Lucene search
K
SnykMost viewed

35537 matches found

Snyk
Snyk
added 2026/05/27 5:34 p.m.12 views

Session Fixation

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Session Fixation via /proxy reverse proxy requests. A malicious HF Space can hijack user sessions and gain unauthorized access to other users'...

8CVSS5.8AI score0.0035EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/27 5:34 p.m.12 views

Open Redirect

Overview org.jenkins-ci.plugins:bitbucket-oauth is a Jenkins Plugin that supports authentication via Bitbucket OAuth. Affected versions of this package are vulnerable to Open Redirect via the redirect URL parameter after authentication. An attacker can redirect users to malicious sites by craftin...

5.1CVSS5.8AI score0.00216EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/27 9:41 a.m.12 views

Cross-site Scripting (XSS)

Overview symfony/symfony is a PHP framework for web applications and a set of reusable PHP components. Affected versions of this package are vulnerable to Cross-site Scripting XSS via HtmlSanitizer due to improper sanitization of URL attributes on object, applet, iframe, img and meta refresh. By...

6.1CVSS5.6AI score0.00051EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/27 8:53 a.m.12 views

Malicious Package

Overview chai-as-repaired is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/27 3:23 a.m.12 views

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the scanForGeometryContainers function. An attacker can achieve arbitrary code execution by supplying a crafted NetCDF file containing an oversized geometry attribute, which is read into a fixed-size stac...

7.8CVSS6.4AI score0.00102EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/26 11:8 p.m.12 views

Insecure Randomness

Overview Affected versions of this package are vulnerable to Insecure Randomness due to the HKDFexpand and EVPHPKECTXexport functions returning a zero-filled byte array on failure, which is then used as key material for AEAD encryption. An attacker can predict and exploit the deterministic,...

6.9CVSS5.5AI score0.00193EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/26 9:0 p.m.12 views

Malicious Package

Overview mouse5212-super-formatter is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/26 7:30 p.m.12 views

Allocation of Resources Without Limits or Throttling

Overview pterodactyl/panel is a game management panel. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via a race condition in the DatabaseController.php process. An attacker can exceed assigned database resource limits by sending multiple...

3.1CVSS5.8AI score0.00212EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/26 6:0 p.m.12 views

Cross-site Scripting (XSS)

Overview @typebot.io/js is a Javascript library to display typebots on your website Affected versions of this package are vulnerable to Cross-site Scripting XSS via the href attribute in anchor tags rendered from user-controlled content. An attacker can execute arbitrary JavaScript in the context...

6.1CVSS5.8AI score0.00241EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/26 2:43 p.m.12 views

Improper Resource Shutdown or Release

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the OpenAI-compatible Serving Path component. An attacker can cause the service to become unavailable by...

6.9CVSS6.1AI score0.00427EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/26 11:59 a.m.12 views

Malicious Package

Overview jsonbson is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/26 11:56 a.m.12 views

Malicious Package

Overview pdf-lib-enhanced is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/26 9:28 a.m.12 views

Malicious Package

Overview tailwind-style-typography is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/26 9:20 a.m.12 views

Malicious Package

Overview eo-terminal is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/25 11:19 p.m.12 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect in handling shiroSavedRequest cookies, which use unprotected/unencrypted values for SAVEDREQUESTKEY. An authenticated user can cause the server to make blind HTTP GET requests to arbitrary URLs or redirect users to untrust...

5.4CVSS5.9AI score0.00383EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/25 9:5 a.m.12 views

Malicious Package

Overview ts-stream-compose is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/25 9:5 a.m.12 views

Malicious Package

Overview ts-result-pipe is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/25 9:5 a.m.12 views

Malicious Package

Overview ts-typeguard-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/25 8:49 a.m.12 views

Malicious Package

Overview vite-plugin-env-compat-1.5 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/25 8:15 a.m.12 views

Malicious Package

Overview ac-sasskit-beta is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/25 8:9 a.m.12 views

Malicious Package

Overview wm-plugin-create-iframe-capturing is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/25 8:9 a.m.12 views

Malicious Package

Overview wm-w5g-preview is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/25 8:1 a.m.12 views

Malicious Package

Overview ts-relayer-client is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/25 7:12 a.m.12 views

Malicious Package

Overview not-remix is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/25 7:6 a.m.12 views

Malicious Package

Overview chai-as-float is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/24 8:48 p.m.12 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the X-T3Crawler-Meta response header from crawled URLs directly to PHP's unserialize. An attacker controlling a crawled endpoint can inject arbitrary serialized PHP objects, leading to Remote Code...

7.6CVSS6AI score0.00389EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/24 8:48 p.m.12 views

XML External Entity (XXE) Injection

Overview tpwd/kesearch is a search extension for TYPO3, including faceting search functions. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the OOXML parsing of the file indexer, external entity resolution is not disabled. A crafted XLSX or PPTX document...

5.9CVSS5.8AI score0.00301EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/24 8:48 p.m.12 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the extension failing to safely process untrusted client input of an attacker-controlled cookie directly to PHP's unserialize. A remote, unauthenticated attacker can supply a crafted serialized...

9.2CVSS5.8AI score0.02306EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/24 8:47 p.m.12 views

XML External Entity (XXE) Injection

Overview tpwd/kesearch is a search extension for TYPO3, including faceting search functions. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the additionaltables configuration of the page and ttcontent indexers that accept arbitrary table and field names....

5.9CVSS6AI score0.00318EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/24 3:36 p.m.12 views

Malicious Package

Overview async-pipeline-builder is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/24 3:36 p.m.12 views

Malicious Package

Overview model-switch-router is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/23 9:0 p.m.12 views

Malicious Package

Overview cryptowallet-safety is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package was linked to a supply chain attack and contained code designed to steal developer secrets, crypto wallets, SSH keys, and cloud...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/23 1:44 p.m.12 views

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow in the PathSwitchRequest process. An attacker can cause memory corruption by sending specially crafted requests remotely to the affected component. Remediation Upgrade github.com/omec-project/amf/nas/nassecurity to versi...

6.5CVSS6.6AI score0.00228EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/23 1:44 p.m.12 views

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow in the PathSwitchRequest process. An attacker can cause memory corruption by sending specially crafted requests remotely to the affected component. Remediation Upgrade github.com/omec-project/amf/util to version 2.2.0 or...

6.5CVSS6.6AI score0.00228EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/23 1:44 p.m.12 views

Out-of-Bounds

Overview Affected versions of this package are vulnerable to Out-of-Bounds in the PDUSessionResourceModifyIndication function of the file handler.go. An attacker can cause memory corruption by sending specially crafted requests to the affected process. Remediation Upgrade...

6.5CVSS6.6AI score0.00228EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/23 1:44 p.m.12 views

Out-of-Bounds

Overview Affected versions of this package are vulnerable to Out-of-Bounds in the PDUSessionResourceModifyIndication function of the file handler.go. An attacker can cause memory corruption by sending specially crafted requests to the affected process. Remediation Upgrade...

6.5CVSS6.6AI score0.00228EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/23 1:42 p.m.12 views

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow in the NGSetupRequest process. An attacker can cause memory corruption and potentially compromise confidentiality, integrity, and availability by sending specially crafted requests remotely. Remediation Upgrade...

6.5CVSS6.6AI score0.00228EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/23 1:42 p.m.12 views

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow in the NGSetupRequest process. An attacker can cause memory corruption and potentially compromise confidentiality, integrity, and availability by sending specially crafted requests remotely. Remediation Upgrade...

6.5CVSS6.6AI score0.00228EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/22 9:0 p.m.12 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a remote code execution backdoor and an advanced credential stealer. A malicious actor exploited remapped historical tags to commit malicious commits, retroactively compromising over 700 versions of...

9.8CVSS6.5AI score
Exploits0References2
Snyk
Snyk
added 2026/05/22 9:0 p.m.12 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a remote code execution backdoor and an advanced credential stealer. A malicious actor exploited remapped historical tags to commit malicious commits, retroactively compromising over 700 versions of...

9.8CVSS6.5AI score
Exploits0References2
Snyk
Snyk
added 2026/05/22 6:28 p.m.12 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the NewNTUnicodeString function. An attacker can cause a truncated string rather than an error to be returned by convincing a user to access a filename of excessive length. Remediation Upgrade...

4.8CVSS5.8AI score0.00114EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/22 5:48 p.m.12 views

Always-Incorrect Control Flow Implementation

Overview Flask-Security is a Simple security for Flask apps. Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation in the OAuth reauthentication for stale sessions. An attacker can perform unauthorized account actions by completing OAuth verification wit...

7.6CVSS5.8AI score0.00035EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/22 5:42 p.m.12 views

Cross-site Scripting (XSS)

Overview golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the readStartTag function in the Tokenizer. An attacker can cause the execution of scripts in the context of the...

8.1CVSS5.7AI score0.00178EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/22 5:42 p.m.12 views

Inefficient Algorithmic Complexity

Overview golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in parse.go, when checking attributes iteratively. An attacker can cause excessive CPU consumption by providi...

7.5CVSS5.8AI score0.00248EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/22 4:42 p.m.12 views

Malicious Package

Overview polymarket-claude-code is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/22 3:47 p.m.12 views

LDAP Injection

Overview Affected versions of this package are vulnerable to LDAP Injection via the LdapCertificateRepo of the XKMS server. An attacker can retrieve arbitrary certificates from the repository by injecting crafted LDAP queries. Remediation Upgrade...

9.8CVSS5.9AI score0.00722EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/22 1:14 p.m.12 views

Improper Authentication

Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6CVSS5.8AI score0.00093EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/22 1:14 p.m.12 views

Information Exposure

Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.9CVSS5.8AI score0.00109EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/22 1:14 p.m.12 views

Information Exposure

Overview Magick.NET-Q16-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.9CVSS5.8AI score0.00109EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/22 1:11 p.m.12 views

Unsynchronized Access to Shared Data in a Multithreaded Context

Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

5.6CVSS5.8AI score0.00077EPSS
Exploits0References3
Total number of security vulnerabilities5000