Lucene search
+L
SnykMost viewed

36343 matches found

Snyk
Snyk
added 2026/03/17 12:46 p.m.12 views

Exposure of Resource to Wrong Sphere

Overview apache-airflow-providers-fab is a Provider package apache-airflow-providers-fab for Apache Airflow Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere due to improper handling of the session token cookie path. An attacker can gain unauthorized access ...

9.3CVSS5.8AI score0.00677EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/16 4:37 p.m.12 views

Authorization Bypass Through User-Controlled Key

Overview effectify is an Utility library that bridges Effect-ts with various utilities and projects, such as Astro! Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the getUsers process. An attacker can access sensitive owner account...

5.1CVSS5.8AI score0.00375EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/16 2:49 p.m.12 views

Malicious Package

Overview n8n-nodes-csv-parse is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/03/16 12:39 a.m.12 views

Malicious Package

Overview es-lint-builder is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/03/13 6:55 p.m.12 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal through a discrepancy in path normalization between protocol handlers and internal routing. An attacker can bypass folder-level permissions or escape the boundaries of a configured virtual folder by crafting specific...

8.1CVSS6.3AI score0.00521EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/12 10:39 p.m.12 views

Stack-based Buffer Overflow

Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.7CVSS5.8AI score0.00096EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/12 8:41 p.m.12 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the parse function due to using a recursive revive phase to resolve circular references in deserialized JSON. An attacker can cause a stack overflow and crash the process by supplying a crafted payload with...

8.7CVSS5.9AI score0.00807EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/12 4:23 p.m.12 views

Malicious Package

Overview add-react-displayname is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior Th...

9.8CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/03/12 4:23 p.m.12 views

Malicious Package

Overview transform-minify-booleans is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavio...

9.8CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/03/12 2:12 p.m.12 views

Access of Uninitialized Pointer

Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.7CVSS5.8AI score0.00353EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/12 2:9 p.m.12 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the MSL decoder. An attacker can cause the application to access freed memory by submitting a malicious MSL file. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Commit...

7.5CVSS5.8AI score0.00243EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/12 2:9 p.m.12 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

8.2CVSS5.8AI score0.00113EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/12 2:9 p.m.12 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

8.2CVSS5.8AI score0.00113EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/12 2:8 p.m.12 views

Integer Overflow or Wraparound

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

8.3CVSS5.9AI score0.00194EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/09 9:38 p.m.12 views

Use After Free

Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

5.5CVSS5.8AI score0.00193EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/09 9:38 p.m.12 views

Use After Free

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

5.5CVSS5.8AI score0.00193EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/06 7:14 a.m.12 views

Malicious Package

Overview gbc-viewer is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/03/06 7:14 a.m.12 views

Malicious Package

Overview vue-cli-plugin-changelog is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/03/03 9:6 p.m.12 views

Template Injection

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Template Injection via the map filter in Twig templates when processing text fields that accept Twig input in the control panel settings or through the System Messages utility. An attacker ca...

8.6CVSS6.1AI score0.00514EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/03 8:30 p.m.12 views

Template Injection

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Template Injection via the create function. An attacker can execute arbitrary code on the server by supplying a crafted payload that instantiates dangerous classes, such as...

7.5CVSS6.2AI score0.00556EPSS
Exploits1References4
Snyk
Snyk
added 2026/03/02 9:40 p.m.12 views

Replay Attack

Overview @oneuptime/common is a The OneUptime Common UI Library is a collection of shared components, utilities that are used across the OneUptime platform. It is designed to be easy to install and use, and to be extensible. This library is built with React and TypeScript. It includes c Affected...

9CVSS6AI score0.00276EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/25 7:12 p.m.12 views

Improper Encoding or Escaping of Output

Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.9CVSS6.2AI score
Exploits0References3
Snyk
Snyk
added 2026/02/18 10:38 p.m.12 views

Regular Expression Denial of Service (ReDoS)

Overview minimatch is a minimal matching utility. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the AST class, caused by catastrophic backtracking when an input string contains many characters in a row, followed by an unmatched character. Detail...

8.7CVSS5.5AI score0.00519EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/18 9:4 p.m.12 views

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the uploadTemplate.do component. An attacker can upload arbitrary files by sending crafted requests to the affected endpoint. Remediation There is no fixed version for net.mingsoft:ms-mcms. References - GitHub...

7.2CVSS5.2AI score0.00362EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/05 5:23 p.m.12 views

Improper Certificate Validation

Overview std/crypto/tls is a Go standard library package std/crypto/tls Affected versions of this package are vulnerable to Improper Certificate Validation. Go Vulnerability Report: During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated betwe...

10CVSS8.4AI score0.00765EPSS
Exploits1References4
Snyk
Snyk
added 2026/01/28 7:8 p.m.12 views

Allocation of Resources Without Limits or Throttling

Overview std/net/url is a Go standard library package std/net/url Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: The net/url package does not set a limit on the number of query parameters in a query. While the...

8.7CVSS7.3AI score0.01945EPSS
Exploits0References3
Snyk
Snyk
added 2026/01/28 4:33 p.m.12 views

Malicious Package

Overview evocateurlibpnpmpublish is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/01/28 4:33 p.m.12 views

Malicious Package

Overview easy-transify is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/01/28 4:33 p.m.12 views

Malicious Package

Overview acribus-core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/01/28 4:33 p.m.12 views

Malicious Package

Overview cassadasdasdasdwad is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/01/28 4:33 p.m.12 views

Malicious Package

Overview api-cache-worker is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/01/28 4:33 p.m.12 views

Malicious Package

Overview bytes-guide is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/01/28 4:33 p.m.12 views

Malicious Package

Overview @douinfe/semi-illustrations is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/01/21 1:6 a.m.12 views

Release of Invalid Pointer or Reference

Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.3CVSS5.6AI score
Exploits0References2
Snyk
Snyk
added 2026/01/16 1:53 p.m.12 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the LivewireFilemanagerComponent.php process due to missing file type and MIME validation. An attacker can execute arbitrary code by uploading a malicious PHP file and accessing it via the /storage/ URL. This...

9.8CVSS6.6AI score0.00571EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/13 9:51 p.m.12 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview quill is a modern rich text editor built for compatibility and extensibility. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' due to the improper sanitazation in the getHTML function. An...

5.1CVSS7.1AI score0.00221EPSS
Exploits1References2
Snyk
Snyk
added 2025/12/16 10:32 p.m.12 views

Malicious Package

Overview mona-speedy-components is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2025/12/16 10:32 p.m.12 views

Malicious Package

Overview semi-adimation is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2025/12/11 10:36 p.m.12 views

Deserialization of Untrusted Data

Overview react-server-dom-turbopack is a React Server Components bindings for DOM using Turbopack. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to unsaf...

8.7CVSS6.7AI score0.65592EPSS
Exploits13References2
Snyk
Snyk
added 2025/12/11 8:43 p.m.12 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview next is a react framework. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere. An attacker can access the source code of any Server Function by sending a malicious HTTP request to a vulnerable Server Function...

7.5CVSS7AI score0.65592EPSS
Exploits13References2
Snyk
Snyk
added 2025/12/09 6:43 p.m.12 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the Trainer component. An attacker can execute arbitrary code, cause denial of service, disclose sensitive information, or tamper with data by providing specially crafted serialized input. Details...

8.8CVSS7.2AI score0.00561EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/28 4:39 p.m.12 views

Out-of-bounds Read

Overview net.jpountz.lz4:lz4 is a package for LZ4 compression for Java Affected versions of this package are vulnerable to Out-of-bounds Read due to the use of the insecure LZ4decompressfast in the underlying lz4 library, which lacks bounds checks. An attacker can cause denial of service or acces...

8.8CVSS6.6AI score0.00661EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/01 6:37 a.m.12 views

Eval Injection

Overview litdb is an A literature database tool with GPT integration. Affected versions of this package are vulnerable to Eval Injection via the parseschemadsl function in the extract.py file, which unsafely uses the eval function. This allows an attacker to execute arbitrary Python code on the...

9.8CVSS8AI score
Exploits0References3
Snyk
Snyk
added 2025/10/22 7:46 p.m.12 views

Unverified Ownership

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Unverified Ownership via the JWT authentication process. An attacker can gain unauthorized access to protected resources by presenting a valid token intended for a different audience when...

9.3CVSS7.2AI score0.0035EPSS
Exploits1References2
Snyk
Snyk
added 2025/10/15 5:39 p.m.12 views

Inadequate Encryption Strength

Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength via the SMTP process. An attacker can intercept sensitive information by performing a man-in-the-middle attack that prevents the use of TLS, causing data to be sent over an unencrypted connection...

8.2CVSS6.6AI score0.00671EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/15 4:46 p.m.12 views

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via insufficient input validation in the DefaultSmtpRequest process. An attacker can inject arbitrary SMTP commands by supplying malicious parameters containing CRLF sequences, allowing the sending of forged emails that...

6.9CVSS7.1AI score0.01594EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/14 8:32 p.m.12 views

HTTP Request Smuggling

Overview Microsoft.AspNetCore.Server.Kestrel.Core is a core components of ASP.NET Core Kestrel cross-platform web server. Affected versions of this package are vulnerable to HTTP Request Smuggling via the interpretation of chunked HTTP requests. An attacker can bypass security restrictions and...

9.9CVSS9.1AI score0.65838EPSS
Exploits5References2
Snyk
Snyk
added 2025/10/07 2:43 p.m.12 views

Cross-site Scripting (XSS)

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper neutralisation of input during web page generation. An attacker can execute arbitrary...

8.7CVSS5.5AI score0.00223EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/13 9:52 a.m.12 views

Allocation of Resources Without Limits or Throttling

Overview org.bouncycastle:bcprov-ext-jdk15to18 is a Java implementation of cryptographic algorithms. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper processing of large name constraint structures in PKIXCertPathReviewer. An...

6.3CVSS6.8AI score0.00461EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/12 9:40 a.m.12 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ASN1ObjectIdentifier. An attacker can cause excessive resource consumption by submitting specially crafted ASN.1 Object Identifiers, potentially leading to service disruption...

6.3CVSS6.9AI score0.00541EPSS
Exploits0References2
Total number of security vulnerabilities5000