Lucene search
K
SnykMost viewed

35355 matches found

Snyk
Snyk
•added 2026/06/12 8:8 p.m.•12 views

Resources Downloaded over Insecure Protocol

Overview esbuild is an An extremely fast JavaScript and CSS bundler and minifier. Affected versions of this package are vulnerable to Resources Downloaded over Insecure Protocol in the installFromNPM process. An attacker can execute arbitrary code with the privileges of the Deno process by...

9.2CVSS6.3AI score
Exploits0References3
Snyk
Snyk
•added 2026/06/12 6:15 p.m.•12 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the FileInfo.Name field during federation sync. An attacker can overwrite or create files in arbitrary locations within the server's filestore by sending specially crafted filenames containing path traversal...

7.6CVSS6.5AI score0.00294EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/12 2:32 p.m.•12 views

Malicious Package

Overview ecto-win-flag-q2m7 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/11 9:0 p.m.•12 views

Malicious Package

Overview @solana-labs/ancor is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/11 9:0 p.m.•12 views

Malicious Package

Overview solana-web3 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/11 9:0 p.m.•12 views

Malicious Package

Overview solana-js-client is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/11 7:14 p.m.•12 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to the improper sanitization of non-string values in the prefix, postfix, or dir parameters during path construction. An attacker can create files outside the intended temporary directory, potentially overwriting...

8.7CVSS6.2AI score0.00496EPSS
Exploits2References2
Snyk
Snyk
•added 2026/06/11 3:20 p.m.•12 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via improper validation of the Host header when parsing raw HTTP request messages or deriving a server request URI from server variables. An attacker can manipulate the Host header to include URI authori...

6.9CVSS5.4AI score0.00198EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/11 2:9 p.m.•12 views

Malicious Package

Overview vqlxjmpr is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/11 1:54 p.m.•12 views

Malicious Package

Overview @web-3d-tool/sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/11 1:54 p.m.•12 views

Malicious Package

Overview @coterie-baby/common is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/11 1:54 p.m.•12 views

Malicious Package

Overview sitecore-mm-component-style is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/10 11:13 p.m.•12 views

Out-of-bounds Write

Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.8CVSS5.3AI score0.00353EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/10 11:13 p.m.•12 views

Out-of-bounds Write

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

8.8CVSS5.3AI score0.00353EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/10 11:13 p.m.•12 views

Out-of-bounds Write

Overview Magick.NET-Q16-HDRI-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.8CVSS5.3AI score0.00353EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/10 11:12 p.m.•12 views

Directory Traversal

Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.8CVSS6.2AI score0.00128EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/10 11:12 p.m.•12 views

Directory Traversal

Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

6.8CVSS6.2AI score0.00128EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/10 11:12 p.m.•12 views

Directory Traversal

Overview Magick.NET-Q16-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.8CVSS6.2AI score0.00128EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/10 11:12 p.m.•12 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via incorrect parsing of the filename. An attacker can access files that are explicitly disallowed by security policies by leveraging symbolic links. Details A Directory Traversal attack also known as path traversal...

6.8CVSS6.2AI score0.00128EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/10 11:12 p.m.•12 views

Uncontrolled Recursion

Overview Magick.NET-Q16-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.8CVSS5.3AI score0.00107EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/10 11:12 p.m.•12 views

NULL Pointer Dereference

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

6.5CVSS5.3AI score0.00187EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/10 11:12 p.m.•12 views

NULL Pointer Dereference

Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.5CVSS5.3AI score0.00187EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/10 11:12 p.m.•12 views

NULL Pointer Dereference

Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.5CVSS5.3AI score0.00187EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/10 11:12 p.m.•12 views

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...

8.7CVSS5.3AI score0.00346EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/10 11:12 p.m.•12 views

Use After Free

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

8.2CVSS5.3AI score0.00227EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/10 11:10 p.m.•12 views

Infinite loop

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.5CVSS5.4AI score0.00092EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/10 11:10 p.m.•12 views

Infinite loop

Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

6.5CVSS5.4AI score0.00092EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/10 11:10 p.m.•12 views

Infinite loop

Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.5CVSS5.4AI score0.00092EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/10 11:10 p.m.•12 views

Infinite loop

Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.5CVSS5.4AI score0.00092EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/10 11:10 p.m.•12 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7CVSS5.5AI score0.00112EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/10 11:10 p.m.•12 views

Missing Release of Memory after Effective Lifetime

Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

5.1CVSS5.4AI score0.0011EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/10 11:10 p.m.•12 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7CVSS5.5AI score0.00112EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/10 11:10 p.m.•12 views

Missing Release of Memory after Effective Lifetime

Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

5.1CVSS5.4AI score0.0011EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/10 2:53 p.m.•12 views

Malicious Package

Overview devkitx is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/10 2:53 p.m.•12 views

Malicious Package

Overview anaylze-json is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/10 2:30 p.m.•12 views

Malicious Package

Overview nw-demo-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/10 1:55 p.m.•12 views

Malicious Package

Overview react-tracked-tony is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/10 1:55 p.m.•12 views

Malicious Package

Overview martinez-polygon-clipping-simul-dalton is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/10 1:34 p.m.•12 views

Malicious Package

Overview npmjstruffle-helper is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/10 1:34 p.m.•12 views

Malicious Package

Overview solidity-abi is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/10 8:27 a.m.•12 views

Embedded Malicious Code

Overview @builder.io/dev-tools is a Builder.io Visual CMS Devtools Affected versions of this package are vulnerable to Embedded Malicious Code. The affected version contains malicious code, and its content was removed from the official package manager. While this package might be attempting to...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/09 6:33 p.m.•12 views

Missing Cryptographic Step

Overview Affected versions of this package are vulnerable to Missing Cryptographic Step in the AES-OCB provider when an application uses the EVPCipher interface. The handler silently discards the IV, so every message under a given key runs with the all-zero offset state, causing nonce reuse. If...

9.1CVSS7.1AI score0.0032EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/09 6:33 p.m.•12 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in OSSLCMPget1rootCaKeyUpdate. An attacker with credentials that satisfy the CMP message protection checks, such as a Registration Authority, can replace the root CA certificate held by affected CMP clien...

6CVSS6.6AI score0.00262EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/09 5:4 p.m.•12 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via improper link resolution before file access. An attacker can modify local files by exploiting symbolic links to redirect file operations to unintended locations. Remediation Upgrade...

6.9CVSS5.3AI score0.00388EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/09 2:47 p.m.•12 views

Malicious Package

Overview xorma-js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.5AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/09 2:17 p.m.•12 views

Malicious Package

Overview @doaction/wasm-loader is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.5AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/09 2:17 p.m.•12 views

Malicious Package

Overview @doaction/types is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.5AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/09 12:0 a.m.•12 views

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the @Query regex parameter binding when a bound parameter is placed inside a regular expression literal using \Q...\E quoting e.g. @Query" name : /^\\Q?0\\E$/ "...

8.2CVSS5.3AI score0.00262EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/08 11:9 p.m.•12 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF through the lack of CSRF protection on /ui/ mutating endpoints. An attacker can perform unauthorized actions on behalf of an authenticated user by tricking them into submitting crafted requests, such as...

7CVSS5.5AI score0.00013EPSS
Exploits0References3
Snyk
Snyk
•added 2026/06/08 11:2 p.m.•12 views

Allocation of Resources Without Limits or Throttling

Overview io.netty:netty-codec-http2 is a HTTP2 sub package for the netty library, an event-driven asynchronous network application framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of enforcement of the advertised...

6.9CVSS5.5AI score0.00292EPSS
Exploits0References2
Total number of security vulnerabilities5000