Lucene search
K
SnykMost viewed

35669 matches found

Snyk
Snyk
•added 2026/05/21 4:36 p.m.•13 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the TESTCONNECTION workflow for a Database Service. An attacker can obtain sensitive credentials and authentication tokens by triggering the workflow and inspecting the HTTP response...

8.7CVSS5.8AI score0.00241EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/21 4:12 p.m.•13 views

Malicious Package

Overview tailwindcss-theme-custom is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/21 7:35 a.m.•13 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the SearchModelVersions REST API endpoint and the mlflowSearchModelVersions GraphQL query. An attacker can access sensitive information, including model names, version descriptions, source URIs, tags, and other...

7.1CVSS6.6AI score0.00441EPSS
Exploits1References2
Snyk
Snyk
•added 2026/05/20 9:45 p.m.•13 views

SQL Injection

Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to SQL Injection via the process that handles SQL queries. An attacker can execute arbitrary SQL commands by injecting specially...

9.8CVSS6.3AI score0.84631EPSS
Exploits14References2
Snyk
Snyk
•added 2026/05/20 3:44 p.m.•13 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the updateAssistant and createAssistant handlers in the assistant service. An attacker can reassign an assistant to a...

6CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/20 3:35 p.m.•13 views

Deserialization of Untrusted Data

Overview net.sf.jasperreports:jasperreports is an open source reporting engine for Java. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the ObjectInputStream subclasses. An attacker can achieve remote code execution on the JVM host by sending a specially...

8.8CVSS6.3AI score0.00476EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/20 3:35 p.m.•13 views

User Interface (UI) Misrepresentation of Critical Information

Overview symfony/html-sanitizer is a Provides an object-oriented API to sanitize untrusted HTML input for safe insertion into a document's DOM. Affected versions of this package are vulnerable to User Interface UI Misrepresentation of Critical Information via UrlSanitizer::parse in the...

7.1CVSS5.8AI score0.00069EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/20 3:35 p.m.•13 views

CRLF Injection

Overview symfony/mime is a library to manipulate MIME messages. Affected versions of this package are vulnerable to CRLF Injection via Non-Token Characters in Mime Parameter Names. A caller that derives a parameter name from untrusted input, e.g. an application that lets a user influence a...

6.3CVSS5.8AI score0.00056EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/20 3:35 p.m.•13 views

User Impersonation

Overview symfony/security-http is a provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the actual authorization logic from so called user providers that hold the users credentials. Affected versions of this package are vulnerable to User...

9.3CVSS5.8AI score0.00064EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/20 9:41 a.m.•13 views

Incorrect Authorization

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Incorrect Authorization via incomplete CheckToStringNode enforcement in SandboxNodeVisitor. An attacker can invoke toString on arbitrary objects reachable from the...

7.4CVSS5.9AI score0.00044EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/19 9:51 p.m.•13 views

Use of Uninitialized Resource

Overview Affected versions of this package are vulnerable to Use of Uninitialized Resource in the decoding process of grid-based HEIF or AVIF images when a corrupted tile fails to decode and the library returns a success status, resulting in uninitialized heap memory being exposed as pixel data. ...

7.1CVSS5.8AI score0.00303EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/19 8:10 p.m.•13 views

Allocation of Resources Without Limits or Throttling

Overview sqlfluff is a The SQL Linter for Humans Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the Parser, ParseContext, and Rust parser match-tree handling in the parser components. An attacker can force excessive parse-tree grow...

8.7CVSS5.9AI score0.00263EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/19 2:44 p.m.•13 views

Server-side Request Forgery (SSRF)

Overview @haxtheweb/haxcms-nodejs is a HAXcms nodejs backend Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the createSite function. An attacker can access internal network resources and read arbitrary files by supplying crafted URLs or file paths to the...

7.1CVSS5.6AI score0.00238EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/19 10:42 a.m.•13 views

Improper Validation of Syntactic Correctness of Input

Overview org.keycloak:keycloak-saml-core is an Identity and Access Management plugin for Keycloak. Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the SAMLParser and SAML11ParserUtil code paths that handle SAML 1.1 assertions and protoc...

8.7CVSS5.9AI score0.00743EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/19 6:22 a.m.•13 views

Incorrect Implementation of Authentication Algorithm

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm through the TokenManager and OIDC endpoint token checks ...

5.4CVSS5.4AI score0.00281EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/19 12:0 a.m.•13 views

Replay Attack

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Replay Attack through the RequiredActionFactory and required-action implementations in the authentication flo...

7.6CVSS5.8AI score0.0044EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/18 9:0 p.m.•13 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/18 9:0 p.m.•13 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/18 9:0 p.m.•13 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/18 9:0 p.m.•13 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References3
Snyk
Snyk
•added 2026/05/18 9:0 p.m.•13 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/18 9:0 p.m.•13 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/18 9:0 p.m.•13 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/18 9:0 p.m.•13 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/18 9:0 p.m.•13 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/18 9:0 p.m.•13 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/18 9:0 p.m.•13 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/18 9:0 p.m.•13 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/18 9:0 p.m.•13 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/18 9:0 p.m.•13 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/18 9:0 p.m.•13 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/18 9:0 p.m.•13 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/18 9:0 p.m.•13 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/18 8:37 p.m.•13 views

Out-of-bounds Write

Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.2CVSS5.9AI score0.00116EPSS
Exploits0References3
Snyk
Snyk
•added 2026/05/18 8:37 p.m.•13 views

Out-of-bounds Write

Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

6.2CVSS5.9AI score0.00116EPSS
Exploits0References3
Snyk
Snyk
•added 2026/05/18 8:37 p.m.•13 views

Out-of-bounds Write

Overview Magick.NET-Q8-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.2CVSS5.9AI score0.00116EPSS
Exploits0References3
Snyk
Snyk
•added 2026/05/18 8:37 p.m.•13 views

Uncontrolled Recursion

Overview Magick.NET-Q16-HDRI-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.9CVSS5.8AI score0.0012EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/18 8:37 p.m.•13 views

Use After Free

Overview Magick.NET-Q8-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.5CVSS5.8AI score0.00301EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/18 8:37 p.m.•13 views

Use After Free

Overview Magick.NET-Q16-HDRI-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.5CVSS5.8AI score0.00301EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/18 8:37 p.m.•13 views

Use After Free

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

7.5CVSS5.8AI score0.00301EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/18 8:37 p.m.•13 views

Use After Free

Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.5CVSS5.8AI score0.00301EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/18 8:37 p.m.•13 views

Infinite loop

Overview Magick.NET-Q8-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.7CVSS5.8AI score0.01849EPSS
Exploits4References2
Snyk
Snyk
•added 2026/05/18 8:36 p.m.•13 views

Infinite loop

Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.8CVSS5.8AI score0.00111EPSS
Exploits0References5
Snyk
Snyk
•added 2026/05/18 8:36 p.m.•13 views

Infinite loop

Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

6.8CVSS5.8AI score0.00111EPSS
Exploits0References5
Snyk
Snyk
•added 2026/05/18 8:36 p.m.•13 views

Out-of-bounds Write

Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.7CVSS5.8AI score0.00441EPSS
Exploits0References3
Snyk
Snyk
•added 2026/05/18 8:36 p.m.•13 views

Out-of-bounds Write

Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.7CVSS5.8AI score0.00441EPSS
Exploits0References3
Snyk
Snyk
•added 2026/05/18 8:33 p.m.•13 views

Uncontrolled Recursion

Overview Magick.NET-Q16-HDRI-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

7.5CVSS5.8AI score0.00441EPSS
Exploits0References3
Snyk
Snyk
•added 2026/05/18 8:33 p.m.•13 views

Improper Validation of Array Index

Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

5.1CVSS5.8AI score0.0012EPSS
Exploits0References3
Snyk
Snyk
•added 2026/05/18 8:33 p.m.•13 views

Improper Validation of Array Index

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

5.1CVSS5.8AI score0.0012EPSS
Exploits0References3
Snyk
Snyk
•added 2026/05/18 8:33 p.m.•13 views

Improper Validation of Array Index

Overview Magick.NET-Q16-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

5.1CVSS5.8AI score0.0012EPSS
Exploits0References3
Total number of security vulnerabilities5000