Lucene search
K
SnykMost viewed

35340 matches found

Snyk
Snyk
added 2026/05/18 8:33 p.m.12 views

Improper Validation of Array Index

Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

5.1CVSS5.8AI score0.0012EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/18 7:10 p.m.12 views

Infinite loop

Overview Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the...

8.7CVSS5.8AI score0.0243EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 5:53 p.m.12 views

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.5CVSS5.8AI score0.00495EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 5:53 p.m.12 views

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.5CVSS5.8AI score0.00495EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 5:53 p.m.12 views

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

7.5CVSS5.8AI score0.00495EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 5:53 p.m.12 views

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

7.5CVSS5.8AI score0.00495EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 5:53 p.m.12 views

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

7.5CVSS5.8AI score0.00495EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 5:48 p.m.12 views

Off-by-one Error

Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...

6.9CVSS5.8AI score0.0024EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/18 5:48 p.m.12 views

Improper Validation of Array Index

Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

7.1CVSS5.9AI score0.00122EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/18 5:48 p.m.12 views

Improper Validation of Array Index

Overview Magick.NET-Q16-HDRI-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.1CVSS5.9AI score0.00122EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/18 5:48 p.m.12 views

Improper Validation of Array Index

Overview Magick.NET-Q16-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.1CVSS5.9AI score0.00122EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/18 5:48 p.m.12 views

Improper Validation of Array Index

Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.1CVSS5.9AI score0.00122EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/18 5:44 p.m.12 views

Incorrect Authorization

Overview @budibase/server is a Budibase Web Server Affected versions of this package are vulnerable to Incorrect Authorization through the row action trigger process. An attacker can gain unauthorized access to data and perform actions on database rows outside their permitted scope by supplying a...

5.4CVSS5.8AI score0.00146EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 5:35 p.m.12 views

Uncaught Exception

Overview org.webjars.npm:multiparty is a multipart/form-data parser which supports streaming Affected versions of this package are vulnerable to Uncaught Exception through the parsing of multipart/form-data requests containing field names that collide with inherited Object.prototype properties. A...

8.7CVSS5.8AI score0.00473EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/18 3:31 p.m.12 views

Integer Underflow (Wrap or Wraparound)

Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

5.1CVSS5.8AI score0.0012EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/18 3:31 p.m.12 views

Integer Underflow (Wrap or Wraparound)

Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

5.1CVSS5.8AI score0.0012EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/18 3:31 p.m.12 views

Integer Underflow (Wrap or Wraparound)

Overview Magick.NET-Q8-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

5.1CVSS5.8AI score0.0012EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/18 12:31 p.m.12 views

Deserialization of Untrusted Data

Overview sglang is a SGLang is a fast serving framework for large language models and vision language models. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the --enable-custom-logit-processor option, which allows untrusted Python objects to be...

9.8CVSS6.1AI score0.00585EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 11:47 a.m.12 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Host header when constructing response URLs for custom slash commands. An attacker can redirect responses to a server under their control by sending a specially crafted request with a spoofed Hos...

5CVSS5.8AI score0.00137EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 1:32 a.m.12 views

Server-side Request Forgery (SSRF)

Overview ai is an AI SDK by Vercel - The AI Toolkit for TypeScript and JavaScript Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to the order of operations in the validateDownloadUrl implementation in download-blob.ts and download.ts. The fetch operation...

7.5CVSS7.2AI score0.00385EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/17 9:0 p.m.12 views

Malicious Package

Overview axois-utils is a malicious package. This package contains malicious code that includes infostealer malware, one of which is a Shai-Hulud clone following the TeamPCP open source release, and one DDoS botnet package. While this package might be attempting to impersonate a valid organizatio...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/17 9:0 p.m.12 views

Malicious Package

Overview color-style-utils is a malicious package. This package contains malicious code that includes infostealer malware, one of which is a Shai-Hulud clone following the TeamPCP open source release, and one DDoS botnet package. While this package might be attempting to impersonate a valid...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/16 12:0 a.m.12 views

Improper Isolation or Compartmentalization

Overview @boxlite-ai/boxlite is a BoxLite - Embeddable micro-VM runtime for secure, isolated code execution Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization in the mounting of host directories in read-only mode into VM. An attacker can gain unauthoriz...

10CVSS5.9AI score0.00289EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/16 12:0 a.m.12 views

Symlink Attack

Overview boxlite is a Python bindings for Boxlite runtime Affected versions of this package are vulnerable to Symlink Attack via improper path resolution during extraction of OCI image layer tarballs. An attacker can write arbitrary files to locations outside the intended extraction root by...

9.6CVSS5.9AI score0.00482EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/15 5:47 p.m.12 views

Server-side Request Forgery (SSRF)

Overview @budibase/server is a Budibase Web Server Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the processUrlFile function. An attacker can access internal network resources and sensitive cloud metadata by supplying crafted URLs that target internal or...

7.7CVSS5.8AI score0.00258EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/15 3:30 p.m.12 views

Allocation of Resources Without Limits or Throttling

Overview smtp-server is a Create custom SMTP servers on the fly Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the SMTPStream.write process. An attacker can cause excessive memory consumption and potentially crash the server by...

8.7CVSS6AI score0.00572EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/15 10:43 a.m.12 views

Malicious Package

Overview jenkins-for-jira is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/15 10:40 a.m.12 views

Malicious Package

Overview agents-a365-runtime is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/15 10:40 a.m.12 views

Malicious Package

Overview apple-security-internal-scanner-v3 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/15 10:40 a.m.12 views

Malicious Package

Overview apple-coredata-internal-service is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and th...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/15 8:46 a.m.12 views

Malicious Package

Overview microsoft-applicationinsights-common is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization a...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/15 8:46 a.m.12 views

Malicious Package

Overview ms-graph-types is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/14 8:46 p.m.12 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the regConfig parameter in full-text search APIs. An attacker can execute arbitrary SQL commands by supplying crafted input to the regConfig parameter, which is interpolated directly into SQL statements without...

9.8CVSS6.1AI score0.00375EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/14 8:27 p.m.12 views

Cross-site Scripting (XSS)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS via the profileimageurl process. An attacker can execute arbitrary JavaScript in the context of another authenticated user's session by crafting a malicious SVG image as their OAuth...

8.5CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/14 8:17 p.m.12 views

Reliance on File Name or Extension of Externally-Supplied File

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Reliance on File Name or Extension of Externally-Supplied File via the audio transcription upload process. An attacker can execute arbitrary JavaScript in the context of another user's session by uploading a...

8.7CVSS6.1AI score0.0018EPSS
Exploits1References4
Snyk
Snyk
added 2026/05/14 6:27 p.m.12 views

Improper Encoding or Escaping of Output

Overview sanitize-html is a library that allows you to clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the linkHref field handling. An...

7.3CVSS6.1AI score0.00211EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/14 6:27 p.m.12 views

Improper Encoding or Escaping of Output

Overview apostrophe is a content management system CMS for Node.js. It supports in-context editing, schema-driven content types, flexible widgets and a great deal more. This module contains everything necessary to build a website with ApostropheCMS. Affected versions of this package are vulnerabl...

5.4CVSS6.1AI score0.00211EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/14 2:22 p.m.12 views

Malicious Package

Overview knot-simple-formatter is a malicious package. This package is part of a malicious cluster of Ruby gems published by the threat actor knot-theory. Designed to impersonate legitimate utilities, it executes a payload upon installation that harvests environment variables, SSH keys, AWS...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/13 8:2 p.m.12 views

Insufficient Session Expiration

Overview @strapi/plugin-users-permissions is a headless CMS Affected versions of this package are vulnerable to Insufficient Session Expiration in the password reset or change operation. An attacker can maintain unauthorized access by continuing to use a previously obtained refresh token to...

6.9CVSS5.8AI score0.00272EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/13 8:2 p.m.12 views

Brute Force

Overview @strapi/plugin-users-permissions is a headless CMS Affected versions of this package are vulnerable to Brute Force via the rate-limiting middleware. An attacker can bypass intended request throttling by manipulating the email field in the request body to generate unique rate-limit keys f...

6.9CVSS5.8AI score0.00492EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/13 3:57 p.m.12 views

Malicious Package

Overview github.com/BufferZoneCorp/go-stdlog is a malicious package. This package contains malicious code designed to compromise developer systems and CI environments, specifically targeting GitHub Actions. The threat actor, operating under the GitHub account BufferZoneCorp, published a cluster o...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/05/13 3:57 p.m.12 views

Malicious Package

Overview github.com/BufferZoneCorp/go-stdlib-ext is a malicious package. This package contains malicious code designed to compromise developer systems and CI environments, specifically targeting GitHub Actions. The threat actor, operating under the GitHub account BufferZoneCorp, published a clust...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/05/13 3:33 p.m.12 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the datesequence computation. An attacker can exhaust server resources and deny service to other users by creating routines with extremely large date ranges and triggering endpoin...

7.1CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/13 10:41 a.m.12 views

Generation of Error Message Containing Sensitive Information

Overview composer/composer is a Dependency Manager for PHP. Composer helps you declare, manage and install dependencies of PHP projects. It ensures you have the right stack everywhere. Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information...

8.6CVSS5.8AI score0.00079EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/13 1:36 a.m.12 views

Incorrect Authorization

Overview authlib is a library in building OAuth and OpenID Connect servers. Affected versions of this package are vulnerable to Incorrect Authorization via the validateauthorizationrequest function. An attacker can cause the server to redirect users to arbitrary URLs by submitting a crafted...

6.1CVSS5.9AI score0.00203EPSS
Exploits1References3
Snyk
Snyk
added 2026/05/12 10:23 p.m.12 views

Insufficient Session Expiration

Overview sillytavern is a LLM Frontend for Power Users Affected versions of this package are vulnerable to Insufficient Session Expiration due to the failure to invalidate existing sessions after a password change. An attacker can maintain unauthorized access to an account by reusing a previously...

8.3CVSS5.8AI score0.00394EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/12 9:31 p.m.12 views

Directory Traversal

Overview github.com/hashicorp/nomad is a workload orchestrator that can deploy a mix of microservice, batch, containerized, and non-containerized applications. Affected versions of this package are vulnerable to Directory Traversal via the host volume Create workflow. An attacker can break out of...

8.8CVSS6.3AI score0.06892EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/12 9:20 p.m.12 views

Cross-site Scripting (XSS)

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the form fields process. An attacker can execute arbitrary JavaScript in the context of another user's browser session by injecting malicious...

4.8CVSS5.8AI score0.00274EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/12 6:30 p.m.12 views

Deserialization of Untrusted Data

Overview snorkel is an A system for quickly generating training data with weak supervision Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the MultitaskClassifier.load function. An attacker can execute arbitrary code by supplying a maliciously crafted mode...

8.8CVSS6.1AI score0.00392EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/12 5:22 p.m.12 views

Deserialization of Untrusted Data

Overview lightning is a Deep Learning framework to train, deploy, and ship AI products Lightning fast. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the LightningModule.loadfromcheckpoint function. Any workflow that calls this function on an untrusted...

9.8CVSS6.2AI score0.00385EPSS
Exploits1References2
Total number of security vulnerabilities5000