commands is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/01/28 4:33 p.m.14 views

Malicious Package

Overview @isfe-common/testing-constants is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2025/12/31 7:46 p.m.14 views

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow during address resolution, when attacker-controlled hostname data is copied into a fixed-size stack buffer without proper bounds checking. An attacker can cause a crash if proxy logic is enabled in the...

9.8CVSS7AI score0.00637EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/16 10:32 p.m.14 views

Malicious Package

Overview oauth2-jwt-bearer is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2025/12/16 10:32 p.m.14 views

Malicious Package

Overview tokenization-lab is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2025/11/26 10:44 p.m.14 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the HttpClient which has a built-in XSRF protection mechanism. An attacker can obtain sensitive authentication tokens by crafting requests using protocol-relative URLs that cause the...

8.6CVSS6.9AI score0.00572EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/07 12:26 a.m.14 views

Malicious Package

Overview vite-tsconfig-assistant is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/09/16 10:45 a.m.14 views

Race Condition within a Thread

Overview Affected versions of this package are vulnerable to Race Condition within a Thread via the Autoupdate helper tool. A local unprivileged attacker can gain elevated privileges by sending a very well-timed XPC message and connect to the daemon when it is spawned as root and requesting...

8.8CVSS6.6AI score0.00194EPSS
Exploits0References2
Snyk
Snyk
added 2025/07/25 5:41 p.m.14 views

Cross-site Scripting (XSS)

Overview opencart/opencart is a shopping cart system Affected versions of this package are vulnerable to Cross-site Scripting XSS via the blog editor process. An attacker can execute arbitrary JavaScript code in the context of a user's browser by injecting malicious scripts into blog content...

6.1CVSS5.4AI score0.00246EPSS
Exploits1References2
Snyk
Snyk
added 2024/12/06 4:41 p.m.14 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the search parameter. An attacker can execute scripts by convincing a user to click a malicious link, and then click the search bar on the target page. Details Cross-site scripting or XSS is a code...

6.1CVSS5.4AI score0.00557EPSS
Exploits2References2
Snyk
Snyk
added 2024/07/09 9:14 p.m.14 views

Use After Free

Overview Microsoft.AspNetCore.App.Runtime.linux-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Use After Free through the handling of HTTP/3...

9.2CVSS7.9AI score0.02565EPSS
Exploits0References2
Snyk
Snyk
added 2024/06/17 4:17 p.m.14 views

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview opencart/opencart is a shopping cart system Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. A Zip Slip issue was identified via the marketplace installer due to improper sanitization of the target path, allowing files within a...

8.6CVSS6.7AI score0.14126EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/02 9:48 a.m.13 views

Malicious Package

Overview vitest-agent is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/30 3:13 p.m.13 views

Malicious Package

Overview nbmolviz-js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 4:53 p.m.13 views

Malicious Package

Overview @tbe-ui/ides is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 4:44 p.m.13 views

Malicious Package

Overview @mcconnect/mcc-common-lib is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 2:18 p.m.13 views

Malicious Package

Overview quirky-token is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/26 5:5 a.m.13 views

Malicious Package

Overview theme-color-picker is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 9:17 p.m.13 views

Cross-site Scripting (XSS)

Overview @mariozechner/pi-coding-agent is a Coding agent CLI with read, bash, edit, write tools and session management Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper sanitization of Markdown link and image URLs during HTML session export. An attacker can...

2.5CVSS6AI score0.00132EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/23 7:19 p.m.13 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the get method of the Konnected integration's HTTP endpoint, which does not enforce authentication. An attacker can access sensitive information about the alarm-panel switch state and zone...

7.6CVSS5.8AI score0.00193EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/22 4:25 p.m.13 views

Missing Authorization

Overview chainlit is a Build Conversational AI. Affected versions of this package are vulnerable to Missing Authorization via the restoreexistingsession path in the WebSocket session restoration. An attacker can gain unauthorized access to another user's session and assume their permissions and...

8.8CVSS5.9AI score0.00256EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/18 8:16 p.m.13 views

Protection Mechanism Failure

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Protection Mechanism Failure in the skill-command dispatch process. An attacker can bypass hook-based auditing or policy enforcement by routing a skill command through a dispatch path tha...

4.3CVSS5.9AI score0.00185EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/18 6:35 p.m.13 views

Insertion of Sensitive Information Into Sent Data

Overview @theia/ai-chat is a Theia - AI Chat Extension Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the rendering of Markdown image tags in AI chat responses. An attacker can cause sensitive information from the workspace or conversatio...

6.7CVSS5.8AI score0.00181EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/17 6:20 p.m.13 views

Improper Certificate Validation

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Improper Certificate Validation in the ProxyAgent when configured with a SOCKS5 proxy URI, which causes the requestTls option to be silently dropped. An attacker can...

7.4CVSS6.4AI score0.00476EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/16 9:0 p.m.13 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. An attacker using the npm account ehindero hijacked the @mastra npm organization and, in a roughly 30–45 minute burst starting around 01:12 UTC, republished the entire @mastra catalog. The Mastra source code was...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/16 3:3 p.m.13 views

Symlink Attack

Overview langchain-anthropic is an Integration package connecting Claude Anthropic APIs and LangChain Affected versions of this package are vulnerable to Symlink Attack via the file-search middleware and loaders that resolve filesystem paths and search patterns without confining the resolved path...

6.9CVSS5.9AI score0.00157EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/16 2:34 p.m.13 views

Directory Traversal

Overview nltk is a Natural Language Toolkit NLTK is a Python package for natural language processing. Affected versions of this package are vulnerable to Directory Traversal via the nltk.data.load function. An attacker can access arbitrary files on the local filesystem by supplying specially...

8.7CVSS6.5AI score0.00378EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/16 2:7 p.m.13 views

Cross-site Scripting (XSS)

Overview bleach is a whitlist-based HTML sanitizing library that escapes or strips markup and attributes. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the clean function. An attacker can execute arbitrary JavaScript code in the context of the user's browser by...

6.1CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/06/16 1:49 p.m.13 views

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions via the module and resolve request types in the internal IPC server. An attacker can access sensitive files and secrets by connecting to the world-accessible abstract-namespace Unix socket and issuing craft...

6.8CVSS5.9AI score0.00103EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/15 11:34 p.m.13 views

Malicious Package

Overview ectomodule is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/06/15 8:13 p.m.13 views

Arbitrary Code Injection

Overview protobufjs-cli is a Translates between file formats and generates static code as well as TypeScript definitions. Affected versions of this package are vulnerable to Arbitrary Code Injection via the pbjs static code generation. An attacker can execute arbitrary code by providing crafted...

8.2CVSS6.2AI score0.00228EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/15 8:13 p.m.13 views

Arbitrary Code Injection

Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Arbitrary Code Injection via the pbjs static code generation. An attacker can execute arbitrary code by providing crafted schema names that are incorporated into generated...

8.2CVSS6.5AI score0.00228EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/12 2:32 p.m.13 views

Malicious Package

Overview ecto-corsair-flag-x9m4 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/06/11 9:0 p.m.13 views

Malicious Package

Overview @solana-labs/web3.js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/06/11 1:54 p.m.13 views

Malicious Package

Overview @vtmn-play/react is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/06/11 9:35 a.m.13 views

Malicious Package

Overview tailwindcss-animatics is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:12 p.m.13 views

Directory Traversal

Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

6.8CVSS6.2AI score0.00128EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:12 p.m.13 views

Uncontrolled Recursion

Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

6.8CVSS5.3AI score0.00107EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:12 p.m.13 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.3CVSS5.5AI score0.00227EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:12 p.m.13 views

Use After Free

Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

8.2CVSS5.3AI score0.00227EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:10 p.m.13 views

Infinite loop

Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

6.5CVSS5.4AI score0.00092EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:10 p.m.13 views

Missing Release of Memory after Effective Lifetime

Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

5.1CVSS5.4AI score0.0011EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 3:8 p.m.13 views

Malicious Package

Overview crypto-promise-js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Total number of security vulnerabilities5000