Lucene search
K
SnykMost viewed

35353 matches found

Snyk
Snyk
added 2026/05/11 9:0 p.m.12 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS5.8AI score0.02342EPSS
Exploits3References2
Snyk
Snyk
added 2026/05/11 9:0 p.m.12 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS6AI score0.02342EPSS
Exploits3References2
Snyk
Snyk
added 2026/05/11 9:0 p.m.12 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS6AI score0.02342EPSS
Exploits3References2
Snyk
Snyk
added 2026/05/11 9:0 p.m.12 views

Embedded Malicious Code

Overview @opensearch-project/opensearch is a community-driven, open source fork of elasticsearch-js licensed under the Apache v2.0 License. For more information, see opensearch.org. Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/11 9:0 p.m.12 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS6AI score0.02342EPSS
Exploits3References2
Snyk
Snyk
added 2026/05/11 9:0 p.m.12 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS6AI score0.02342EPSS
Exploits3References2
Snyk
Snyk
added 2026/05/11 9:0 p.m.12 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS6AI score0.02342EPSS
Exploits3References2
Snyk
Snyk
added 2026/05/11 9:0 p.m.12 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS6AI score0.02342EPSS
Exploits3References2
Snyk
Snyk
added 2026/05/11 9:0 p.m.12 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS6AI score0.02342EPSS
Exploits3References2
Snyk
Snyk
added 2026/05/11 9:0 p.m.12 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/11 9:0 p.m.12 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS6AI score0.02342EPSS
Exploits3References2
Snyk
Snyk
added 2026/05/11 9:0 p.m.12 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS6AI score0.02342EPSS
Exploits3References2
Snyk
Snyk
added 2026/05/11 9:0 p.m.12 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS5.8AI score0.02342EPSS
Exploits3References2
Snyk
Snyk
added 2026/05/11 9:0 p.m.12 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS6AI score0.02342EPSS
Exploits3References2
Snyk
Snyk
added 2026/05/11 9:0 p.m.12 views

Embedded Malicious Code

Overview mistralai is a Mistral Python Client Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack...

9.8CVSS5.8AI score0.00276EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/11 9:0 p.m.12 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS6AI score0.02342EPSS
Exploits3References2
Snyk
Snyk
added 2026/05/11 9:0 p.m.12 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS5.8AI score0.02342EPSS
Exploits3References2
Snyk
Snyk
added 2026/05/11 9:0 p.m.12 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS6AI score0.02342EPSS
Exploits3References2
Snyk
Snyk
added 2026/05/11 7:40 p.m.12 views

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the filedownload.php process when the showinline=1 parameter and a valid fileshowinlinetoken CSRF token are provided. An attacker can execute arbitrary JavaScript co...

7.5CVSS5.8AI score0.00349EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/11 7:36 p.m.12 views

Infinite loop

Overview org.webjars.npm:mermaid is a package for generation of diagrams and flowcharts from text in a similar manner as markdown. Affected versions of this package are vulnerable to Infinite loop in the rendering process of Gantt charts when the excludes attribute is set to exclude all dates. An...

5.3CVSS5.8AI score0.00384EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/11 7:36 p.m.12 views

Arbitrary Code Injection

Overview org.webjars.npm:mermaid is a package for generation of diagrams and flowcharts from text in a similar manner as markdown. Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper sanitization of input passed to the addStyleClass function. An attacker c...

7.1CVSS5.7AI score0.00338EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/11 3:57 p.m.12 views

Cross-site Scripting (XSS)

Overview next is a react framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the CSP nonce headers. An attacker can inject malicious scripts into cached HTML responses by supplying malformed nonce values, which may then be executed in the browsers of...

4.7CVSS5.5AI score0.00222EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/11 3:54 p.m.12 views

Interpretation Conflict

Overview next is a react framework. Affected versions of this package are vulnerable to Interpretation Conflict via improper handling of shared cache entries for React Server Component responses. An attacker can cause unintended component payloads to be served to other users by manipulating share...

6.3CVSS5.8AI score0.0025EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/11 2:2 p.m.12 views

Insufficient Session Expiration

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Insufficient Session Expiration via misconfiguration of the CORSMiddleware module and improper session management. An attacker can gain unauthorized access and execute arbitrary code by enticing an...

8.9CVSS6.2AI score
Exploits0References2
Snyk
Snyk
added 2026/05/08 11:50 p.m.12 views

Directory Traversal

Overview SharpCompress is a compression library for NET Standard 2.0/2.1/NET 5.0 that can unrar, decompress 7zip, decompress xz, zip/unzip, tar/untar lzip/unlzip, bzip2/unbzip2 and gzip/ungzip with forward-only reading and file random access APIs. Affected versions of this package are vulnerable ...

6.5CVSS6.3AI score0.00313EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/08 10:52 p.m.12 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the RemoveAmfSubscriptionsInfoProcedure process. An attacker can cause the application to panic and disrupt service availability by sending a crafted DELETE request with a nonexistent subsId after creating a...

6.5CVSS5.8AI score0.0035EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/08 8:49 p.m.12 views

HTTP Response Splitting

Overview eventsource-encoder is an Encodes events as well-formed EventSource/Server Sent Event SSE messages Affected versions of this package are vulnerable to HTTP Response Splitting via unsanitized event and id fields in the encoding process. An attacker can inject arbitrary Server-Sent Events...

6.9CVSS6AI score0.00277EPSS
Exploits1References3
Snyk
Snyk
added 2026/05/08 8:36 p.m.12 views

Improper Neutralization of Special Elements Used in a Template Engine

Overview banks is an A prompt programming language Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the Prompt process. An attacker can execute arbitrary code on the host system by supplying specially crafted template...

7.7CVSS6.2AI score0.00539EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/08 8:3 p.m.12 views

Missing Authorization

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization in the getsourcesfromitems process. An attacker can access unauthorized file and knowledge base content by supplying known file or knowledge base identifiers to the chat completion API,...

7.1CVSS5.8AI score0.00366EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/08 7:9 p.m.12 views

Server-side Request Forgery (SSRF)

Overview bugsink is a Self-hosted Error Tracking Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the validatewebhookurl process. An attacker can cause the application to send outbound HTTP POST requests to unintended hosts, including internal or...

5.3CVSS5.8AI score0.00286EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/08 5:39 p.m.12 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration due to the failure to revoke existing refresh tokens in the auth.refreshtokens and auth.oauth2refreshtokens tables after a password change. An attacker can maintain unauthorized access to a user's account...

4.2CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/08 5:31 p.m.12 views

Directory Traversal

Overview potato-annotation is an A flexible, stand-alone, web-based platform for text annotation tasks Affected versions of this package are vulnerable to Directory Traversal via the validatepathsecurity function. An attacker can gain unauthorized access to files outside the intended project...

5.1CVSS6.3AI score
Exploits0References2
Snyk
Snyk
added 2026/05/08 4:22 p.m.12 views

Improper Isolation or Compartmentalization

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization through the setupSandboxScript bootstrap in lib/vm.js and lib/setup-sandbox.js. An attacke...

6.9CVSS5.9AI score0.00248EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/08 9:25 a.m.12 views

Always-Incorrect Control Flow Implementation

Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation in the EqualsUri function. An attacker can cause incorrect URI comparisons by supplying specially crafted input values. Remediation Upgrade uriparser to version 1.0.2 or higher. References -...

5.3CVSS5.3AI score0.00211EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/07 9:16 p.m.12 views

Exposure of Private Personal Information to an Unauthorized Actor

Overview Affected versions of this package are vulnerable to Exposure of Private Personal Information to an Unauthorized Actor via the Email field in the Comment model exposed through unauthenticated public API endpoints. An attacker can obtain the email addresses of all guest commenters by makin...

6.9CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/07 7:21 p.m.12 views

Infinite loop

Overview std/net/http is a Go standard library package std/net/http Affected versions of this package are vulnerable to Infinite loop. Go Vulnerability Report: When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

8.7CVSS5.8AI score0.00781EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/07 2:13 a.m.12 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration in the admin session cookie handling process. An attacker can maintain unauthorized access to administrative functionality by reusing a valid session cookie after a user logs out, until the cookie expires...

9.1CVSS5.8AI score0.00197EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/07 1:15 a.m.12 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the downloadFrom and webhook processes. An attacker can access internal network resources and potentially exfiltrate sensitive information or interact with internal-only services by supplying special...

9.4CVSS5.8AI score0.00352EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/07 12:57 a.m.12 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the FilterOutboundURL process. An attacker can access internal network resources and retrieve sensitive information by exploiting DNS rebinding to bypass outbound URL filtering. This is only...

6.9CVSS5.8AI score0.00186EPSS
Exploits1References3
Snyk
Snyk
added 2026/05/07 12:22 a.m.12 views

HTTP Request Smuggling

Overview io.netty:netty-codec-http is a network application framework for rapid development of maintainable high performance protocol servers & clients. Affected versions of this package are vulnerable to HTTP Request Smuggling when parsed HTTP requests contain malformed Transfer-Encoding headers...

8.7CVSS5.8AI score0.00248EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/07 12:7 a.m.12 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the REST layer when processing malformed HTTP requests. An attacker can gain unauthorized access to restricted API endpoints by crafting specially formed HTTP requests. This is only exploitable if custom plugi...

6.3CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/07 12:3 a.m.12 views

Information Exposure

Overview weblate is an A web-based continuous localization system with tight version control integration Affected versions of this package are vulnerable to Information Exposure in the Screenshot API, tasks API, and component link API. An attacker can access private translation data by enumeratin...

5.3CVSS5.8AI score0.00288EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/06 11:43 p.m.12 views

Server-side Request Forgery (SSRF)

Overview PlaywrightCapture is an A simple library to capture websites using playwright Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the capture process. An attacker can access internal network resources or local files by supplying a crafted URL that...

8.7CVSS5.8AI score0.00319EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/06 11:2 p.m.12 views

Open Redirect

Overview nitro is a Build and Deploy Universal JavaScript Servers Affected versions of this package are vulnerable to Open Redirect via the routeRules function. An attacker can redirect users to arbitrary external sites by crafting URLs with double slashes after the route prefix, causing browsers...

6.1CVSS5.9AI score0.00237EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/06 11:1 p.m.12 views

Directory Traversal

Overview nitropack is a Build and Deploy Universal JavaScript Servers Affected versions of this package are vulnerable to Directory Traversal via the routeRules function. An attacker can access files or endpoints outside the intended proxy scope by sending specially crafted URLs containing...

6.9CVSS6.3AI score0.00392EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/06 10:8 p.m.12 views

Server-side Request Forgery (SSRF)

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to the validateurl function usage of urlparse that treats \ as regular character when extracting host...

9.8CVSS5.8AI score0.00378EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/06 9:35 p.m.12 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the SimplePdo::insert, SimplePdo::update, and SimplePdo::delete functions. An attacker can execute arbitrary SQL commands by supplying crafted array keys or table names that are directly concatenated into SQL statement...

8.8CVSS6.1AI score0.00396EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/06 9:19 p.m.12 views

Arbitrary File Upload

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Arbitrary File Upload via the blueprint-upload process. An attacker can gain full administrative access by uploading a crafted YAML file to th...

8.8CVSS5.9AI score0.00336EPSS
Exploits1References3
Snyk
Snyk
added 2026/05/06 8:54 p.m.12 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the forgot password process. An attacker can determine whether an email address is registered by submitting requests and analyzing the responses. Remediation Upgrade statamic/cms to version 5.73.21, 6.15.0 or...

6.9CVSS5.8AI score0.00206EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/06 8:47 p.m.12 views

Directory Traversal

Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Directory Traversal in the deleteClientFolder process. An attacker can delete arbitrary directories on the server by submitting a crafted URL containing...

7CVSS6.3AI score0.00266EPSS
Exploits0References2
Total number of security vulnerabilities5000