Lucene search
K
SnykMost viewed

35345 matches found

Snyk
Snyk
•added 2026/05/25 8:15 a.m.•11 views

Malicious Package

Overview apple-internal-security-audit-v99 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/25 8:15 a.m.•11 views

Malicious Package

Overview apple-appstore-full-library-utility is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization an...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/25 8:15 a.m.•11 views

Malicious Package

Overview apple-app-store-server-library-v3 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/25 8:13 a.m.•11 views

Malicious Package

Overview flownodelp5 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/25 8:11 a.m.•11 views

Malicious Package

Overview nba-blocker-plugin is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/25 8:9 a.m.•11 views

Malicious Package

Overview wm-plugin-open-teach-me-after-deployable-played is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/25 8:9 a.m.•11 views

Malicious Package

Overview wm-plugin-teach-me-widget is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/24 8:47 p.m.•11 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key because the create and edit flows do not restrict which user properties may be submitted and do not enforce access control on the frontend user group assignment. As a result, an attacker...

6.9CVSS5.9AI score0.00352EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/24 3:36 p.m.•11 views

Malicious Package

Overview async-pipeline-builder is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/24 3:36 p.m.•11 views

Malicious Package

Overview model-switch-router is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/24 3:36 p.m.•11 views

Malicious Package

Overview build-scripts-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/24 11:47 a.m.•11 views

Use of a One-Way Hash with a Predictable Salt

Overview Affected versions of this package are vulnerable to Use of a One-Way Hash with a Predictable Salt in the getSecretKeySaltGenerator function of the Password Hash Handler component. An attacker can compromise the confidentiality of hashed secrets by exploiting the use of a predictable salt...

6.3CVSS5.8AI score0.00202EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/23 3:46 p.m.•11 views

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow via the NGReset Message Handler process. An attacker can cause memory corruption and potentially impact confidentiality, integrity, and availability by sending specially crafted messages remotely. Remediation Upgrade...

6.5CVSS6.6AI score0.00228EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/23 1:44 p.m.•11 views

Out-of-Bounds

Overview Affected versions of this package are vulnerable to Out-of-Bounds in the PDUSessionResourceModifyIndication function of the file handler.go. An attacker can cause memory corruption by sending specially crafted requests to the affected process. Remediation Upgrade...

6.5CVSS6.6AI score0.00228EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/22 5:48 p.m.•11 views

Always-Incorrect Control Flow Implementation

Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation in the OAuth reauthentication for stale sessions. An attacker can perform unauthorized account actions by completing OAuth verification with their own identity in a stale, authenticated victi...

7.6CVSS5.8AI score0.00035EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/22 5:42 p.m.•11 views

Inefficient Algorithmic Complexity

Overview golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in parse.go, when checking attributes iteratively. An attacker can cause excessive CPU consumption by providi...

7.5CVSS5.8AI score0.00248EPSS
Exploits0References3
Snyk
Snyk
•added 2026/05/22 4:42 p.m.•11 views

Malicious Package

Overview polymarket-trade is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/22 3:58 p.m.•11 views

Malicious Package

Overview terminal-logger-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/22 1:44 p.m.•11 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the API response process. An attacker can access sensitive information about team member roles by invoking various team API endpoints without having elevated permissions. Remediation Upgrade...

5.3CVSS5.8AI score0.00184EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/22 1:44 p.m.•11 views

Incorrect Authorization

Overview github.com/mattermost/mattermost/server/v8/channels/api4 is a platform for secure collaboration across the entire software development lifecycle Affected versions of this package are vulnerable to Incorrect Authorization via the API response process. An attacker can access sensitive...

5.3CVSS5.8AI score0.00184EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/22 1:44 p.m.•11 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to missing request body size limits on plugin HTTP endpoints. An attacker can exhaust system resources by sending crafted oversized HTTP requests. Remediation Upgrade...

7.5CVSS5.8AI score0.00254EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/22 1:44 p.m.•11 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the WebSocket process. An attacker can cause the server to crash and disrupt service availability for all users by sending a specially crafted binary WebSocket message to the public endpoin...

8.7CVSS5.8AI score0.00327EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/22 1:14 p.m.•11 views

Improper Authentication

Overview Magick.NET-Q16-HDRI-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6CVSS5.8AI score0.00093EPSS
Exploits0References3
Snyk
Snyk
•added 2026/05/22 1:14 p.m.•11 views

Information Exposure

Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

6.9CVSS5.8AI score0.00109EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/22 1:14 p.m.•11 views

Information Exposure

Overview Magick.NET-Q16-HDRI-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.9CVSS5.8AI score0.00109EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/22 1:14 p.m.•11 views

Information Exposure

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.9CVSS5.8AI score0.00109EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/22 1:14 p.m.•11 views

Information Exposure

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

6.9CVSS5.8AI score0.00109EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/22 1:11 p.m.•11 views

Unsynchronized Access to Shared Data in a Multithreaded Context

Overview Magick.NET-Q16-HDRI-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

5.6CVSS5.8AI score0.00077EPSS
Exploits0References3
Snyk
Snyk
•added 2026/05/22 1:11 p.m.•11 views

Unsynchronized Access to Shared Data in a Multithreaded Context

Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

5.6CVSS5.8AI score0.00077EPSS
Exploits0References3
Snyk
Snyk
•added 2026/05/22 1:11 p.m.•11 views

Unsynchronized Access to Shared Data in a Multithreaded Context

Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

5.6CVSS5.8AI score0.00077EPSS
Exploits0References3
Snyk
Snyk
•added 2026/05/22 1:10 p.m.•11 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-HDRI-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.3CVSS5.9AI score0.00092EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/22 1:10 p.m.•11 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.3CVSS5.9AI score0.00092EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/22 1:10 p.m.•11 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.3CVSS5.9AI score0.00092EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/22 5:32 a.m.•11 views

Missing Release of Resource after Effective Lifetime

Overview github.com/golang/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime through the repeated opening of channels by an authenticated SSH client that are subsequently rejected by the server. An attack...

7.1CVSS5.8AI score0.00196EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/22 2:43 a.m.•11 views

Malicious Package

Overview deployment-key-auditor is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/22 2:43 a.m.•11 views

Malicious Package

Overview chain-key-validator is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/22 2:43 a.m.•11 views

Malicious Package

Overview build-integrity-verify is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/22 2:42 a.m.•11 views

Malicious Package

Overview foundy-toolkit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/21 9:49 p.m.•11 views

Insecure Randomness

Overview Affected versions of this package are vulnerable to Insecure Randomness via the PasskeyEncipherImage function. An attacker can access sensitive information by exploiting AES-CTR nonce reuse during encryption. Remediation A fix was pushed into the master branch but not yet published...

6.3CVSS5.8AI score0.00229EPSS
Exploits0References3
Snyk
Snyk
•added 2026/05/21 9:42 p.m.•11 views

Off-by-one Error

Overview Magick.NET-Q16-HDRI-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.9CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/21 9:42 p.m.•11 views

Off-by-one Error

Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

6.9CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/21 9:30 p.m.•11 views

Cross-site Request Forgery (CSRF)

Overview concrete5/concrete5 is a concrete5 open source CMS. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the doupdate process. An attacker can cause an authenticated administrator to unintentionally trigger a package upgrade by enticing them to visit a...

8.8CVSS5.8AI score0.00122EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/21 9:27 p.m.•11 views

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the htmltomarkdown, markdowntohtml, and inlinecss filters due to incorrect declaration of output safety. An attacker can inject unescaped HTML or script content by supplying specially crafted...

6.1CVSS5.8AI score0.0006EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/21 8:38 p.m.•11 views

Allocation of Resources Without Limits or Throttling

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the AttachmentsService upload-by-URL path in the attachment handling code. An attacker can exhaust storage or processing resources by providing a remote fil...

5.3CVSS5.8AI score0.0024EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/21 8:34 p.m.•11 views

Server-side Request Forgery (SSRF)

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the sendMessage methods in the Discord, Mattermost, Slack, and Teams webhook adapters. An attacker can make the server send requests to attacker-controlled URLs by supplying a...

6.4CVSS5.9AI score0.00176EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/21 3:35 p.m.•11 views

Malicious Package

Overview json-spectaculation is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/21 2:41 p.m.•11 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection due to the extension failing to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of...

8.2CVSS6AI score0.00386EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/21 1:56 p.m.•11 views

Externally Controlled Reference to a Resource in Another Sphere

Overview Affected versions of this package are vulnerable to Externally Controlled Reference to a Resource in Another Sphere via the Build resource creation. An attacker can gain unauthorized control over pod generation in arbitrary Kubernetes namespaces, including the operator namespace, by...

8.6CVSS5.9AI score0.00325EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/20 5:48 p.m.•11 views

Improper Validation of Specified Index, Position, or Offset in Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Index, Position, or Offset in Input via the legacy GridFS file reader API. An attacker can cause a crash or leak process memory contents by supplying crafted documents with malformed file metadata to the...

6CVSS5.8AI score0.00281EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/20 3:46 p.m.•11 views

Missing Authorization

Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Missing Authorization in the overwritePassword process. An attacker can gain unauthorized access to higher-privileged accounts, including full...

8.8CVSS5.8AI score0.00303EPSS
Exploits0References5
Total number of security vulnerabilities5000