Lucene search
K
SnykMost viewed

35340 matches found

Snyk
Snyk
added 2026/05/18 8:33 p.m.11 views

Uncontrolled Recursion

Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.5CVSS5.8AI score0.00441EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/18 8:33 p.m.11 views

Uncontrolled Recursion

Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

7.5CVSS5.8AI score0.00441EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/18 8:33 p.m.11 views

Uncontrolled Recursion

Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...

7.5CVSS5.8AI score0.00441EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/18 8:33 p.m.11 views

Improper Validation of Array Index

Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

5.1CVSS5.8AI score0.0012EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/18 8:33 p.m.11 views

Improper Validation of Array Index

Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

5.1CVSS5.8AI score0.0012EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/18 8:33 p.m.11 views

Improper Validation of Array Index

Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

5.1CVSS5.8AI score0.0012EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/18 8:23 p.m.11 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in the FHIRPathEngine. An attacker can exhaust system resources and cause service disruption by submitting specially crafted regular...

8.7CVSS5.8AI score0.00086EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 7:10 p.m.11 views

Infinite loop

Overview Microsoft.AspNetCore.App.Runtime.win-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the FormDataReader.ProcessFormKeys...

8.7CVSS5.8AI score0.0243EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 7:10 p.m.11 views

Infinite loop

Overview Microsoft.AspNetCore.App.Runtime.osx-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the FormDataReader.ProcessFormKeys...

8.7CVSS5.8AI score0.0243EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 7:10 p.m.11 views

Infinite loop

Overview Microsoft.AspNetCore.App.Runtime.linux-musl-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the...

8.7CVSS5.8AI score0.0243EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 5:53 p.m.11 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the PSD decoder due to a missing check for the list-length resource policy. An attacker can cause excessive resource consumption by providing a specially crafted PSD image that...

7.5CVSS5.8AI score0.00495EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 5:53 p.m.11 views

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q16-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.5CVSS5.8AI score0.00495EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 5:53 p.m.11 views

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q16-HDRI-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

7.5CVSS5.8AI score0.00495EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 5:48 p.m.11 views

Off-by-one Error

Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

6.9CVSS5.8AI score0.0024EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/18 5:48 p.m.11 views

Off-by-one Error

Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

6.9CVSS5.8AI score0.0024EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/18 5:48 p.m.11 views

Improper Validation of Array Index

Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

7.1CVSS5.9AI score0.00122EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/18 5:48 p.m.11 views

Improper Validation of Array Index

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

7.1CVSS5.9AI score0.00122EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/18 5:48 p.m.11 views

Improper Validation of Array Index

Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.1CVSS5.9AI score0.00122EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/18 5:40 p.m.11 views

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.npm:multiparty is a multipart/form-data parser which supports streaming Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the Content-Disposition filename parameter parsing. An attacker can cause excessive resource consumption...

8.7CVSS5.8AI score0.00335EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 5:27 p.m.11 views

Use of a Broken or Risky Cryptographic Algorithm

Overview sulu/sulu is a highly extensible open-source PHP content management system based on the Symfony framework. Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to the use of a weak cryptographical hash algorithm in the User.php and...

6.9CVSS5.8AI score0.00193EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 5:7 p.m.11 views

Prototype Pollution

Overview @tmlmobilidade/utils is an A collection of utility functions and helpers for the TML Mobilidade Go monorepo, providing common functionality for batching operations, caching, HTTP requests, object manipulation, permissions, and more. Affected versions of this package are vulnerable to...

8.8CVSS6.4AI score0.00055EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 4:22 p.m.11 views

Allocation of Resources Without Limits or Throttling

Overview brace-expansion is a Brace expansion as known from sh/bash Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the max option being applied after generating all elements in a large numeric range. An attacker can exhaust system...

8.7CVSS5.8AI score0.00278EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 3:32 p.m.11 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Glide process. An attacker can cause the server to initiate HTTP requests to internal network addresses, potentially exposing sensitive internal resources, by supplying specially crafted URLs tha...

6.3CVSS5.8AI score0.00151EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 3:31 p.m.11 views

Integer Underflow (Wrap or Wraparound)

Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

5.1CVSS5.8AI score0.0012EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/18 3:31 p.m.11 views

Integer Underflow (Wrap or Wraparound)

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

5.1CVSS5.8AI score0.0012EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/18 3:31 p.m.11 views

Integer Underflow (Wrap or Wraparound)

Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

5.1CVSS5.8AI score0.0012EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/18 1:29 p.m.11 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via unvalidated URL processing in the OAuth2 dynamic client registration process. An attacker can access internal network resources or sensitive information by supplying malicious URLs to be fetched by t...

7.2CVSS5.2AI score0.00198EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 11:47 a.m.11 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the Slack import process. An attacker can gain unauthorized access to user accounts by obtaining disclosed passwords and impersonating users. Remediation Upgrade...

8.5CVSS5.8AI score0.00231EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 9:10 a.m.11 views

Malicious Package

Overview parse-regex-string is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/17 9:0 p.m.11 views

Malicious Package

Overview @deadcode09284814/axios-util is a malicious package. This package contains malicious code that includes infostealer malware, one of which is a Shai-Hulud clone following the TeamPCP open source release, and one DDoS botnet package. While this package might be attempting to impersonate a...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/15 6:35 p.m.11 views

Server-side Request Forgery (SSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the isSSRFSafeURL process. An attacker can access internal network resources or sensitive information by exploiting DNS rebindi...

8.3CVSS5.8AI score0.00136EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/15 6:33 p.m.11 views

Cross-site Scripting (XSS)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Scripting XSS in the rendering of the modeYoutubeLive.php template, where user-supplied input is echoed directly into an HTML class attribute without...

5.4CVSS5.8AI score0.00136EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/15 6:32 p.m.11 views

Command Injection

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Command Injection via improper handling of user-supplied input in the onpublish.php process. An attacker can execute arbitrary operating system commands by injecti...

8.8CVSS6AI score0.00318EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/15 10:43 a.m.11 views

Malicious Package

Overview jenkins-forge-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/15 10:43 a.m.11 views

Malicious Package

Overview babel-6-compatibility is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/15 10:40 a.m.11 views

Malicious Package

Overview apple-infra-gcp-leak is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/15 10:40 a.m.11 views

Malicious Package

Overview apple-cloud-infrastructure-monitor is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/14 9:23 p.m.11 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the sgiinput.cpp process when handling SGI RLE image files. An attacker can cause a heap buffer overflow and crash the application by supplying a crafted .sgi file with an RLE count exceeding the scanline width...

8.4CVSS6AI score0.00126EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/14 9:0 p.m.11 views

Embedded Malicious Code

Overview node-ipc is an A nodejs module for local and remote Inter Process Communication IPC, Neural Networking, and able to facilitate machine learning. Affected versions of this package are vulnerable to Embedded Malicious Code that conceals an advanced credential-stealing infostealer. A...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/05/14 8:55 p.m.11 views

Server-side Request Forgery (SSRF)

Overview @utcp/http is a HTTP utilities for UTCP Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the OpenApiConverter process. An attacker can access internal network resources and sensitive metadata endpoints by supplying a malicious OpenAPI specification...

4.7CVSS5.8AI score0.00122EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/14 8:30 p.m.11 views

Use of Password Hash With Insufficient Computational Effort

Overview electerm is an open-sourced terminal/ssh/telnet/serialport/sftp client Affected versions of this package are vulnerable to Use of Password Hash With Insufficient Computational Effort due to the encrypt process. An attacker can compromise the confidentiality and integrity of synced bookma...

6CVSS5.8AI score0.00105EPSS
Exploits0References6
Snyk
Snyk
added 2026/05/14 8:28 p.m.11 views

Race Condition

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Race Condition through a race condition in the LDAP and OAuth authentication processes. An attacker can obtain administrative privileges by sending multiple concurrent authentication requests during the initi...

9.2CVSS5.8AI score0.00354EPSS
Exploits1References3
Snyk
Snyk
added 2026/05/14 8:28 p.m.11 views

Authorization Bypass Through User-Controlled Key

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the hasaccesstofile process. An attacker can permanently delete files owned by other users, as well as read or modify their contents, by leveraging access t...

8.6CVSS5.8AI score0.0027EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/14 8:27 p.m.11 views

Cross-site Scripting (XSS)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper sanitization order in the Banner component. An attacker can execute arbitrary JavaScript in the context of privileged users by injecting malicious payloads into the banne...

8.4CVSS5.9AI score0.00322EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/14 8:26 p.m.11 views

Authorization Bypass Through User-Controlled Key

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the retrieval process, specifically when validating access to knowledge base collections by UUID. An attacker can access, modify, or delete another user's...

7.7CVSS5.8AI score0.00331EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/14 8:16 p.m.11 views

Cross-site Scripting (XSS)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS via the HTML rendering view. An attacker can execute arbitrary HTML or JavaScript in the user's context by injecting malicious scripts into embedded file in the chat that later shared...

9.3CVSS5.9AI score0.00217EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/14 8:15 p.m.11 views

Cross-site Scripting (XSS)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the missing MIME-type validation of profileimageurl field. An attacker can execute arbitrary HTML or JavaScript in the context of user's browser by injecting malicious HTML or...

8.7CVSS5.9AI score0.00199EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/14 7:14 p.m.11 views

Double Free

Overview Affected versions of this package are vulnerable to Double Free in the computehashtosign function. An attacker can cause heap corruption and potentially crash the application by triggering a failure in EVPDigestFinal after memory has already been freed, leading to a second free operation...

2.5CVSS5.8AI score0.00096EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/14 4:23 p.m.11 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the ExtractTarGz process. An attacker can write arbitrary files to locations outside the intended extraction directory by submitting a crafted .tar.gz archive containing directory traversal sequences. This is only...

7CVSS6.3AI score0.00606EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/14 4:16 p.m.11 views

Command Injection

Overview @apostrophecms/cli is a Commandline generator and configurator for Apostrophe CMS Affected versions of this package are vulnerable to Command Injection via the apos create command when user-supplied input from the password prompt is embedded directly into a shell command without proper...

6.3CVSS6.1AI score0.00428EPSS
Exploits0References2
Total number of security vulnerabilities5000